From 50e0c39fc9b8e0ae493f42a3046db5e70f8ea044 Mon Sep 17 00:00:00 2001
From: Zoltan Fridrich <zfridric@redhat.com>
Date: Fri, 27 Jan 2023 15:03:53 +0100
Subject: Indent code

Co-authored-by: Simon Josefsson <simon@josefsson.org>
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---
 src/benchmark-cipher.c |  31 ++-
 src/benchmark-tls.c    | 250 ++++++++---------
 src/benchmark.c        |  21 +-
 src/benchmark.h        |  38 +--
 src/certtool-cfg.c     | 742 +++++++++++++++++++++++++++----------------------
 src/certtool-cfg.h     |  18 +-
 src/certtool-common.c  | 227 ++++++++-------
 src/certtool-common.h  |  85 +++---
 src/certtool-extras.c  |  18 +-
 src/certtool.c         | 652 +++++++++++++++++++++++--------------------
 src/cfg.c              |  55 ++--
 src/cfg.h              |   4 +-
 src/cli-debug.c        |  83 ++++--
 src/cli.c              | 444 +++++++++++++++--------------
 src/common.c           | 332 +++++++++++-----------
 src/common.h           | 107 +++----
 src/danetool.c         | 116 ++++----
 src/inline_cmds.h      |   9 +-
 src/ocsptool-common.c  |  74 ++---
 src/ocsptool-common.h  |  13 +-
 src/ocsptool.c         |  91 +++---
 src/p11tool.c          |  42 ++-
 src/p11tool.h          |  37 ++-
 src/pkcs11.c           | 498 +++++++++++++++++++--------------
 src/psk.c              |  64 +++--
 src/serv.c             | 491 ++++++++++++++++----------------
 src/socket.c           | 162 ++++++-----
 src/socket.h           |  39 ++-
 src/srptool.c          |  51 ++--
 src/systemkey.c        |  17 +-
 src/tests.c            | 181 ++++++------
 src/tests.h            |  10 +-
 src/tpmtool.c          |  33 ++-
 src/udp-serv.c         |  68 +++--
 src/udp-serv.h         |   6 +-
 35 files changed, 2719 insertions(+), 2390 deletions(-)

(limited to 'src')

diff --git a/src/benchmark-cipher.c b/src/benchmark-cipher.c
index 76a3cdc50a..31949e35f1 100644
--- a/src/benchmark-cipher.c
+++ b/src/benchmark-cipher.c
@@ -115,7 +115,7 @@ static void cipher_mac_bench(int algo, int mac_algo, int size)
 
 	stop_benchmark(&st, NULL, 1);
 
-      leave:
+ leave:
 	FREE(input);
 	FREE(output);
 	free(_key);
@@ -125,12 +125,12 @@ static void cipher_mac_bench(int algo, int mac_algo, int size)
 static void force_memcpy(void *dest, const void *src, size_t n)
 {
 	volatile unsigned volatile_zero = 0;
-	volatile char *vdest = (volatile char*)dest;
+	volatile char *vdest = (volatile char *)dest;
 
 	if (n > 0) {
 		do {
 			memcpy(dest, src, n);
-		} while(vdest[volatile_zero] != ((char*)src)[volatile_zero]);
+		} while (vdest[volatile_zero] != ((char *)src)[volatile_zero]);
 	}
 }
 
@@ -155,8 +155,8 @@ static void cipher_bench(int algo, int size, int aead)
 
 	/* For AES-XTS, the block and tweak key must be different */
 	if (algo == GNUTLS_CIPHER_AES_128_XTS ||
-		algo == GNUTLS_CIPHER_AES_256_XTS) {
-		memset((uint8_t *)_key + (keysize / 2), 0x0f, (keysize / 2));
+	    algo == GNUTLS_CIPHER_AES_256_XTS) {
+		memset((uint8_t *) _key + (keysize / 2), 0x0f, (keysize / 2));
 	}
 
 	_iv = malloc(ivsize);
@@ -177,7 +177,7 @@ static void cipher_bench(int algo, int size, int aead)
 	assert(gnutls_rnd(GNUTLS_RND_NONCE, &c, 1) >= 0);
 
 	ALLOCM(input, MAX_MEM);
-	ALLOCM(output, step+64);
+	ALLOCM(output, step + 64);
 	i = input;
 
 	start_benchmark(&st);
@@ -200,9 +200,10 @@ static void cipher_bench(int algo, int size, int aead)
 		}
 
 		do {
-			out_size = step+tag_size;
-			assert(gnutls_aead_cipher_encrypt(actx, iv.data, iv.size, NULL, 0, tag_size,
-				i, step, output, &out_size) >= 0);
+			out_size = step + tag_size;
+			assert(gnutls_aead_cipher_encrypt
+			       (actx, iv.data, iv.size, NULL, 0, tag_size, i,
+				step, output, &out_size) >= 0);
 			st.size += step;
 			INC(input, i, step);
 		}
@@ -229,7 +230,7 @@ static void cipher_bench(int algo, int size, int aead)
 
 	FREE(input);
 	FREE(output);
-      leave:
+ leave:
 	free(_key);
 	free(_iv);
 }
@@ -286,14 +287,14 @@ void benchmark_cipher(int debug_level)
 	cipher_bench(GNUTLS_CIPHER_AES_128_CCM, size, 1);
 	cipher_bench(GNUTLS_CIPHER_CHACHA20_POLY1305, size, 1);
 
-	printf("\nChecking cipher-MAC combinations, payload size: %u\n", size * 1024);
+	printf("\nChecking cipher-MAC combinations, payload size: %u\n",
+	       size * 1024);
 	cipher_mac_bench(GNUTLS_CIPHER_SALSA20_256, GNUTLS_MAC_SHA1, size);
 	cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, size);
-	cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256,
-			 size);
+	cipher_mac_bench(GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA256, size);
 #ifdef ENABLE_GOST
-	cipher_mac_bench(GNUTLS_CIPHER_GOST28147_TC26Z_CNT, GNUTLS_MAC_GOST28147_TC26Z_IMIT,
-			 size);
+	cipher_mac_bench(GNUTLS_CIPHER_GOST28147_TC26Z_CNT,
+			 GNUTLS_MAC_GOST28147_TC26Z_IMIT, size);
 #endif
 
 	printf("\nChecking MAC algorithms, payload size: %u\n", size * 1024);
diff --git a/src/benchmark-tls.c b/src/benchmark-tls.c
index 2c062a6ee7..d0e8c27dcb 100644
--- a/src/benchmark-tls.c
+++ b/src/benchmark-tls.c
@@ -21,7 +21,7 @@
  */
 
 #ifdef HAVE_CONFIG_H
-#include <config.h>
+# include <config.h>
 #endif
 
 #include <stdio.h>
@@ -52,7 +52,6 @@ const char *side = "";
 #define PRIO_RSA "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+RSA"
 #define PRIO_ECDH_RSA_PSS "NONE:+VERS-TLS1.3:+AES-128-GCM:+AEAD:+SIGN-RSA-PSS-SHA256:+COMP-NULL:+ECDHE-RSA:+CURVE-SECP256R1"
 
-
 #define PRIO_AES_CBC_SHA1 "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA"
 #define PRIO_TLS12_AES_GCM "NONE:+VERS-TLS1.2:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+RSA"
 #define PRIO_AES_GCM "NONE:+VERS-TLS1.3:+AES-128-GCM:+AEAD:+SIGN-ALL:+COMP-NULL:+GROUP-ALL"
@@ -66,34 +65,33 @@ const char *side = "";
 static const int rsa_bits = 3072, ec_bits = 256;
 
 static unsigned char server_rsa_pss_cert_pem[] =
-	"-----BEGIN CERTIFICATE-----\n"
-	"MIIErTCCAuWgAwIBAgIIWTZrqjOeCfIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgB\n"
-	"ZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASAwFzEVMBMGA1UE\n"
-	"AxMMcnNhLXBzcyBjZXJ0MCAXDTE3MDYwNjA4NDUzMVoYDzk5OTkxMjMxMjM1OTU5\n"
-	"WjAXMRUwEwYDVQQDEwxyc2EtcHNzIGNlcnQwggHSMD0GCSqGSIb3DQEBCjAwoA0w\n"
-	"CwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IB\n"
-	"jwAwggGKAoIBgQDswF+JIWGcyu+JfjTcM8UDRKaxOuLVY0SODV1uaXPB5ZW9nEX/\n"
-	"FFYIG+ldSKCyz5JF5ThrdvwqO+GVByuvETJdM7N4i8fzGHU8WIsj/CABAV+SaDT/\n"
-	"xb+h1ar9dIehKelBmXQADVFX+xvu9OM5Ft3P/wyO9gWWrR7e/MU/SVzWzMT69+5Y\n"
-	"oE4QkrYYCuEBtlVHDo2mmNWGSQ5tUVIWARgXbqsmj4voWkutE/CiT0+g6GQilMAR\n"
-	"kROElIhO5NH+u3/Lt2wRQO5tEP1JmSoqvrMOmF16txze8qMzvKg1Eafijv9DR4Nc\n"
-	"Cc6s8+g+CZbyODSdAybiyKsC7JCIrQjsnAjgPKKBLuZ1NTmu5liuXO05XsdcBoKD\n"
-	"bKNAQdJCz4uxfqTr4CGFgHQk48Nhmq01EGmpwAeA/BOCB5qsWzqURtMX8EVB1Zdo\n"
-	"3LD5Vwz18mm+ZdeLPlYy3L/FBpVPDbYoZlFgINUNCQvGgvzqGJAQrKR4w8X/Y6HH\n"
-	"9R8sv+U8kNtQI90CAwEAAaNrMGkwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALggls\n"
-	"b2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAd\n"
-	"BgNVHQ4EFgQU1TmyUrkZZn4yMf4asV5OKq8bZ1gwPQYJKoZIhvcNAQEKMDCgDTAL\n"
-	"BglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggGB\n"
-	"AGxMPB+Z6pgmWNRw5NjIJgnvJfdMWmQib0II5kdU9I1UybrVRUGpI6tFjIB/pRWU\n"
-	"SiD8wTZpxfTHkRHUn+Wyhh14XOg2Pdad5Ek2XU/QblL2k4kh1sHdOcCRFbDzP5k8\n"
-	"LKIzFcndgnKTRun5368H+NLcXRx/KAi7s9zi4swp9dPxRvNvp8HjQyVhdFi5pK6n\n"
-	"pN1Sw/QD22CE1fRVJ3OYxq4sqCEZANhRv6h/M3AcetGt4LR8ErwuzP1fdtuXeumw\n"
-	"T0deQ2hhSYZmbkk/S+qHA8as6J224ry7Zr5bhB9hr52yum9yC9SjFy0XEV/895jJ\n"
-	"0MDIM33DmPUdnn90Btt+Oq+bgZqTIolifSmcs0sPH10SuxDOnXwkbR44Wu9NbCzx\n"
-	"h3VzhlxAdgcnOYSmJnXKWXog4N1BPFrB4rFqXWFF0Avqs4euK81W4IQ4Sk7fYT7C\n"
-	"tyrDILPqBhN80Q9Me70y7KRsek6yFn4Jd0Lok6vetaeWtSW0929bhU49b1hkdSzt\n"
-	"kw==\n"
-	"-----END CERTIFICATE-----\n";
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIErTCCAuWgAwIBAgIIWTZrqjOeCfIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgB\n"
+    "ZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASAwFzEVMBMGA1UE\n"
+    "AxMMcnNhLXBzcyBjZXJ0MCAXDTE3MDYwNjA4NDUzMVoYDzk5OTkxMjMxMjM1OTU5\n"
+    "WjAXMRUwEwYDVQQDEwxyc2EtcHNzIGNlcnQwggHSMD0GCSqGSIb3DQEBCjAwoA0w\n"
+    "CwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IB\n"
+    "jwAwggGKAoIBgQDswF+JIWGcyu+JfjTcM8UDRKaxOuLVY0SODV1uaXPB5ZW9nEX/\n"
+    "FFYIG+ldSKCyz5JF5ThrdvwqO+GVByuvETJdM7N4i8fzGHU8WIsj/CABAV+SaDT/\n"
+    "xb+h1ar9dIehKelBmXQADVFX+xvu9OM5Ft3P/wyO9gWWrR7e/MU/SVzWzMT69+5Y\n"
+    "oE4QkrYYCuEBtlVHDo2mmNWGSQ5tUVIWARgXbqsmj4voWkutE/CiT0+g6GQilMAR\n"
+    "kROElIhO5NH+u3/Lt2wRQO5tEP1JmSoqvrMOmF16txze8qMzvKg1Eafijv9DR4Nc\n"
+    "Cc6s8+g+CZbyODSdAybiyKsC7JCIrQjsnAjgPKKBLuZ1NTmu5liuXO05XsdcBoKD\n"
+    "bKNAQdJCz4uxfqTr4CGFgHQk48Nhmq01EGmpwAeA/BOCB5qsWzqURtMX8EVB1Zdo\n"
+    "3LD5Vwz18mm+ZdeLPlYy3L/FBpVPDbYoZlFgINUNCQvGgvzqGJAQrKR4w8X/Y6HH\n"
+    "9R8sv+U8kNtQI90CAwEAAaNrMGkwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALggls\n"
+    "b2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAd\n"
+    "BgNVHQ4EFgQU1TmyUrkZZn4yMf4asV5OKq8bZ1gwPQYJKoZIhvcNAQEKMDCgDTAL\n"
+    "BglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggGB\n"
+    "AGxMPB+Z6pgmWNRw5NjIJgnvJfdMWmQib0II5kdU9I1UybrVRUGpI6tFjIB/pRWU\n"
+    "SiD8wTZpxfTHkRHUn+Wyhh14XOg2Pdad5Ek2XU/QblL2k4kh1sHdOcCRFbDzP5k8\n"
+    "LKIzFcndgnKTRun5368H+NLcXRx/KAi7s9zi4swp9dPxRvNvp8HjQyVhdFi5pK6n\n"
+    "pN1Sw/QD22CE1fRVJ3OYxq4sqCEZANhRv6h/M3AcetGt4LR8ErwuzP1fdtuXeumw\n"
+    "T0deQ2hhSYZmbkk/S+qHA8as6J224ry7Zr5bhB9hr52yum9yC9SjFy0XEV/895jJ\n"
+    "0MDIM33DmPUdnn90Btt+Oq+bgZqTIolifSmcs0sPH10SuxDOnXwkbR44Wu9NbCzx\n"
+    "h3VzhlxAdgcnOYSmJnXKWXog4N1BPFrB4rFqXWFF0Avqs4euK81W4IQ4Sk7fYT7C\n"
+    "tyrDILPqBhN80Q9Me70y7KRsek6yFn4Jd0Lok6vetaeWtSW0929bhU49b1hkdSzt\n"
+    "kw==\n" "-----END CERTIFICATE-----\n";
 
 static unsigned char server_cert_pem[] =
     "-----BEGIN CERTIFICATE-----\n"
@@ -119,8 +117,7 @@ static unsigned char server_cert_pem[] =
     "iD0a4cO2FPjjVt5ji+iaJTaXBEd9GHklKE6ZTZhj5az9ygQj1m6HZ2i3shWtG2ks\n"
     "AjgnGzsA8Wm/5X6YyR8UND41rS/lAc9yx8Az9Hqzfg8aOyvixYVPNKoTEPAMmypA\n"
     "oQT6g4b989lZFcjrwnLCrwz83jPD683p5IenCnRI5yhuFoQauy2tgHIbC1FRgs0C\n"
-    "dyiOeDh80u1fekMVjRztIAwavuwxI6XgRzPSHhWR\n"
-    "-----END CERTIFICATE-----\n";
+    "dyiOeDh80u1fekMVjRztIAwavuwxI6XgRzPSHhWR\n" "-----END CERTIFICATE-----\n";
 
 static unsigned char server_key_pem[] =
     "-----BEGIN RSA PRIVATE KEY-----\n"
@@ -167,8 +164,7 @@ static unsigned char server_ecc_key_pem[] =
     "-----BEGIN EC PRIVATE KEY-----\n"
     "MHgCAQEEIQDrAKCAbdMKPngHu4zdSQ2Pghob8PhyrbUpWAR8V07E+qAKBggqhkjO\n"
     "PQMBB6FEA0IABDfo4YLPkO4pBpQamtObIV3J6l92vI+RkyNtaQ9gtSWDj20w/aBC\n"
-    "WlbcTsRZ2itEpJ6GdLsGOW4RRfmiubzC9JU=\n"
-    "-----END EC PRIVATE KEY-----\n";
+    "WlbcTsRZ2itEpJ6GdLsGOW4RRfmiubzC9JU=\n" "-----END EC PRIVATE KEY-----\n";
 
 static unsigned char server_ecc_cert_pem[] =
     "-----BEGIN CERTIFICATE-----\n"
@@ -181,61 +177,59 @@ static unsigned char server_ecc_cert_pem[] =
     "VR0OBBYEFOuSntH2To0gJLH79Ow4wNpBuhmEMB8GA1UdIwQYMBaAFMZ1miRvZAYr\n"
     "nBEymOtPjbfTrnblMAoGCCqGSM49BAMCA0gAMEUCIQCMP3aBcCxSPbCUhihOsUmH\n"
     "G04AgT1PKw8z4LgZ4VGTVAIgYw3IFwS5sSYEAHRZAH8eaTXTz7XFmWmnkve9EBkN\n"
-    "cBE=\n"
-    "-----END CERTIFICATE-----\n";
+    "cBE=\n" "-----END CERTIFICATE-----\n";
 
 static unsigned char server_ed25519_key_pem[] =
-	"-----BEGIN PRIVATE KEY-----\n"
-	"MC4CAQAwBQYDK2VwBCIEIOXDJXOU6J6XdXx4WfcyPILPYJDH5bRfm9em+DYMkllw\n"
-	"-----END PRIVATE KEY-----\n";
+    "-----BEGIN PRIVATE KEY-----\n"
+    "MC4CAQAwBQYDK2VwBCIEIOXDJXOU6J6XdXx4WfcyPILPYJDH5bRfm9em+DYMkllw\n"
+    "-----END PRIVATE KEY-----\n";
 
 static unsigned char server_ed25519_cert_pem[] =
-	"-----BEGIN CERTIFICATE-----\n"
-	"MIIBwTCCAWagAwIBAgIIWTZasQWGNVEwCgYIKoZIzj0EAwIwfTELMAkGA1UEBhMC\n"
-	"QkUxDzANBgNVBAoTBkdudVRMUzElMCMGA1UECxMcR251VExTIGNlcnRpZmljYXRl\n"
-	"IGF1dGhvcml0eTEPMA0GA1UECBMGTGV1dmVuMSUwIwYDVQQDExxHbnVUTFMgY2Vy\n"
-	"dGlmaWNhdGUgYXV0aG9yaXR5MCAXDTE3MDYwNjA3MzMwNVoYDzk5OTkxMjMxMjM1\n"
-	"OTU5WjAZMRcwFQYDVQQDEw5FZDI1NTE5IHNpZ25lcjAqMAUGAytlcAMhAPMF++lz\n"
-	"LIzfyCX0v0B7LIabZWZ/dePW9HexIbW3tYmHo2EwXzAMBgNVHRMBAf8EAjAAMA8G\n"
-	"A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFONSSnOdGLzpv3xNcci8ZiKKqzyqMB8G\n"
-	"A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0kAMEYC\n"
-	"IQDHGfSgM44DVZfrP5CF8LSNlFN55ti3Z69YJ0SK8Fy9eQIhAN2UKeX3l8A9Ckcm\n"
-	"7barRoh+qx7ZVYpe+5w3JYuxy16w\n"
-	"-----END CERTIFICATE-----\n";
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIBwTCCAWagAwIBAgIIWTZasQWGNVEwCgYIKoZIzj0EAwIwfTELMAkGA1UEBhMC\n"
+    "QkUxDzANBgNVBAoTBkdudVRMUzElMCMGA1UECxMcR251VExTIGNlcnRpZmljYXRl\n"
+    "IGF1dGhvcml0eTEPMA0GA1UECBMGTGV1dmVuMSUwIwYDVQQDExxHbnVUTFMgY2Vy\n"
+    "dGlmaWNhdGUgYXV0aG9yaXR5MCAXDTE3MDYwNjA3MzMwNVoYDzk5OTkxMjMxMjM1\n"
+    "OTU5WjAZMRcwFQYDVQQDEw5FZDI1NTE5IHNpZ25lcjAqMAUGAytlcAMhAPMF++lz\n"
+    "LIzfyCX0v0B7LIabZWZ/dePW9HexIbW3tYmHo2EwXzAMBgNVHRMBAf8EAjAAMA8G\n"
+    "A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFONSSnOdGLzpv3xNcci8ZiKKqzyqMB8G\n"
+    "A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0kAMEYC\n"
+    "IQDHGfSgM44DVZfrP5CF8LSNlFN55ti3Z69YJ0SK8Fy9eQIhAN2UKeX3l8A9Ckcm\n"
+    "7barRoh+qx7ZVYpe+5w3JYuxy16w\n" "-----END CERTIFICATE-----\n";
 
 #ifdef ENABLE_GOST
 static unsigned char server_gost12_256_key_pem[] =
-	"-----BEGIN PRIVATE KEY-----\n"
-	"MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQg0+JttJEV\n"
-	"Ud+XBzX9q13ByKK+j2b+mEmNIo1yB0wGleo=\n"
-	"-----END PRIVATE KEY-----\n";
+    "-----BEGIN PRIVATE KEY-----\n"
+    "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQg0+JttJEV\n"
+    "Ud+XBzX9q13ByKK+j2b+mEmNIo1yB0wGleo=\n" "-----END PRIVATE KEY-----\n";
 
 static unsigned char server_gost12_256_cert_pem[] =
-	"-----BEGIN CERTIFICATE-----\n"
-	"MIIC8DCCAVigAwIBAgIIWcZKgxkCMvcwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n"
-	"AxMEQ0EtMzAgFw0xOTEwMDgxMDQ4MTZaGA85OTk5MTIzMTIzNTk1OVowDTELMAkG\n"
-	"A1UEAxMCR1IwZjAfBggqhQMHAQEBATATBgcqhQMCAiQABggqhQMHAQECAgNDAARA\n"
-	"J9sMEEx0JW9QsT5bDqyc0TNcjVg9ZSdp4GkMtShM+OOgyBGrWK3zLP5IzHYSXja8\n"
-	"373QrJOUvdX7T7TUk5yU5aOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC\n"
-	"CWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AA\n"
-	"MB0GA1UdDgQWBBQYSEtdwsYrtnOq6Ya3nt8DgFPCQjAfBgNVHSMEGDAWgBT5qIYZ\n"
-	"Y7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAR0xtx7MWEP1KyIzM\n"
-	"4lXKdTyU4Nve5RcgqF82yR/0odqT5MPoaZDvLuRWEcQryztZD3kmRUmPmn1ujSfc\n"
-	"BbPfRnSutDXcf6imq0/U1/TV/BF3vpS1plltzetvibf8MYetHVFQHUBJDZJHh9h7\n"
-	"PGwA9SnmnGKFIxFdV6bVOLkPR54Gob9zN3E17KslL19lNtht1pxk9pshwTn35oRY\n"
-	"uOdxof9F4XjpI/4WbC8kp15QeG8XyZd5JWSl+niNOqYK31+ilQdVBr4RiZSDIcAg\n"
-	"twS5yV9Ap+R8rM8TLbeT2io4rhdUgmDllUf49zV3t6AbVvbsQfkqXmHXW8uW2WBu\n"
-	"A8FiXEbIIOb+QIW0ZGwk3BVQ7wdiw1M5w6kYtz5kBtNPxBmc+eu1+e6EAfYbFNr3\n"
-	"pkxtMk3veYWHb5s3dHZ4/t2Rn85hWqh03CWwCkKTN3qmEs4/XpybbXE/UE49e7u1\n"
-	"FkpM1bT/0gUNsNt5h3pyUzQZdiB0XbdGGFta3tB3+inIO45h\n"
-	"-----END CERTIFICATE-----\n";
+    "-----BEGIN CERTIFICATE-----\n"
+    "MIIC8DCCAVigAwIBAgIIWcZKgxkCMvcwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n"
+    "AxMEQ0EtMzAgFw0xOTEwMDgxMDQ4MTZaGA85OTk5MTIzMTIzNTk1OVowDTELMAkG\n"
+    "A1UEAxMCR1IwZjAfBggqhQMHAQEBATATBgcqhQMCAiQABggqhQMHAQECAgNDAARA\n"
+    "J9sMEEx0JW9QsT5bDqyc0TNcjVg9ZSdp4GkMtShM+OOgyBGrWK3zLP5IzHYSXja8\n"
+    "373QrJOUvdX7T7TUk5yU5aOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC\n"
+    "CWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AA\n"
+    "MB0GA1UdDgQWBBQYSEtdwsYrtnOq6Ya3nt8DgFPCQjAfBgNVHSMEGDAWgBT5qIYZ\n"
+    "Y7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAR0xtx7MWEP1KyIzM\n"
+    "4lXKdTyU4Nve5RcgqF82yR/0odqT5MPoaZDvLuRWEcQryztZD3kmRUmPmn1ujSfc\n"
+    "BbPfRnSutDXcf6imq0/U1/TV/BF3vpS1plltzetvibf8MYetHVFQHUBJDZJHh9h7\n"
+    "PGwA9SnmnGKFIxFdV6bVOLkPR54Gob9zN3E17KslL19lNtht1pxk9pshwTn35oRY\n"
+    "uOdxof9F4XjpI/4WbC8kp15QeG8XyZd5JWSl+niNOqYK31+ilQdVBr4RiZSDIcAg\n"
+    "twS5yV9Ap+R8rM8TLbeT2io4rhdUgmDllUf49zV3t6AbVvbsQfkqXmHXW8uW2WBu\n"
+    "A8FiXEbIIOb+QIW0ZGwk3BVQ7wdiw1M5w6kYtz5kBtNPxBmc+eu1+e6EAfYbFNr3\n"
+    "pkxtMk3veYWHb5s3dHZ4/t2Rn85hWqh03CWwCkKTN3qmEs4/XpybbXE/UE49e7u1\n"
+    "FkpM1bT/0gUNsNt5h3pyUzQZdiB0XbdGGFta3tB3+inIO45h\n"
+    "-----END CERTIFICATE-----\n";
 
 static const gnutls_datum_t server_gost12_256_key = { server_gost12_256_key_pem,
-	sizeof(server_gost12_256_key_pem)-1
+	sizeof(server_gost12_256_key_pem) - 1
 };
 
-static const gnutls_datum_t server_gost12_256_cert = { server_gost12_256_cert_pem,
-	sizeof(server_gost12_256_cert_pem)-1
+static const gnutls_datum_t server_gost12_256_cert =
+    { server_gost12_256_cert_pem,
+	sizeof(server_gost12_256_cert_pem) - 1
 };
 #endif
 
@@ -298,8 +292,7 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 	gnutls_certificate_allocate_credentials(&s_certcred);
 
 	gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert,
-					    &server_key,
-					    GNUTLS_X509_FMT_PEM);
+					    &server_key, GNUTLS_X509_FMT_PEM);
 	gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert,
 					    &server_ecc_key,
 					    GNUTLS_X509_FMT_PEM);
@@ -347,8 +340,8 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 	HANDSHAKE(client, server);
 
 	name = gnutls_cipher_get_name(gnutls_cipher_get(server));
-	fprintf(stdout, "%30s - %s  ", name, gnutls_protocol_get_name(
-		gnutls_protocol_get_version(server)));
+	fprintf(stdout, "%30s - %s  ", name,
+		gnutls_protocol_get_name(gnutls_protocol_get_version(server)));
 	fflush(stdout);
 
 	ret = gnutls_rnd(GNUTLS_RND_NONCE, buffer, sizeof(buffer));
@@ -371,13 +364,13 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 		}
 
 		do {
-			ret =
-			    gnutls_record_recv_packet(server, &packet);
+			ret = gnutls_record_recv_packet(server, &packet);
 		}
 		while (ret == GNUTLS_E_AGAIN);
 
 		if (ret < 0) {
-			fprintf(stderr, "Failed receiving from client: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Failed receiving from client: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 
@@ -401,7 +394,7 @@ static void test_ciphersuite(const char *cipher_prio, int size)
 }
 
 static
-double calc_avg(uint64_t *diffs, unsigned int diffs_size)
+double calc_avg(uint64_t * diffs, unsigned int diffs_size)
 {
 	double avg = 0;
 	unsigned int i;
@@ -415,14 +408,13 @@ double calc_avg(uint64_t *diffs, unsigned int diffs_size)
 }
 
 static
-double calc_svar(uint64_t *diffs, unsigned int diffs_size,
-		   double avg)
+double calc_svar(uint64_t * diffs, unsigned int diffs_size, double avg)
 {
 	double sum = 0, d;
 	unsigned int i;
 
 	for (i = 0; i < diffs_size; i++) {
-		d = ((double) diffs[i] - avg);
+		d = ((double)diffs[i] - avg);
 		d *= d;
 
 		sum += d;
@@ -432,7 +424,6 @@ double calc_svar(uint64_t *diffs, unsigned int diffs_size,
 	return sum;
 }
 
-
 uint64_t total_diffs[32 * 1024];
 unsigned int total_diffs_size = 0;
 
@@ -464,13 +455,17 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 
 	ret = 0;
 	if (pk == GNUTLS_PK_RSA_PSS)
-		ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_rsa_pss_cert,
-						    &server_key,
-						    GNUTLS_X509_FMT_PEM);
+		ret =
+		    gnutls_certificate_set_x509_key_mem(s_certcred,
+							&server_rsa_pss_cert,
+							&server_key,
+							GNUTLS_X509_FMT_PEM);
 	else if (pk == GNUTLS_PK_RSA)
-		ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_cert,
-						    &server_key,
-						    GNUTLS_X509_FMT_PEM);
+		ret =
+		    gnutls_certificate_set_x509_key_mem(s_certcred,
+							&server_cert,
+							&server_key,
+							GNUTLS_X509_FMT_PEM);
 	if (ret < 0) {
 		fprintf(stderr, "Error in %d: %s\n", __LINE__,
 			gnutls_strerror(ret));
@@ -479,18 +474,24 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 
 	ret = 0;
 	if (pk == GNUTLS_PK_ECDSA)
-		ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_ecc_cert,
-						    &server_ecc_key,
-						    GNUTLS_X509_FMT_PEM);
+		ret =
+		    gnutls_certificate_set_x509_key_mem(s_certcred,
+							&server_ecc_cert,
+							&server_ecc_key,
+							GNUTLS_X509_FMT_PEM);
 	else if (pk == GNUTLS_PK_EDDSA_ED25519)
-		ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_ed25519_cert,
-						    &server_ed25519_key,
-						    GNUTLS_X509_FMT_PEM);
+		ret =
+		    gnutls_certificate_set_x509_key_mem(s_certcred,
+							&server_ed25519_cert,
+							&server_ed25519_key,
+							GNUTLS_X509_FMT_PEM);
 #ifdef ENABLE_GOST
 	else if (pk == GNUTLS_PK_GOST_12_256)
-		ret = gnutls_certificate_set_x509_key_mem(s_certcred, &server_gost12_256_cert,
-						    &server_gost12_256_key,
-						    GNUTLS_X509_FMT_PEM);
+		ret =
+		    gnutls_certificate_set_x509_key_mem(s_certcred,
+							&server_gost12_256_cert,
+							&server_gost12_256_key,
+							GNUTLS_X509_FMT_PEM);
 #endif
 	if (ret < 0) {
 		fprintf(stderr, "Error in %d: %s\n", __LINE__,
@@ -515,15 +516,14 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 	do {
 
 		gnutls_init(&server, GNUTLS_SERVER);
-		ret =
-		    gnutls_priority_set(server, priority_cache);
+		ret = gnutls_priority_set(server, priority_cache);
 		if (ret < 0) {
-			fprintf(stderr, "Error in setting priority: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Error in setting priority: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 #ifdef ENABLE_ANON
-		gnutls_credentials_set(server, GNUTLS_CRD_ANON,
-				       s_anoncred);
+		gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred);
 #endif
 		gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
 				       s_certcred);
@@ -535,15 +535,14 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 
 		gnutls_init(&client, GNUTLS_CLIENT);
 
-		ret =
-		    gnutls_priority_set(client, priority_cache);
+		ret = gnutls_priority_set(client, priority_cache);
 		if (ret < 0) {
-			fprintf(stderr, "Error in setting priority: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Error in setting priority: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 #ifdef ENABLE_ANON
-		gnutls_credentials_set(client, GNUTLS_CRD_ANON,
-				       c_anoncred);
+		gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred);
 #endif
 		gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE,
 				       c_certcred);
@@ -560,14 +559,15 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 		gettime(&tr_stop);
 
 		if (suite == NULL)
-			suite =
-			    gnutls_session_get_desc(server);
+			suite = gnutls_session_get_desc(server);
 
 		gnutls_deinit(client);
 		gnutls_deinit(server);
 
-		total_diffs[total_diffs_size++] = timespec_sub_ns(&tr_stop, &tr_start);
-		if (total_diffs_size > sizeof(total_diffs)/sizeof(total_diffs[0]))
+		total_diffs[total_diffs_size++] =
+		    timespec_sub_ns(&tr_stop, &tr_start);
+		if (total_diffs_size >
+		    sizeof(total_diffs) / sizeof(total_diffs[0]))
 			abort();
 
 		st.size += 1;
@@ -586,19 +586,20 @@ static void test_ciphersuite_kx(const char *cipher_prio, unsigned pk)
 	} else if (avg < 1000000) {
 		scale = "\u00B5s";
 		avg /= 1000;
-		for (i=0;i<total_diffs_size;i++)
+		for (i = 0; i < total_diffs_size; i++)
 			total_diffs[i] /= 1000;
 	} else {
 		scale = "ms";
-		avg /= 1000*1000;
-		for (i=0;i<total_diffs_size;i++)
-			total_diffs[i] /= 1000*1000;
+		avg /= 1000 * 1000;
+		for (i = 0; i < total_diffs_size; i++)
+			total_diffs[i] /= 1000 * 1000;
 	}
 
 	svar = calc_svar(total_diffs, total_diffs_size, avg);
 
-	printf(" - avg. handshake time: %.2f %s\n - standard deviation: %.2f %s\n\n",
-	       avg, scale, sqrt(svar), scale);
+	printf
+	    (" - avg. handshake time: %.2f %s\n - standard deviation: %.2f %s\n\n",
+	     avg, scale, sqrt(svar), scale);
 
 #ifdef ENABLE_ANON
 	gnutls_anon_free_client_credentials(c_anoncred);
@@ -657,7 +658,8 @@ void benchmark_tls(int debug_level, int ciphers)
 		test_ciphersuite_kx(PRIO_ECDH_X25519, GNUTLS_PK_RSA);
 		test_ciphersuite_kx(PRIO_ECDHE_ECDSA, GNUTLS_PK_ECC);
 		test_ciphersuite_kx(PRIO_ECDH_X25519_ECDSA, GNUTLS_PK_ECC);
-		test_ciphersuite_kx(PRIO_ECDH_X25519_EDDSA, GNUTLS_PK_EDDSA_ED25519);
+		test_ciphersuite_kx(PRIO_ECDH_X25519_EDDSA,
+				    GNUTLS_PK_EDDSA_ED25519);
 		test_ciphersuite_kx(PRIO_RSA, GNUTLS_PK_RSA);
 #ifdef ENABLE_GOST
 		test_ciphersuite_kx(PRIO_GOST_CNT, GNUTLS_PK_GOST_12_256);
diff --git a/src/benchmark.c b/src/benchmark.c
index b582571dc3..45a6f77e57 100644
--- a/src/benchmark.c
+++ b/src/benchmark.c
@@ -31,7 +31,7 @@
 volatile int benchmark_must_finish = 0;
 
 #if defined(_WIN32)
-#include <windows.h>
+# include <windows.h>
 static DWORD WINAPI alarm_handler(LPVOID lpParameter)
 {
 	HANDLE wtimer = *((HANDLE *) lpParameter);
@@ -51,22 +51,22 @@ value2human(uint64_t bytes, double time, double *data, double *speed,
 	    char *metric)
 {
 	if (bytes > 1000 && bytes < 1000 * 1000) {
-		*data = ((double) bytes) / 1000;
+		*data = ((double)bytes) / 1000;
 		*speed = *data / time;
 		strcpy(metric, "KB");
 		return;
 	} else if (bytes >= 1000 * 1000 && bytes < 1000 * 1000 * 1000) {
-		*data = ((double) bytes) / (1000 * 1000);
+		*data = ((double)bytes) / (1000 * 1000);
 		*speed = *data / time;
 		strcpy(metric, "MB");
 		return;
 	} else if (bytes >= 1000 * 1000 * 1000) {
-		*data = ((double) bytes) / (1000 * 1000 * 1000);
+		*data = ((double)bytes) / (1000 * 1000 * 1000);
 		*speed = *data / time;
 		strcpy(metric, "GB");
 		return;
 	} else {
-		*data = (double) bytes;
+		*data = (double)bytes;
 		*speed = *data / time;
 		strcpy(metric, "bytes");
 		return;
@@ -92,15 +92,13 @@ void start_benchmark(struct benchmark_st *st)
 	st->wthread =
 	    CreateThread(NULL, 0, alarm_handler, &st->wtimer, 0, NULL);
 	if (st->wthread == NULL) {
-		fprintf(stderr, "error: CreateThread %u\n",
-			GetLastError());
+		fprintf(stderr, "error: CreateThread %u\n", GetLastError());
 		exit(1);
 	}
 	st->alarm_timeout.QuadPart = (BSECS) * 10000000;
 	if (SetWaitableTimer
 	    (st->wtimer, &st->alarm_timeout, 0, NULL, NULL, FALSE) == 0) {
-		fprintf(stderr, "error: SetWaitableTimer %u\n",
-			GetLastError());
+		fprintf(stderr, "error: SetWaitableTimer %u\n", GetLastError());
 		exit(1);
 	}
 #else
@@ -110,8 +108,7 @@ void start_benchmark(struct benchmark_st *st)
 }
 
 /* returns the elapsed time */
-double stop_benchmark(struct benchmark_st *st, const char *metric,
-		      int quiet)
+double stop_benchmark(struct benchmark_st *st, const char *metric, int quiet)
 {
 	double secs;
 	unsigned long lsecs;
@@ -141,7 +138,7 @@ double stop_benchmark(struct benchmark_st *st, const char *metric,
 			       imetric, secs);
 		printf("%.2f %s/sec\n", dspeed, imetric);
 	} else {
-		ddata = (double) st->size;
+		ddata = (double)st->size;
 		dspeed = ddata / secs;
 		if (quiet == 0)
 			printf("  Processed %.2f %s in %.2f secs: ", ddata,
diff --git a/src/benchmark.h b/src/benchmark.h
index a5e2aff124..af9bc3a4c8 100644
--- a/src/benchmark.h
+++ b/src/benchmark.h
@@ -18,22 +18,22 @@
  */
 
 #ifndef GNUTLS_SRC_BENCHMARK_H
-#define GNUTLS_SRC_BENCHMARK_H
+# define GNUTLS_SRC_BENCHMARK_H
 
-#include <sys/time.h>
-#include <time.h>
-#include <signal.h>
-#if defined(_WIN32)
-#include <windows.h>
-#endif
+# include <sys/time.h>
+# include <time.h>
+# include <signal.h>
+# if defined(_WIN32)
+#  include <windows.h>
+# endif
 
 /* for uint64_t */
 # include <stdint.h>
 
-#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
-#undef gettime
-#define gettime(x) clock_gettime(CLOCK_PROCESS_CPUTIME_ID, x)
-#else
+# if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
+#  undef gettime
+#  define gettime(x) clock_gettime(CLOCK_PROCESS_CPUTIME_ID, x)
+# else
 inline static void gettime(struct timespec *ts)
 {
 	struct timeval tv;
@@ -41,9 +41,9 @@ inline static void gettime(struct timespec *ts)
 	ts->tv_sec = tv.tv_sec;
 	ts->tv_nsec = tv.tv_usec * 1000;
 }
-#endif
+# endif
 
-typedef void (*sighandler_t) (int);
+typedef void (*sighandler_t)(int);
 
 void benchmark_cipher(int debug_level);
 void benchmark_tls(int debug_level, int ciphers);
@@ -52,23 +52,23 @@ struct benchmark_st {
 	struct timespec start;
 	uint64_t size;
 	sighandler_t old_handler;
-#if defined(_WIN32)
+# if defined(_WIN32)
 	HANDLE wtimer;
 	HANDLE wthread;
 	LARGE_INTEGER alarm_timeout;
-#endif
+# endif
 };
 
 extern volatile int benchmark_must_finish;
 
 void start_benchmark(struct benchmark_st *st);
-double stop_benchmark(struct benchmark_st *st, const char *metric,
-		      int quiet);
+double stop_benchmark(struct benchmark_st *st, const char *metric, int quiet);
 
 inline static unsigned int
 timespec_sub_ms(struct timespec *a, struct timespec *b)
 {
-	return (a->tv_sec - b->tv_sec) * 1000 + (a->tv_nsec - b->tv_nsec) / (1000 * 1000);
+	return (a->tv_sec - b->tv_sec) * 1000 + (a->tv_nsec -
+						 b->tv_nsec) / (1000 * 1000);
 }
 
 inline static unsigned long
@@ -77,4 +77,4 @@ timespec_sub_ns(struct timespec *a, struct timespec *b)
 	return (a->tv_sec - b->tv_sec) * 1000000000 + (a->tv_nsec - b->tv_nsec);
 }
 
-#endif /* GNUTLS_SRC_BENCHMARK_H */
+#endif				/* GNUTLS_SRC_BENCHMARK_H */
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index a8a135a4a4..9a323c61e8 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -43,9 +43,9 @@
 #include <sys/types.h>
 
 #if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
+# include <sys/socket.h>
 #elif HAVE_WS2TCPIP_H
-#include <ws2tcpip.h>
+# include <ws2tcpip.h>
 #endif
 
 /* From gnulib for inet_pton() */
@@ -56,8 +56,8 @@
 #include "certtool-common.h"
 
 /* to print uint64_t */
-# define __STDC_FORMAT_MACROS
-# include <inttypes.h>
+#define __STDC_FORMAT_MACROS
+#include <inttypes.h>
 
 extern int batch;
 extern int ask_pass;
@@ -75,7 +75,9 @@ extern int ask_pass;
 	if (sizeof(time_t) < 8) \
 		fprintf(stderr, "This system expresses time with a 32-bit time_t; that prevents dates after 2038 to be expressed by GnuTLS.\n")
 
-enum option_types { OPTION_NUMERIC, OPTION_STRING, OPTION_BOOLEAN, OPTION_MULTI_LINE };
+enum option_types { OPTION_NUMERIC, OPTION_STRING, OPTION_BOOLEAN,
+	OPTION_MULTI_LINE
+};
 
 struct cfg_options {
 	const char *name;
@@ -86,76 +88,76 @@ struct cfg_options {
 };
 
 static struct cfg_options available_options[] = {
-	{ .name = "unit", .type = OPTION_MULTI_LINE },
-	{ .name = "ou", .type = OPTION_MULTI_LINE },
-	{ .name = "organization", .type = OPTION_MULTI_LINE },
-	{ .name = "o", .type = OPTION_MULTI_LINE },
-	{ .name = "dc", .type = OPTION_MULTI_LINE },
-	{ .name = "dns_name", .type = OPTION_MULTI_LINE },
-	{ .name = "ip_address", .type = OPTION_MULTI_LINE },
-	{ .name = "email", .type = OPTION_MULTI_LINE },
-	{ .name = "krb5_principal", .type = OPTION_MULTI_LINE },
-	{ .name = "other_name", .type = OPTION_MULTI_LINE },
-	{ .name = "other_name_utf8", .type = OPTION_MULTI_LINE },
-	{ .name = "other_name_octet", .type = OPTION_MULTI_LINE },
-	{ .name = "xmpp_name", .type = OPTION_MULTI_LINE },
-	{ .name = "key_purpose_oid", .type = OPTION_MULTI_LINE },
-	{ .name = "nc_exclude_dns", .type = OPTION_MULTI_LINE },
-	{ .name = "nc_exclude_ip", .type = OPTION_MULTI_LINE },
-	{ .name = "nc_exclude_email", .type = OPTION_MULTI_LINE },
-	{ .name = "nc_permit_dns", .type = OPTION_MULTI_LINE },
-	{ .name = "nc_permit_ip", .type = OPTION_MULTI_LINE },
-	{ .name = "nc_permit_email", .type = OPTION_MULTI_LINE },
-	{ .name = "dn_oid", .type = OPTION_MULTI_LINE },
-	{ .name = "add_extension", .type = OPTION_MULTI_LINE },
-	{ .name = "add_critical_extension", .type = OPTION_MULTI_LINE },
-	{ .name = "crl_dist_points", .type = OPTION_MULTI_LINE },
-	{ .name = "uri", .type = OPTION_MULTI_LINE },
-	{ .name = "ocsp_uri", .type = OPTION_MULTI_LINE },
-	{ .name = "ca_issuers_uri", .type = OPTION_MULTI_LINE },
-	{ .name = "locality", .type = OPTION_STRING },
-	{ .name = "state", .type = OPTION_STRING },
-	{ .name = "dn", .type = OPTION_STRING },
-	{ .name = "cn", .type = OPTION_STRING },
-	{ .name = "uid", .type = OPTION_STRING },
-	{ .name = "subject_unique_id", .type = OPTION_STRING },
-	{ .name = "issuer_unique_id", .type = OPTION_STRING },
-	{ .name = "challenge_password", .type = OPTION_STRING },
-	{ .name = "password", .type = OPTION_STRING },
-	{ .name = "pkcs9_email", .type = OPTION_STRING },
-	{ .name = "country", .type = OPTION_STRING },
-	{ .name = "expiration_date", .type = OPTION_STRING },
-	{ .name = "activation_date", .type = OPTION_STRING },
-	{ .name = "crl_revocation_date", .type = OPTION_STRING },
-	{ .name = "crl_this_update_date", .type = OPTION_STRING },
-	{ .name = "crl_next_update_date", .type = OPTION_STRING },
-	{ .name = "policy*", .type = OPTION_MULTI_LINE }, /* not a multi-line but there are multi as it is a wildcard */
-	{ .name = "inhibit_anypolicy_skip_certs", .type = OPTION_NUMERIC },
-	{ .name = "pkcs12_key_name", .type = OPTION_STRING },
-	{ .name = "proxy_policy_language", .type = OPTION_STRING },
-	{ .name = "serial", .type = OPTION_STRING },
-	{ .name = "expiration_days", .type = OPTION_NUMERIC },
-	{ .name = "crl_next_update", .type = OPTION_NUMERIC },
-	{ .name = "crl_number", .type = OPTION_STRING },
-	{ .name = "path_len", .type = OPTION_NUMERIC },
-	{ .name = "ca", .type = OPTION_BOOLEAN },
-	{ .name = "honor_crq_extensions", .type = OPTION_BOOLEAN },
-	{ .name = "honor_crq_ext", .type = OPTION_MULTI_LINE },
-	{ .name = "tls_www_client", .type = OPTION_BOOLEAN },
-	{ .name = "tls_www_server", .type = OPTION_BOOLEAN },
-	{ .name = "signing_key", .type = OPTION_BOOLEAN },
-	{ .name = "encryption_key", .type = OPTION_BOOLEAN },
-	{ .name = "cert_signing_key", .type = OPTION_BOOLEAN },
-	{ .name = "crl_signing_key", .type = OPTION_BOOLEAN },
-	{ .name = "code_signing_key", .type = OPTION_BOOLEAN },
-	{ .name = "ocsp_signing_key", .type = OPTION_BOOLEAN },
-	{ .name = "time_stamping_key", .type = OPTION_BOOLEAN },
-	{ .name = "email_protection_key", .type = OPTION_BOOLEAN },
-	{ .name = "ipsec_ike_key", .type = OPTION_BOOLEAN },
-	{ .name = "key_agreement", .type = OPTION_BOOLEAN },
-	{ .name = "data_encipherment", .type = OPTION_BOOLEAN },
-	{ .name = "non_repudiation", .type = OPTION_BOOLEAN },
-	{ .name = "tls_feature", .type = OPTION_MULTI_LINE },
+	{.name = "unit",.type = OPTION_MULTI_LINE},
+	{.name = "ou",.type = OPTION_MULTI_LINE},
+	{.name = "organization",.type = OPTION_MULTI_LINE},
+	{.name = "o",.type = OPTION_MULTI_LINE},
+	{.name = "dc",.type = OPTION_MULTI_LINE},
+	{.name = "dns_name",.type = OPTION_MULTI_LINE},
+	{.name = "ip_address",.type = OPTION_MULTI_LINE},
+	{.name = "email",.type = OPTION_MULTI_LINE},
+	{.name = "krb5_principal",.type = OPTION_MULTI_LINE},
+	{.name = "other_name",.type = OPTION_MULTI_LINE},
+	{.name = "other_name_utf8",.type = OPTION_MULTI_LINE},
+	{.name = "other_name_octet",.type = OPTION_MULTI_LINE},
+	{.name = "xmpp_name",.type = OPTION_MULTI_LINE},
+	{.name = "key_purpose_oid",.type = OPTION_MULTI_LINE},
+	{.name = "nc_exclude_dns",.type = OPTION_MULTI_LINE},
+	{.name = "nc_exclude_ip",.type = OPTION_MULTI_LINE},
+	{.name = "nc_exclude_email",.type = OPTION_MULTI_LINE},
+	{.name = "nc_permit_dns",.type = OPTION_MULTI_LINE},
+	{.name = "nc_permit_ip",.type = OPTION_MULTI_LINE},
+	{.name = "nc_permit_email",.type = OPTION_MULTI_LINE},
+	{.name = "dn_oid",.type = OPTION_MULTI_LINE},
+	{.name = "add_extension",.type = OPTION_MULTI_LINE},
+	{.name = "add_critical_extension",.type = OPTION_MULTI_LINE},
+	{.name = "crl_dist_points",.type = OPTION_MULTI_LINE},
+	{.name = "uri",.type = OPTION_MULTI_LINE},
+	{.name = "ocsp_uri",.type = OPTION_MULTI_LINE},
+	{.name = "ca_issuers_uri",.type = OPTION_MULTI_LINE},
+	{.name = "locality",.type = OPTION_STRING},
+	{.name = "state",.type = OPTION_STRING},
+	{.name = "dn",.type = OPTION_STRING},
+	{.name = "cn",.type = OPTION_STRING},
+	{.name = "uid",.type = OPTION_STRING},
+	{.name = "subject_unique_id",.type = OPTION_STRING},
+	{.name = "issuer_unique_id",.type = OPTION_STRING},
+	{.name = "challenge_password",.type = OPTION_STRING},
+	{.name = "password",.type = OPTION_STRING},
+	{.name = "pkcs9_email",.type = OPTION_STRING},
+	{.name = "country",.type = OPTION_STRING},
+	{.name = "expiration_date",.type = OPTION_STRING},
+	{.name = "activation_date",.type = OPTION_STRING},
+	{.name = "crl_revocation_date",.type = OPTION_STRING},
+	{.name = "crl_this_update_date",.type = OPTION_STRING},
+	{.name = "crl_next_update_date",.type = OPTION_STRING},
+	{.name = "policy*",.type = OPTION_MULTI_LINE},	/* not a multi-line but there are multi as it is a wildcard */
+	{.name = "inhibit_anypolicy_skip_certs",.type = OPTION_NUMERIC},
+	{.name = "pkcs12_key_name",.type = OPTION_STRING},
+	{.name = "proxy_policy_language",.type = OPTION_STRING},
+	{.name = "serial",.type = OPTION_STRING},
+	{.name = "expiration_days",.type = OPTION_NUMERIC},
+	{.name = "crl_next_update",.type = OPTION_NUMERIC},
+	{.name = "crl_number",.type = OPTION_STRING},
+	{.name = "path_len",.type = OPTION_NUMERIC},
+	{.name = "ca",.type = OPTION_BOOLEAN},
+	{.name = "honor_crq_extensions",.type = OPTION_BOOLEAN},
+	{.name = "honor_crq_ext",.type = OPTION_MULTI_LINE},
+	{.name = "tls_www_client",.type = OPTION_BOOLEAN},
+	{.name = "tls_www_server",.type = OPTION_BOOLEAN},
+	{.name = "signing_key",.type = OPTION_BOOLEAN},
+	{.name = "encryption_key",.type = OPTION_BOOLEAN},
+	{.name = "cert_signing_key",.type = OPTION_BOOLEAN},
+	{.name = "crl_signing_key",.type = OPTION_BOOLEAN},
+	{.name = "code_signing_key",.type = OPTION_BOOLEAN},
+	{.name = "ocsp_signing_key",.type = OPTION_BOOLEAN},
+	{.name = "time_stamping_key",.type = OPTION_BOOLEAN},
+	{.name = "email_protection_key",.type = OPTION_BOOLEAN},
+	{.name = "ipsec_ike_key",.type = OPTION_BOOLEAN},
+	{.name = "key_agreement",.type = OPTION_BOOLEAN},
+	{.name = "data_encipherment",.type = OPTION_BOOLEAN},
+	{.name = "non_repudiation",.type = OPTION_BOOLEAN},
+	{.name = "tls_feature",.type = OPTION_MULTI_LINE},
 };
 
 typedef struct _cfg_ctx {
@@ -206,7 +208,7 @@ typedef struct _cfg_ctx {
 	uint8_t *serial;
 	unsigned serial_size;
 	int expiration_days;
-	int skip_certs; /* from inhibit anypolicy */
+	int skip_certs;		/* from inhibit anypolicy */
 	int ca;
 	int path_len;
 	int tls_www_client;
@@ -341,23 +343,28 @@ void cfg_init(void)
 		output_size = _output.size; \
 	}
 
-
 static int handle_option(cfg_option_t val)
 {
 	unsigned j;
 	unsigned len, cmp;
 
-	for (j=0;j<sizeof(available_options)/sizeof(available_options[0]);j++) {
+	for (j = 0;
+	     j < sizeof(available_options) / sizeof(available_options[0]);
+	     j++) {
 		len = strlen(available_options[j].name);
-		if (len > 2 && available_options[j].name[len-1] == '*')
-			cmp = strncasecmp(val->name, available_options[j].name, len-1);
+		if (len > 2 && available_options[j].name[len - 1] == '*')
+			cmp =
+			    strncasecmp(val->name, available_options[j].name,
+					len - 1);
 		else
 			cmp = strcasecmp(val->name, available_options[j].name);
 
 		if (cmp == 0) {
 			if (available_options[j].type != OPTION_MULTI_LINE &&
 			    available_options[j].found != 0) {
-			    fprintf(stderr, "Warning: multiple options found for '%s'; only the first will be taken into account.\n", available_options[j].name);
+				fprintf(stderr,
+					"Warning: multiple options found for '%s'; only the first will be taken into account.\n",
+					available_options[j].name);
 			}
 			available_options[j].found = 1;
 			return 1;
@@ -385,7 +392,9 @@ int template_parse(const char *template)
 
 	for (val = pov; val->name; val++) {
 		if (handle_option(val) == 0) {
-			fprintf(stderr, "Warning: skipping unknown option '%s'\n", val->name);
+			fprintf(stderr,
+				"Warning: skipping unknown option '%s'\n",
+				val->name);
 		}
 	}
 
@@ -422,11 +431,13 @@ int template_parse(const char *template)
 
 	val = cfg_next(pov, "issuer_unique_id");
 	if (val != NULL)
-		HEX_DECODE(val->value, cfg.issuer_unique_id, cfg.issuer_unique_id_size);
+		HEX_DECODE(val->value, cfg.issuer_unique_id,
+			   cfg.issuer_unique_id_size);
 
 	val = cfg_next(pov, "subject_unique_id");
 	if (val != NULL)
-		HEX_DECODE(val->value, cfg.subject_unique_id, cfg.subject_unique_id_size);
+		HEX_DECODE(val->value, cfg.subject_unique_id,
+			   cfg.subject_unique_id_size);
 
 	val = cfg_next(pov, "challenge_password");
 	if (val != NULL)
@@ -473,14 +484,12 @@ int template_parse(const char *template)
 			cfg.policy_oid[i] = strdup(val->value);
 
 		if (cfg.policy_oid[i] != NULL) {
-			snprintf(tmpstr, sizeof(tmpstr), "policy%d_url",
-				 i + 1);
+			snprintf(tmpstr, sizeof(tmpstr), "policy%d_url", i + 1);
 			val = cfg_next(pov, tmpstr);
 			if (val != NULL)
 				cfg.policy_url[i] = strdup(val->value);
 
-			snprintf(tmpstr, sizeof(tmpstr), "policy%d_txt",
-				 i + 1);
+			snprintf(tmpstr, sizeof(tmpstr), "policy%d_txt", i + 1);
 			val = cfg_next(pov, tmpstr);
 			if (val != NULL) {
 				cfg.policy_txt[i] = strdup(val->value);
@@ -511,7 +520,8 @@ int template_parse(const char *template)
 	READ_MULTI_LINE_TOKENIZED("dn_oid", cfg.dn_oid);
 
 	READ_MULTI_LINE_TOKENIZED("add_extension", cfg.extensions);
-	READ_MULTI_LINE_TOKENIZED("add_critical_extension", cfg.crit_extensions);
+	READ_MULTI_LINE_TOKENIZED("add_critical_extension",
+				  cfg.crit_extensions);
 
 	READ_MULTI_LINE("crl_dist_points", cfg.crl_dist_points);
 
@@ -519,7 +529,6 @@ int template_parse(const char *template)
 	if (val != NULL)
 		cfg.pkcs12_key_name = strdup(val->value);
 
-
 	val = cfg_next(pov, "serial");
 	if (val != NULL)
 		SERIAL_DECODE(val->value, cfg.serial, cfg.serial_size);
@@ -583,19 +592,20 @@ static size_t strip_nl(char *str, size_t str_size)
 	return str_size;
 }
 
-static int copystr_without_nl(char *out, size_t out_size, const char *in, size_t in_size)
+static int copystr_without_nl(char *out, size_t out_size, const char *in,
+			      size_t in_size)
 {
-	if (in_size+1 >= out_size) {
-		fprintf(stderr, "Too long line to parse in interactive mode; please use templates.\n");
+	if (in_size + 1 >= out_size) {
+		fprintf(stderr,
+			"Too long line to parse in interactive mode; please use templates.\n");
 		exit(1);
 	}
-	memcpy(out, in, in_size+1); /* copy terminating null */
+	memcpy(out, in, in_size + 1);	/* copy terminating null */
 	strip_nl(out, in_size);
 	return 0;
 }
 
-void
-read_crt_set(gnutls_x509_crt_t crt, const char *input_str, const char *oid)
+void read_crt_set(gnutls_x509_crt_t crt, const char *input_str, const char *oid)
 {
 	ssize_t ret;
 	char *lineptr = NULL;
@@ -613,9 +623,7 @@ read_crt_set(gnutls_x509_crt_t crt, const char *input_str, const char *oid)
 
 	linesize = strip_nl(lineptr, ret);
 
-	ret =
-	    gnutls_x509_crt_set_dn_by_oid(crt, oid, 0, lineptr,
-					  linesize);
+	ret = gnutls_x509_crt_set_dn_by_oid(crt, oid, 0, lineptr, linesize);
 	if (ret < 0) {
 		fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 		exit(1);
@@ -623,8 +631,7 @@ read_crt_set(gnutls_x509_crt_t crt, const char *input_str, const char *oid)
 	free(lineptr);
 }
 
-void
-read_crq_set(gnutls_x509_crq_t crq, const char *input_str, const char *oid)
+void read_crq_set(gnutls_x509_crq_t crq, const char *input_str, const char *oid)
 {
 	ssize_t ret;
 	char *lineptr = NULL;
@@ -642,9 +649,7 @@ read_crq_set(gnutls_x509_crq_t crq, const char *input_str, const char *oid)
 
 	linesize = strip_nl(lineptr, ret);
 
-	ret =
-	    gnutls_x509_crq_set_dn_by_oid(crq, oid, 0, lineptr,
-					  linesize);
+	ret = gnutls_x509_crq_set_dn_by_oid(crq, oid, 0, lineptr, linesize);
 	if (ret < 0) {
 		fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 		exit(1);
@@ -673,41 +678,40 @@ static int64_t read_int_with_default(const char *input_str, long def)
 	l = strtoll(input, &endptr, 0);
 
 	if (*endptr != '\0' && *endptr != '\r' && *endptr != '\n') {
-		fprintf(stderr, "Trailing garbage ignored: `%s'\n",
-			endptr);
+		fprintf(stderr, "Trailing garbage ignored: `%s'\n", endptr);
 		return 0;
 	} else {
 		*endptr = 0;
 	}
 
 	if (l <= LLONG_MIN || l >= LLONG_MAX) {
-		fprintf(stderr, "Integer out of range: `%s' (max: %llu)\n", input, LLONG_MAX-1);
+		fprintf(stderr, "Integer out of range: `%s' (max: %llu)\n",
+			input, LLONG_MAX - 1);
 		return 0;
 	}
 #else
 	l = strtol(input, &endptr, 0);
 
 	if (*endptr != '\0' && *endptr != '\r' && *endptr != '\n') {
-		fprintf(stderr, "Trailing garbage ignored: `%s'\n",
-			endptr);
+		fprintf(stderr, "Trailing garbage ignored: `%s'\n", endptr);
 		return 0;
 	} else {
 		*endptr = 0;
 	}
 
 	if (l <= LONG_MIN || l >= LONG_MAX) {
-		fprintf(stderr, "Integer out of range: `%s' (max: %lu)\n", input, LONG_MAX-1);
+		fprintf(stderr, "Integer out of range: `%s' (max: %lu)\n",
+			input, LONG_MAX - 1);
 		return 0;
 	}
 #endif
 
-
-
 	if (input == endptr)
 		l = def;
 
 	return l;
 }
+
 #pragma GCC diagnostic pop
 
 int64_t read_int(const char *input_str)
@@ -715,7 +719,7 @@ int64_t read_int(const char *input_str)
 	return read_int_with_default(input_str, 0);
 }
 
-int serial_decode(const char *input, gnutls_datum_t *output)
+int serial_decode(const char *input, gnutls_datum_t * output)
 {
 	int i;
 	int64_t value;
@@ -724,14 +728,13 @@ int serial_decode(const char *input, gnutls_datum_t *output)
 	gnutls_datum_t input_datum;
 
 	if (input[0] == '0' && input[1] == 'x') {
-		input_datum.data = (void *) (input + 2);
+		input_datum.data = (void *)(input + 2);
 		input_datum.size = strlen(input + 2);
 		if (input_datum.size == 0) {
 			return GNUTLS_E_PARSING_ERROR;
 		}
 		return gnutls_hex_decode2(&input_datum, output);
 	}
-
 #if SIZEOF_LONG < 8
 	value = strtol(input, &endptr, 10);
 	value_limit = LONG_MAX;
@@ -746,7 +749,9 @@ int serial_decode(const char *input, gnutls_datum_t *output)
 	}
 
 	if (value <= 0 || value >= value_limit) {
-		fprintf(stderr, "Integer out of range: `%s' (min: 1, max: %"PRId64")\n", input, value_limit-1);
+		fprintf(stderr,
+			"Integer out of range: `%s' (min: 1, max: %" PRId64
+			")\n", input, value_limit - 1);
 		return GNUTLS_E_PARSING_ERROR;
 	}
 
@@ -799,7 +804,7 @@ int read_yesno(const char *input_str, int def)
 {
 	char input[MAX_INPUT_SIZE];
 
-      restart:
+ restart:
 	fputs(input_str, stderr);
 	if (fgets(input, sizeof(input), stdin) == NULL)
 		return def;
@@ -815,7 +820,6 @@ int read_yesno(const char *input_str, int def)
 		goto restart;
 }
 
-
 /* Wrapper functions for non-interactive mode.
  */
 const char *get_pass(void)
@@ -846,8 +850,7 @@ const char *get_confirmed_pass(bool empty_ok)
 			CHECK_MALLOC(copy);
 			pass = getpass("Confirm password: ");
 		}
-		while (strcmp(pass, copy) != 0
-		       && !(empty_ok && *pass == '\0'));
+		while (strcmp(pass, copy) != 0 && !(empty_ok && *pass == '\0'));
 
 		free(copy);
 
@@ -874,8 +877,7 @@ void get_crl_dist_point_set(gnutls_x509_crt_t crt)
 		for (i = 0; cfg.crl_dist_points[i] != NULL; i++) {
 			ret =
 			    gnutls_x509_crt_set_crl_dist_points
-			    (crt, GNUTLS_SAN_URI, cfg.crl_dist_points[i],
-			     0);
+			    (crt, GNUTLS_SAN_URI, cfg.crl_dist_points[i], 0);
 			if (ret < 0)
 				break;
 		}
@@ -924,8 +926,7 @@ void get_country_crt_set(gnutls_x509_crt_t crt)
 						  0, cfg.country,
 						  strlen(cfg.country));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -947,9 +948,12 @@ void get_organization_crt_set(gnutls_x509_crt_t crt)
 		for (i = 0; cfg.organization[i] != NULL; i++) {
 			ret =
 			    gnutls_x509_crt_set_dn_by_oid(crt,
-						  GNUTLS_OID_X520_ORGANIZATION_NAME,
-						  0, cfg.organization[i],
-						  strlen(cfg.organization[i]));
+							  GNUTLS_OID_X520_ORGANIZATION_NAME,
+							  0,
+							  cfg.organization[i],
+							  strlen
+							  (cfg.organization
+							   [i]));
 			if (ret < 0) {
 				fprintf(stderr, "set_dn: %s\n",
 					gnutls_strerror(ret));
@@ -975,9 +979,9 @@ void get_unit_crt_set(gnutls_x509_crt_t crt)
 		for (i = 0; cfg.unit[i] != NULL; i++) {
 			ret =
 			    gnutls_x509_crt_set_dn_by_oid(crt,
-						  GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
-						  0, cfg.unit[i],
-						  strlen(cfg.unit[i]));
+							  GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+							  0, cfg.unit[i],
+							  strlen(cfg.unit[i]));
 			if (ret < 0) {
 				fprintf(stderr, "set_dn: %s\n",
 					gnutls_strerror(ret));
@@ -1004,8 +1008,7 @@ void get_state_crt_set(gnutls_x509_crt_t crt)
 						  0, cfg.state,
 						  strlen(cfg.state));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -1028,8 +1031,7 @@ void get_locality_crt_set(gnutls_x509_crt_t crt)
 						  0, cfg.locality,
 						  strlen(cfg.locality));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -1049,16 +1051,14 @@ void get_cn_crt_set(gnutls_x509_crt_t crt)
 		ret =
 		    gnutls_x509_crt_set_dn_by_oid(crt,
 						  GNUTLS_OID_X520_COMMON_NAME,
-						  0, cfg.cn,
-						  strlen(cfg.cn));
+						  0, cfg.cn, strlen(cfg.cn));
 		if (ret < 0) {
 			fprintf(stderr, "set_dn_by_oid: %s\n",
 				gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
-		read_crt_set(crt, "Common name: ",
-			     GNUTLS_OID_X520_COMMON_NAME);
+		read_crt_set(crt, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
 	}
 
 }
@@ -1088,10 +1088,13 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
 	gnutls_datum_t name;
 
 	if (batch) {
-		if (cfg.permitted_nc_dns == NULL && cfg.permitted_nc_email == NULL &&
-			cfg.excluded_nc_dns == NULL && cfg.excluded_nc_email == NULL &&
-			cfg.permitted_nc_ip == NULL && cfg.excluded_nc_ip == NULL)
-			return; /* nothing to do */
+		if (cfg.permitted_nc_dns == NULL
+		    && cfg.permitted_nc_email == NULL
+		    && cfg.excluded_nc_dns == NULL
+		    && cfg.excluded_nc_email == NULL
+		    && cfg.permitted_nc_ip == NULL
+		    && cfg.excluded_nc_ip == NULL)
+			return;	/* nothing to do */
 
 		ret = gnutls_x509_name_constraints_init(&nc);
 		if (ret < 0) {
@@ -1101,14 +1104,22 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
 
 		if (cfg.permitted_nc_ip) {
 			for (i = 0; cfg.permitted_nc_ip[i] != NULL; i++) {
-				ret = gnutls_x509_cidr_to_rfc5280(cfg.permitted_nc_ip[i], &name);
+				ret =
+				    gnutls_x509_cidr_to_rfc5280
+				    (cfg.permitted_nc_ip[i], &name);
 				if (ret < 0) {
-					fprintf(stderr, "error parsing IP constraint: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"error parsing IP constraint: %s\n",
+						gnutls_strerror(ret));
 					exit(1);
 				}
-				ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, &name);
+				ret =
+				    gnutls_x509_name_constraints_add_permitted
+				    (nc, GNUTLS_SAN_IPADDRESS, &name);
 				if (ret < 0) {
-					fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"error adding constraint: %s\n",
+						gnutls_strerror(ret));
 					exit(1);
 				}
 				free(name.data);
@@ -1117,14 +1128,22 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
 
 		if (cfg.excluded_nc_ip) {
 			for (i = 0; cfg.excluded_nc_ip[i] != NULL; i++) {
-				ret = gnutls_x509_cidr_to_rfc5280(cfg.excluded_nc_ip[i], &name);
+				ret =
+				    gnutls_x509_cidr_to_rfc5280
+				    (cfg.excluded_nc_ip[i], &name);
 				if (ret < 0) {
-					fprintf(stderr, "error parsing IP constraint: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"error parsing IP constraint: %s\n",
+						gnutls_strerror(ret));
 					exit(1);
 				}
-				ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_IPADDRESS, &name);
+				ret =
+				    gnutls_x509_name_constraints_add_excluded
+				    (nc, GNUTLS_SAN_IPADDRESS, &name);
 				if (ret < 0) {
-					fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"error adding constraint: %s\n",
+						gnutls_strerror(ret));
 					exit(1);
 				}
 				free(name.data);
@@ -1135,24 +1154,31 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
 
 			for (i = 0; cfg.permitted_nc_dns[i] != NULL; i++) {
 
-				name.data = (void*)cfg.permitted_nc_dns[i];
-				name.size = strlen((char*)name.data);
-				ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_DNSNAME, &name);
+				name.data = (void *)cfg.permitted_nc_dns[i];
+				name.size = strlen((char *)name.data);
+				ret =
+				    gnutls_x509_name_constraints_add_permitted
+				    (nc, GNUTLS_SAN_DNSNAME, &name);
 				if (ret < 0) {
-					fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"error adding constraint: %s\n",
+						gnutls_strerror(ret));
 					exit(1);
 				}
 			}
 		}
 
-
 		if (cfg.excluded_nc_dns) {
 			for (i = 0; cfg.excluded_nc_dns[i] != NULL; i++) {
-				name.data = (void*)cfg.excluded_nc_dns[i];
-				name.size = strlen((char*)name.data);
-				ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_DNSNAME, &name);
+				name.data = (void *)cfg.excluded_nc_dns[i];
+				name.size = strlen((char *)name.data);
+				ret =
+				    gnutls_x509_name_constraints_add_excluded
+				    (nc, GNUTLS_SAN_DNSNAME, &name);
 				if (ret < 0) {
-					fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"error adding constraint: %s\n",
+						gnutls_strerror(ret));
 					exit(1);
 				}
 			}
@@ -1160,11 +1186,15 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
 
 		if (cfg.permitted_nc_email) {
 			for (i = 0; cfg.permitted_nc_email[i] != NULL; i++) {
-				name.data = (void*)cfg.permitted_nc_email[i];
-				name.size = strlen((char*)name.data);
-				ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_RFC822NAME, &name);
+				name.data = (void *)cfg.permitted_nc_email[i];
+				name.size = strlen((char *)name.data);
+				ret =
+				    gnutls_x509_name_constraints_add_permitted
+				    (nc, GNUTLS_SAN_RFC822NAME, &name);
 				if (ret < 0) {
-					fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"error adding constraint: %s\n",
+						gnutls_strerror(ret));
 					exit(1);
 				}
 			}
@@ -1172,11 +1202,15 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
 
 		if (cfg.excluded_nc_email) {
 			for (i = 0; cfg.excluded_nc_email[i] != NULL; i++) {
-				name.data = (void*)cfg.excluded_nc_email[i];
-				name.size = strlen((char*)name.data);
-				ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_RFC822NAME, &name);
+				name.data = (void *)cfg.excluded_nc_email[i];
+				name.size = strlen((char *)name.data);
+				ret =
+				    gnutls_x509_name_constraints_add_excluded
+				    (nc, GNUTLS_SAN_RFC822NAME, &name);
 				if (ret < 0) {
-					fprintf(stderr, "error adding constraint: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"error adding constraint: %s\n",
+						gnutls_strerror(ret));
 					exit(1);
 				}
 			}
@@ -1184,7 +1218,8 @@ void crt_constraints_set(gnutls_x509_crt_t crt)
 
 		ret = gnutls_x509_crt_set_name_constraints(crt, nc, 1);
 		if (ret < 0) {
-			fprintf(stderr, "error setting constraints: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "error setting constraints: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 
@@ -1197,21 +1232,32 @@ void crt_unique_ids_set(gnutls_x509_crt_t crt)
 	int ret;
 
 	if (batch) {
-		if (cfg.subject_unique_id == NULL && cfg.issuer_unique_id == NULL)
-			return; /* nothing to do */
+		if (cfg.subject_unique_id == NULL
+		    && cfg.issuer_unique_id == NULL)
+			return;	/* nothing to do */
 
 		if (cfg.subject_unique_id) {
-			ret = gnutls_x509_crt_set_subject_unique_id(crt, cfg.subject_unique_id, cfg.subject_unique_id_size);
+			ret =
+			    gnutls_x509_crt_set_subject_unique_id(crt,
+								  cfg.subject_unique_id,
+								  cfg.subject_unique_id_size);
 			if (ret < 0) {
-				fprintf(stderr, "error setting subject unique ID: %s\n", gnutls_strerror(ret));
+				fprintf(stderr,
+					"error setting subject unique ID: %s\n",
+					gnutls_strerror(ret));
 				exit(1);
 			}
 		}
 
 		if (cfg.issuer_unique_id) {
-			ret = gnutls_x509_crt_set_issuer_unique_id(crt, cfg.issuer_unique_id, cfg.issuer_unique_id_size);
+			ret =
+			    gnutls_x509_crt_set_issuer_unique_id(crt,
+								 cfg.issuer_unique_id,
+								 cfg.issuer_unique_id_size);
 			if (ret < 0) {
-				fprintf(stderr, "error setting issuer unique ID: %s\n", gnutls_strerror(ret));
+				fprintf(stderr,
+					"error setting issuer unique ID: %s\n",
+					gnutls_strerror(ret));
 				exit(1);
 			}
 		}
@@ -1227,11 +1273,9 @@ void get_uid_crt_set(gnutls_x509_crt_t crt)
 			return;
 		ret =
 		    gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_LDAP_UID,
-						  0, cfg.uid,
-						  strlen(cfg.uid));
+						  0, cfg.uid, strlen(cfg.uid));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -1259,9 +1303,8 @@ void get_oid_crt_set(gnutls_x509_crt_t crt)
 							  cfg.dn_oid[i], 0,
 							  cfg.dn_oid[i +
 								     1],
-							  strlen(cfg.
-								 dn_oid[i +
-									1]));
+							  strlen(cfg.dn_oid[i +
+									    1]));
 
 			if (ret < 0) {
 				fprintf(stderr, "set_dn_oid: %s\n",
@@ -1296,7 +1339,9 @@ static unsigned char *decode_ext_string(char *str, unsigned int *ret_size)
 		p++;
 		p2 = strchr(p, ')');
 		if (p2 == NULL) {
-			fprintf(stderr, "there is no terminating parenthesis in: %s\n", str);
+			fprintf(stderr,
+				"there is no terminating parenthesis in: %s\n",
+				str);
 			exit(1);
 		}
 		*p2 = 0;
@@ -1305,28 +1350,31 @@ static unsigned char *decode_ext_string(char *str, unsigned int *ret_size)
 	}
 
 	if (strncmp(p, "0x", 2) == 0)
-		p+=2;
+		p += 2;
 	HEX_DECODE(p, raw, raw_size);
 
-	switch(action) {
-		case ENCODE_OCTET_STRING:
-			tag_len = sizeof(tag);
-			res = asn1_encode_simple_der(ASN1_ETYPE_OCTET_STRING, raw, raw_size, tag, &tag_len);
-			if (res != ASN1_SUCCESS) {
-				fprintf(stderr, "error in DER encoding: %s\n", asn1_strerror(res));
-				exit(1);
-			}
-			tmp = gnutls_malloc(raw_size+tag_len);
-			if (tmp == NULL) {
-				fprintf(stderr, "error in allocation\n");
-				exit(1);
-			}
-			memcpy(tmp, tag, tag_len);
-			memcpy(tmp+tag_len, raw, raw_size);
-			gnutls_free(raw);
-			raw = tmp;
-			raw_size += tag_len;
-			break;
+	switch (action) {
+	case ENCODE_OCTET_STRING:
+		tag_len = sizeof(tag);
+		res =
+		    asn1_encode_simple_der(ASN1_ETYPE_OCTET_STRING, raw,
+					   raw_size, tag, &tag_len);
+		if (res != ASN1_SUCCESS) {
+			fprintf(stderr, "error in DER encoding: %s\n",
+				asn1_strerror(res));
+			exit(1);
+		}
+		tmp = gnutls_malloc(raw_size + tag_len);
+		if (tmp == NULL) {
+			fprintf(stderr, "error in allocation\n");
+			exit(1);
+		}
+		memcpy(tmp, tag, tag_len);
+		memcpy(tmp + tag_len, raw, raw_size);
+		gnutls_free(raw);
+		raw = tmp;
+		raw_size += tag_len;
+		break;
 	}
 
 	*ret_size = raw_size;
@@ -1351,18 +1399,25 @@ void get_extensions_crt_set(int type, void *crt)
 			}
 
 			/* convert hex to bin */
-			raw = decode_ext_string(cfg.extensions[i+1], &raw_size);
+			raw =
+			    decode_ext_string(cfg.extensions[i + 1], &raw_size);
 
 			if (type == TYPE_CRT)
 				ret =
 				    gnutls_x509_crt_set_extension_by_oid(crt,
-							  cfg.extensions[i],
-							  raw, raw_size, 0);
+									 cfg.extensions
+									 [i],
+									 raw,
+									 raw_size,
+									 0);
 			else
 				ret =
 				    gnutls_x509_crq_set_extension_by_oid(crt,
-							  cfg.extensions[i],
-							  raw, raw_size, 0);
+									 cfg.extensions
+									 [i],
+									 raw,
+									 raw_size,
+									 0);
 
 			gnutls_free(raw);
 			if (ret < 0) {
@@ -1383,18 +1438,26 @@ void get_extensions_crt_set(int type, void *crt)
 				exit(1);
 			}
 			/* convert hex to bin */
-			raw = decode_ext_string(cfg.crit_extensions[i+1], &raw_size);
+			raw =
+			    decode_ext_string(cfg.crit_extensions[i + 1],
+					      &raw_size);
 
 			if (type == TYPE_CRT)
 				ret =
 				    gnutls_x509_crt_set_extension_by_oid(crt,
-							  cfg.crit_extensions[i],
-							  raw, raw_size, 1);
+									 cfg.crit_extensions
+									 [i],
+									 raw,
+									 raw_size,
+									 1);
 			else
 				ret =
 				    gnutls_x509_crq_set_extension_by_oid(crt,
-							  cfg.crit_extensions[i],
-							  raw, raw_size, 1);
+									 cfg.crit_extensions
+									 [i],
+									 raw,
+									 raw_size,
+									 1);
 
 			gnutls_free(raw);
 
@@ -1444,7 +1507,7 @@ void get_ocsp_issuer_set(gnutls_x509_crt_t crt)
 		if (!cfg.ocsp_uris)
 			return;
 		for (i = 0; cfg.ocsp_uris[i] != NULL; i++) {
-			uri.data = (void*)cfg.ocsp_uris[i];
+			uri.data = (void *)cfg.ocsp_uris[i];
 			uri.size = strlen(cfg.ocsp_uris[i]);
 			ret =
 			    gnutls_x509_crt_set_authority_info_access(crt,
@@ -1452,8 +1515,7 @@ void get_ocsp_issuer_set(gnutls_x509_crt_t crt)
 								      &uri);
 			if (ret < 0) {
 				fprintf(stderr, "set OCSP URI (%s): %s\n",
-					cfg.ocsp_uris[i],
-					gnutls_strerror(ret));
+					cfg.ocsp_uris[i], gnutls_strerror(ret));
 				exit(1);
 			}
 		}
@@ -1469,7 +1531,7 @@ void get_ca_issuers_set(gnutls_x509_crt_t crt)
 		if (!cfg.ca_issuers_uris)
 			return;
 		for (i = 0; cfg.ca_issuers_uris[i] != NULL; i++) {
-			uri.data = (void*)cfg.ca_issuers_uris[i];
+			uri.data = (void *)cfg.ca_issuers_uris[i];
 			uri.size = strlen(cfg.ca_issuers_uris[i]);
 			ret =
 			    gnutls_x509_crt_set_authority_info_access(crt,
@@ -1486,7 +1548,6 @@ void get_ca_issuers_set(gnutls_x509_crt_t crt)
 	}
 }
 
-
 void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt)
 {
 	int ret;
@@ -1500,8 +1561,7 @@ void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt)
 						  0, cfg.pkcs9_email,
 						  strlen(cfg.pkcs9_email));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -1510,9 +1570,8 @@ void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt)
 
 }
 
-
 static
-int default_crl_number(unsigned char* serial, size_t *size)
+int default_crl_number(unsigned char *serial, size_t *size)
 {
 	struct timespec ts;
 	time_t tv_sec_tmp;
@@ -1561,7 +1620,7 @@ int default_crl_number(unsigned char* serial, size_t *size)
  **/
 static
 void read_serial_value(unsigned char *serial, size_t *size, size_t max_size,
-		const char *label, const char *rfc_section)
+		       const char *label, const char *rfc_section)
 {
 	static char input[MAX_INPUT_SIZE];
 	int ret;
@@ -1583,8 +1642,7 @@ void read_serial_value(unsigned char *serial, size_t *size, size_t max_size,
 		fprintf(stderr,
 			"Enter the %s in decimal (123) or hex (0xabcd)\n"
 			"(default is 0x%s)\n"
-			"value: ",
-			label, encoded_default.data);
+			"value: ", label, encoded_default.data);
 
 		if (fgets(input, sizeof(input), stdin) == NULL)
 			break;
@@ -1600,17 +1658,19 @@ void read_serial_value(unsigned char *serial, size_t *size, size_t max_size,
 			continue;
 		}
 
-		if ((decoded.size == SERIAL_MAX_BYTES && decoded.data[0] & 0x80) ||
-				decoded.size > SERIAL_MAX_BYTES) {
-			fprintf(stderr, "%s would be encoded in more than 20 bytes,"
-				"see RFC 5280, section %s\n", label, rfc_section);
+		if ((decoded.size == SERIAL_MAX_BYTES && decoded.data[0] & 0x80)
+		    || decoded.size > SERIAL_MAX_BYTES) {
+			fprintf(stderr,
+				"%s would be encoded in more than 20 bytes,"
+				"see RFC 5280, section %s\n", label,
+				rfc_section);
 			gnutls_free(decoded.data);
 			continue;
 		}
 
 		if (decoded.size > max_size) {
 			fprintf(stderr, "maximum %zu octets allowed for %s\n",
-					max_size, label);
+				max_size, label);
 			gnutls_free(decoded.data);
 			continue;
 		}
@@ -1626,9 +1686,9 @@ void read_serial_value(unsigned char *serial, size_t *size, size_t max_size,
 
 static
 void get_serial_value(unsigned char *serial, size_t *size,
-		const unsigned char *config, size_t config_size,
-		int (create_default)(unsigned char *, size_t *),
-		const char *label, const char *rfc_section)
+		      const unsigned char *config, size_t config_size,
+		      int (create_default) (unsigned char *, size_t *),
+		      const char *label, const char *rfc_section)
 {
 	size_t max_size = *size;
 	int ret;
@@ -1636,7 +1696,7 @@ void get_serial_value(unsigned char *serial, size_t *size,
 	if (batch && config != NULL) {
 		if (config_size > max_size) {
 			fprintf(stderr, "maximum %zu octets allowed for %s!\n",
-					max_size, label);
+				max_size, label);
 			exit(1);
 		}
 		memcpy(serial, config, config_size);
@@ -1645,7 +1705,7 @@ void get_serial_value(unsigned char *serial, size_t *size,
 		ret = create_default(serial, size);
 		if (ret < 0) {
 			fprintf(stderr, "error generating default %s: %s\n",
-					label, gnutls_strerror(ret));
+				label, gnutls_strerror(ret));
 			exit(1);
 		}
 	}
@@ -1653,9 +1713,11 @@ void get_serial_value(unsigned char *serial, size_t *size,
 	if (!batch)
 		read_serial_value(serial, size, max_size, label, rfc_section);
 
-	if ((*size == SERIAL_MAX_BYTES && serial[0] & 0x80) || *size > SERIAL_MAX_BYTES) {
-		fprintf(stderr, "%s would be encoded in more than 20 bytes,"
-				"see RFC 5280, section %s\n", label, rfc_section);
+	if ((*size == SERIAL_MAX_BYTES && serial[0] & 0x80)
+	    || *size > SERIAL_MAX_BYTES) {
+		fprintf(stderr,
+			"%s would be encoded in more than 20 bytes,"
+			"see RFC 5280, section %s\n", label, rfc_section);
 		exit(1);
 	}
 }
@@ -1684,15 +1746,16 @@ int default_serial(unsigned char *serial, size_t *size)
 void get_serial(unsigned char *serial, size_t *size)
 {
 	get_serial_value(serial, size, cfg.serial, cfg.serial_size,
-			default_serial, "certificate's serial number", "4.1.2.2");
+			 default_serial, "certificate's serial number",
+			 "4.1.2.2");
 }
 
 static
-time_t get_date(const char* date)
+time_t get_date(const char *date)
 {
 	struct timespec r;
 
-	if (date==NULL || parse_datetime(&r, date, NULL) == 0) {
+	if (date == NULL || parse_datetime(&r, date, NULL) == 0) {
 		PRINT_TIME_T_ERROR;
 		fprintf(stderr, "Cannot parse date: %s\n", date);
 		exit(1);
@@ -1734,18 +1797,18 @@ time_t get_crl_this_update_date(void)
 static
 time_t days_to_secs(int days)
 {
-time_t secs = days;
-time_t now = time(NULL);
+	time_t secs = days;
+	time_t now = time(NULL);
 
-	if (secs != (time_t)-1) {
-		if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
+	if (secs != (time_t) - 1) {
+		if (INT_MULTIPLY_OVERFLOW(secs, 24 * 60 * 60)) {
 			goto overflow;
 		} else {
-			secs *= 24*60*60;
+			secs *= 24 * 60 * 60;
 		}
 	}
 
-	if (secs != (time_t)-1) {
+	if (secs != (time_t) - 1) {
 		if (INT_ADD_OVERFLOW(secs, now)) {
 			goto overflow;
 		} else {
@@ -1780,8 +1843,7 @@ time_t get_int_date(const char *txt_val, int int_val, const char *msg)
 		int days;
 
 		do {
-			days =
-			    read_int(msg);
+			days = read_int(msg);
 		}
 		while (days == 0);
 		return days_to_secs(days);
@@ -1790,7 +1852,8 @@ time_t get_int_date(const char *txt_val, int int_val, const char *msg)
 
 time_t get_expiration_date(void)
 {
-	return get_int_date(cfg.expiration_date, cfg.expiration_days, "The certificate will expire in (days): ");
+	return get_int_date(cfg.expiration_date, cfg.expiration_days,
+			    "The certificate will expire in (days): ");
 }
 
 int get_ca_status(void)
@@ -1800,8 +1863,7 @@ int get_ca_status(void)
 	} else {
 		return
 		    read_yesno
-		    ("Does the certificate belong to an authority? (y/N): ",
-		     0);
+		    ("Does the certificate belong to an authority? (y/N): ", 0);
 	}
 }
 
@@ -1817,10 +1879,10 @@ int get_crq_extensions_status(void)
 	}
 }
 
-void get_crl_number(unsigned char* serial, size_t * size)
+void get_crl_number(unsigned char *serial, size_t *size)
 {
 	get_serial_value(serial, size, cfg.crl_number, cfg.crl_number_size,
-			default_crl_number, "CRL's serial number", "5.2.3");
+			 default_crl_number, "CRL's serial number", "5.2.3");
 }
 
 int get_path_len(void)
@@ -2028,7 +2090,6 @@ void get_email_set(int type, void *crt)
 	}
 }
 
-
 void get_dc_set(int type, void *crt)
 {
 	int ret = 0, i;
@@ -2043,21 +2104,17 @@ void get_dc_set(int type, void *crt)
 				    gnutls_x509_crt_set_dn_by_oid(crt,
 								  GNUTLS_OID_LDAP_DC,
 								  0,
-								  cfg.
-								  dc[i],
+								  cfg.dc[i],
 								  strlen
-								  (cfg.
-								   dc[i]));
+								  (cfg.dc[i]));
 			else
 				ret =
 				    gnutls_x509_crq_set_dn_by_oid(crt,
 								  GNUTLS_OID_LDAP_DC,
 								  0,
-								  cfg.
-								  dc[i],
+								  cfg.dc[i],
 								  strlen
-								  (cfg.
-								   dc[i]));
+								  (cfg.dc[i]));
 
 			if (ret < 0)
 				break;
@@ -2082,15 +2139,13 @@ void get_dc_set(int type, void *crt)
 				    gnutls_x509_crt_set_dn_by_oid(crt,
 								  GNUTLS_OID_LDAP_DC,
 								  0, p,
-								  strlen
-								  (p));
+								  strlen(p));
 			else
 				ret =
 				    gnutls_x509_crq_set_dn_by_oid(crt,
 								  GNUTLS_OID_LDAP_DC,
 								  0, p,
-								  strlen
-								  (p));
+								  strlen(p));
 			counter++;
 			if (ret < 0)
 				break;
@@ -2099,8 +2154,7 @@ void get_dc_set(int type, void *crt)
 	}
 
 	if (ret < 0) {
-		fprintf(stderr, "set_dn_by_oid: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "set_dn_by_oid: %s\n", gnutls_strerror(ret));
 		exit(1);
 	}
 }
@@ -2138,9 +2192,11 @@ void get_dns_name_set(int type, void *crt)
 
 		do {
 			if (counter == 0) {
-				p = read_str("Enter a dnsName of the subject of the certificate: ");
+				p = read_str
+				    ("Enter a dnsName of the subject of the certificate: ");
 			} else {
-				p = read_str("Enter an additional dnsName of the subject of the certificate: ");
+				p = read_str
+				    ("Enter an additional dnsName of the subject of the certificate: ");
 			}
 			if (!p)
 				return;
@@ -2172,18 +2228,20 @@ static int set_krb5_principal(int type, void *crt)
 		if (!cfg.krb5_principal)
 			return 0;
 
-		for (i = 0; cfg.krb5_principal[i] != NULL; i ++) {
+		for (i = 0; cfg.krb5_principal[i] != NULL; i++) {
 			if (type == TYPE_CRT)
 				ret =
 				    gnutls_x509_crt_set_subject_alt_name
 				    (crt, GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL,
-				     cfg.krb5_principal[i], strlen(cfg.krb5_principal[i]),
+				     cfg.krb5_principal[i],
+				     strlen(cfg.krb5_principal[i]),
 				     GNUTLS_FSAN_APPEND);
 			else
 				ret =
 				    gnutls_x509_crq_set_subject_alt_name
 				    (crt, GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL,
-				     cfg.krb5_principal[i], strlen(cfg.krb5_principal[i]),
+				     cfg.krb5_principal[i],
+				     strlen(cfg.krb5_principal[i]),
 				     GNUTLS_FSAN_APPEND);
 
 			if (ret < 0)
@@ -2192,7 +2250,8 @@ static int set_krb5_principal(int type, void *crt)
 	}
 
 	if (ret < 0) {
-		fprintf(stderr, "set_subject_alt_name(GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL): %s\n",
+		fprintf(stderr,
+			"set_subject_alt_name(GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL): %s\n",
 			gnutls_strerror(ret));
 		exit(1);
 	}
@@ -2221,7 +2280,7 @@ static int set_othername(int type, void *crt)
 				exit(1);
 			}
 
-			HEX_DECODE (cfg.other_name[i+1], binname, binnamelen);
+			HEX_DECODE(cfg.other_name[i + 1], binname, binnamelen);
 			if (binnamelen == 0)
 				break;
 
@@ -2229,15 +2288,13 @@ static int set_othername(int type, void *crt)
 				ret =
 				    gnutls_x509_crt_set_subject_alt_othername
 				    (crt, oid,
-				     binname, binnamelen,
-				     GNUTLS_FSAN_APPEND);
+				     binname, binnamelen, GNUTLS_FSAN_APPEND);
 			else
 				ret =
 				    gnutls_x509_crq_set_subject_alt_othername
 				    (crt, oid,
-				     binname, binnamelen,
-				     GNUTLS_FSAN_APPEND);
-			free (binname);
+				     binname, binnamelen, GNUTLS_FSAN_APPEND);
+			free(binname);
 			binname = NULL;
 
 			if (ret < 0)
@@ -2277,14 +2334,18 @@ static int set_othername_utf8(int type, void *crt)
 				ret =
 				    gnutls_x509_crt_set_subject_alt_othername
 				    (crt, oid,
-				     cfg.other_name_utf8[i + 1], strlen(cfg.other_name_utf8[i + 1]),
-				     GNUTLS_FSAN_APPEND|GNUTLS_FSAN_ENCODE_UTF8_STRING);
+				     cfg.other_name_utf8[i + 1],
+				     strlen(cfg.other_name_utf8[i + 1]),
+				     GNUTLS_FSAN_APPEND |
+				     GNUTLS_FSAN_ENCODE_UTF8_STRING);
 			else
 				ret =
 				    gnutls_x509_crq_set_subject_alt_othername
 				    (crt, oid,
-				     cfg.other_name_utf8[i + 1], strlen(cfg.other_name_utf8[i + 1]),
-				     GNUTLS_FSAN_APPEND|GNUTLS_FSAN_ENCODE_UTF8_STRING);
+				     cfg.other_name_utf8[i + 1],
+				     strlen(cfg.other_name_utf8[i + 1]),
+				     GNUTLS_FSAN_APPEND |
+				     GNUTLS_FSAN_ENCODE_UTF8_STRING);
 
 			if (ret < 0)
 				break;
@@ -2323,14 +2384,18 @@ static int set_othername_octet(int type, void *crt)
 				ret =
 				    gnutls_x509_crt_set_subject_alt_othername
 				    (crt, oid,
-				     cfg.other_name_octet[i + 1], strlen(cfg.other_name_octet[i + 1]),
-				     GNUTLS_FSAN_APPEND|GNUTLS_FSAN_ENCODE_OCTET_STRING);
+				     cfg.other_name_octet[i + 1],
+				     strlen(cfg.other_name_octet[i + 1]),
+				     GNUTLS_FSAN_APPEND |
+				     GNUTLS_FSAN_ENCODE_OCTET_STRING);
 			else
 				ret =
 				    gnutls_x509_crq_set_subject_alt_othername
 				    (crt, oid,
-				     cfg.other_name_octet[i + 1], strlen(cfg.other_name_octet[i + 1]),
-				     GNUTLS_FSAN_APPEND|GNUTLS_FSAN_ENCODE_OCTET_STRING);
+				     cfg.other_name_octet[i + 1],
+				     strlen(cfg.other_name_octet[i + 1]),
+				     GNUTLS_FSAN_APPEND |
+				     GNUTLS_FSAN_ENCODE_OCTET_STRING);
 
 			if (ret < 0)
 				break;
@@ -2354,7 +2419,7 @@ static int set_xmpp_name(int type, void *crt)
 		if (!cfg.xmpp_name)
 			return 0;
 
-		for (i = 0; cfg.xmpp_name[i] != NULL; i ++) {
+		for (i = 0; cfg.xmpp_name[i] != NULL; i++) {
 			if (type == TYPE_CRT)
 				ret =
 				    gnutls_x509_crt_set_subject_alt_name
@@ -2382,7 +2447,6 @@ static int set_xmpp_name(int type, void *crt)
 	return ret;
 }
 
-
 void get_other_name_set(int type, void *crt)
 {
 	set_othername(type, crt);
@@ -2399,9 +2463,13 @@ void get_policy_set(gnutls_x509_crt_t crt)
 
 	if (batch) {
 		if (cfg.skip_certs >= 0) {
-			ret = gnutls_x509_crt_set_inhibit_anypolicy(crt, cfg.skip_certs);
+			ret =
+			    gnutls_x509_crt_set_inhibit_anypolicy(crt,
+								  cfg.skip_certs);
 			if (ret < 0) {
-				fprintf(stderr, "error setting inhibit anypolicy: %s\n", gnutls_strerror(ret));
+				fprintf(stderr,
+					"error setting inhibit anypolicy: %s\n",
+					gnutls_strerror(ret));
 				exit(1);
 			}
 		}
@@ -2455,14 +2523,12 @@ void get_uri_set(int type, void *crt)
 				ret =
 				    gnutls_x509_crt_set_subject_alt_name
 				    (crt, GNUTLS_SAN_URI, cfg.uri[i],
-				     strlen(cfg.uri[i]),
-				     GNUTLS_FSAN_APPEND);
+				     strlen(cfg.uri[i]), GNUTLS_FSAN_APPEND);
 			else
 				ret =
 				    gnutls_x509_crq_set_subject_alt_name
 				    (crt, GNUTLS_SAN_URI, cfg.uri[i],
-				     strlen(cfg.uri[i]),
-				     GNUTLS_FSAN_APPEND);
+				     strlen(cfg.uri[i]), GNUTLS_FSAN_APPEND);
 
 			if (ret < 0)
 				break;
@@ -2504,8 +2570,6 @@ void get_uri_set(int type, void *crt)
 	}
 }
 
-
-
 int get_sign_status(int server)
 {
 	const char *msg;
@@ -2559,8 +2623,7 @@ int get_crl_sign_status(void)
 	} else {
 		return
 		    read_yesno
-		    ("Will the certificate be used to sign CRLs? (y/N): ",
-		     0);
+		    ("Will the certificate be used to sign CRLs? (y/N): ", 0);
 	}
 }
 
@@ -2589,7 +2652,10 @@ int get_data_encipherment_status(void)
 	if (batch) {
 		return cfg.data_encipherment;
 	} else {
-		return read_yesno("Will the certificate be used for data encryption? (y/N): ", 0);
+		return
+		    read_yesno
+		    ("Will the certificate be used for data encryption? (y/N): ",
+		     0);
 	}
 }
 
@@ -2600,8 +2666,7 @@ int get_code_sign_status(void)
 	} else {
 		return
 		    read_yesno
-		    ("Will the certificate be used to sign code? (y/N): ",
-		     0);
+		    ("Will the certificate be used to sign code? (y/N): ", 0);
 	}
 }
 
@@ -2655,10 +2720,11 @@ int get_ipsec_ike_status(void)
 
 time_t get_crl_next_update(void)
 {
-	return get_int_date(cfg.next_update_date, cfg.crl_next_update, "The next CRL will be issued in (days): ");
+	return get_int_date(cfg.next_update_date, cfg.crl_next_update,
+			    "The next CRL will be issued in (days): ");
 }
 
-const char *get_proxy_policy(char **policy, size_t * policylen)
+const char *get_proxy_policy(char **policy, size_t *policylen)
 {
 	const char *ret;
 
@@ -2702,8 +2768,7 @@ void get_country_crq_set(gnutls_x509_crq_t crq)
 						  0, cfg.country,
 						  strlen(cfg.country));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -2725,10 +2790,12 @@ void get_organization_crq_set(gnutls_x509_crq_t crq)
 		for (i = 0; cfg.organization[i] != NULL; i++) {
 			ret =
 			    gnutls_x509_crq_set_dn_by_oid(crq,
-						  GNUTLS_OID_X520_ORGANIZATION_NAME,
-						  0, cfg.organization[i],
-						  strlen(cfg.
-							 organization[i]));
+							  GNUTLS_OID_X520_ORGANIZATION_NAME,
+							  0,
+							  cfg.organization[i],
+							  strlen
+							  (cfg.organization
+							   [i]));
 			if (ret < 0) {
 				fprintf(stderr, "set_dn: %s\n",
 					gnutls_strerror(ret));
@@ -2754,9 +2821,9 @@ void get_unit_crq_set(gnutls_x509_crq_t crq)
 		for (i = 0; cfg.unit[i] != NULL; i++) {
 			ret =
 			    gnutls_x509_crq_set_dn_by_oid(crq,
-						  GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
-						  0, cfg.unit[i],
-						  strlen(cfg.unit[i]));
+							  GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
+							  0, cfg.unit[i],
+							  strlen(cfg.unit[i]));
 			if (ret < 0) {
 				fprintf(stderr, "set_dn: %s\n",
 					gnutls_strerror(ret));
@@ -2783,8 +2850,7 @@ void get_state_crq_set(gnutls_x509_crq_t crq)
 						  0, cfg.state,
 						  strlen(cfg.state));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -2807,8 +2873,7 @@ void get_locality_crq_set(gnutls_x509_crq_t crq)
 						  0, cfg.locality,
 						  strlen(cfg.locality));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -2845,16 +2910,13 @@ void get_cn_crq_set(gnutls_x509_crq_t crq)
 		ret =
 		    gnutls_x509_crq_set_dn_by_oid(crq,
 						  GNUTLS_OID_X520_COMMON_NAME,
-						  0, cfg.cn,
-						  strlen(cfg.cn));
+						  0, cfg.cn, strlen(cfg.cn));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
-		read_crq_set(crq, "Common name: ",
-			     GNUTLS_OID_X520_COMMON_NAME);
+		read_crq_set(crq, "Common name: ", GNUTLS_OID_X520_COMMON_NAME);
 	}
 
 }
@@ -2868,11 +2930,9 @@ void get_uid_crq_set(gnutls_x509_crq_t crq)
 			return;
 		ret =
 		    gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_LDAP_UID,
-						  0, cfg.uid,
-						  strlen(cfg.uid));
+						  0, cfg.uid, strlen(cfg.uid));
 		if (ret < 0) {
-			fprintf(stderr, "set_dn: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_dn: %s\n", gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -2900,9 +2960,8 @@ void get_oid_crq_set(gnutls_x509_crq_t crq)
 							  cfg.dn_oid[i], 0,
 							  cfg.dn_oid[i +
 								     1],
-							  strlen(cfg.
-								 dn_oid[i +
-									1]));
+							  strlen(cfg.dn_oid[i +
+									    1]));
 
 			if (ret < 0) {
 				fprintf(stderr, "set_dn_oid: %s\n",
@@ -2935,7 +2994,8 @@ void get_tlsfeatures_set(int type, void *crt)
 			feature = strtoul(cfg.tls_features[i], 0, 10);
 			ret = gnutls_x509_tlsfeatures_add(features, feature);
 			if (ret < 0) {
-				fprintf(stderr, "gnutls_x509_tlsfeatures_add: %s\n",
+				fprintf(stderr,
+					"gnutls_x509_tlsfeatures_add: %s\n",
 					gnutls_strerror(ret));
 				exit(1);
 			}
@@ -2944,15 +3004,16 @@ void get_tlsfeatures_set(int type, void *crt)
 		if (type == TYPE_CRT) {
 			ret = gnutls_x509_crt_set_tlsfeatures(crt, features);
 			if (ret < 0) {
-				fprintf(stderr, "gnutls_x509_crt_set_tlsfeatures: %s\n",
+				fprintf(stderr,
+					"gnutls_x509_crt_set_tlsfeatures: %s\n",
 					gnutls_strerror(ret));
 				exit(1);
 			}
-		}
-		else {
+		} else {
 			ret = gnutls_x509_crq_set_tlsfeatures(crt, features);
 			if (ret < 0) {
-				fprintf(stderr, "gnutls_x509_crq_set_tlsfeatures: %s\n",
+				fprintf(stderr,
+					"gnutls_x509_crq_set_tlsfeatures: %s\n",
 					gnutls_strerror(ret));
 				exit(1);
 			}
@@ -2971,9 +3032,14 @@ void crq_extensions_set(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
 			return;
 
 		for (i = 0; cfg.exts_to_honor[i]; ++i) {
-			ret = gnutls_x509_crt_set_crq_extension_by_oid(crt, crq, cfg.exts_to_honor[i], 0);
+			ret =
+			    gnutls_x509_crt_set_crq_extension_by_oid(crt, crq,
+								     cfg.exts_to_honor
+								     [i], 0);
 			if (ret < 0) {
-				fprintf(stderr, "setting extension failed: %s: %s\n", cfg.exts_to_honor[i],
+				fprintf(stderr,
+					"setting extension failed: %s: %s\n",
+					cfg.exts_to_honor[i],
 					gnutls_strerror(ret));
 			}
 		}
diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h
index c23ff5b0b0..4886683e87 100644
--- a/src/certtool-cfg.h
+++ b/src/certtool-cfg.h
@@ -21,11 +21,11 @@
  */
 
 #ifndef GNUTLS_SRC_CERTTOOL_CFG_H
-#define GNUTLS_SRC_CERTTOOL_CFG_H
+# define GNUTLS_SRC_CERTTOOL_CFG_H
 
-#include <stdbool.h>
-#include <stdint.h>
-#include <gnutls/x509.h>
+# include <stdbool.h>
+# include <stdint.h>
+# include <gnutls/x509.h>
 
 void cfg_init(void);
 int template_parse(const char *template);
@@ -35,7 +35,7 @@ void read_crt_set(gnutls_x509_crt_t crt, const char *input_str,
 void read_crq_set(gnutls_x509_crq_t crq, const char *input_str,
 		  const char *oid);
 int64_t read_int(const char *input_str);
-int serial_decode(const char *input, gnutls_datum_t *output);
+int serial_decode(const char *input, gnutls_datum_t * output);
 const char *read_str(const char *input_str);
 int read_yesno(const char *input_str, int def);
 
@@ -56,11 +56,11 @@ void get_uid_crt_set(gnutls_x509_crt_t crt);
 void get_pkcs9_email_crt_set(gnutls_x509_crt_t crt);
 void get_oid_crt_set(gnutls_x509_crt_t crt);
 void get_key_purpose_set(int type, void *crt);
-void get_serial(unsigned char* serial, size_t* serial_size);
+void get_serial(unsigned char *serial, size_t *serial_size);
 time_t get_expiration_date(void);
 time_t get_activation_date(void);
 int get_ca_status(void);
-void get_crl_number(unsigned char* serial, size_t* serial_size);
+void get_crl_number(unsigned char *serial, size_t *serial_size);
 int get_path_len(void);
 int get_crq_extensions_status(void);
 const char *get_pkcs12_key_name(void);
@@ -103,8 +103,8 @@ void get_unit_crq_set(gnutls_x509_crq_t crq);
 void get_organization_crq_set(gnutls_x509_crq_t crq);
 void get_country_crq_set(gnutls_x509_crq_t crq);
 void get_oid_crq_set(gnutls_x509_crq_t crq);
-const char *get_proxy_policy(char **policy, size_t * policylen);
+const char *get_proxy_policy(char **policy, size_t *policylen);
 
 void crq_extensions_set(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
 
-#endif /* GNUTLS_SRC_CERTTOOL_CFG_H */
+#endif				/* GNUTLS_SRC_CERTTOOL_CFG_H */
diff --git a/src/certtool-common.c b/src/certtool-common.c
index fae3a489d4..463b94477f 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -51,7 +51,7 @@
 unsigned char *lbuffer = NULL;
 unsigned long lbuffer_size = 0;
 
-static unsigned long file_size(FILE *fp)
+static unsigned long file_size(FILE * fp)
 {
 	unsigned long size;
 	long cur = ftell(fp);
@@ -74,12 +74,12 @@ void fix_lbuffer(unsigned long size)
 {
 	if (lbuffer_size == 0 || lbuffer == NULL) {
 		if (size == 0)
-			lbuffer_size = 64*1024;
+			lbuffer_size = 64 * 1024;
 		else
-			lbuffer_size = MAX(64*1024,size+1);
+			lbuffer_size = MAX(64 * 1024, size + 1);
 		lbuffer = malloc(lbuffer_size);
 	} else if (size > lbuffer_size) {
-		lbuffer_size = MAX(64*1024,size+1);
+		lbuffer_size = MAX(64 * 1024, size + 1);
 		lbuffer = realloc(lbuffer, lbuffer_size);
 	}
 
@@ -126,7 +126,7 @@ gnutls_datum_t *load_secret_key(int mand, common_info_st * info)
 			return NULL;
 	}
 
-	hex_key.data = (void *) info->secret_key;
+	hex_key.data = (void *)info->secret_key;
 	hex_key.size = strlen(info->secret_key);
 
 	ret = gnutls_hex_decode(&hex_key, raw_key, &raw_key_size);
@@ -135,7 +135,7 @@ gnutls_datum_t *load_secret_key(int mand, common_info_st * info)
 		app_exit(1);
 	}
 
-	key.data = (void *) raw_key;
+	key.data = (void *)raw_key;
 	key.size = raw_key_size;
 
 	return &key;
@@ -198,7 +198,8 @@ static gnutls_privkey_t _load_privkey(gnutls_datum_t * dat,
 	}
 
 	if (ret < 0) {
-		fprintf(stderr, "error loading file at --load-privkey: %s: %s\n",
+		fprintf(stderr,
+			"error loading file at --load-privkey: %s: %s\n",
 			info->privkey, gnutls_strerror(ret));
 		app_exit(1);
 	}
@@ -270,7 +271,7 @@ gnutls_privkey_t load_private_key(int mand, common_info_st * info)
 	if (gnutls_url_is_supported(info->privkey) != 0)
 		return _load_url_privkey(info->privkey);
 
-	dat.data = (void *) read_file(info->privkey, RF_BINARY, &size);
+	dat.data = (void *)read_file(info->privkey, RF_BINARY, &size);
 	dat.size = size;
 
 	if (!dat.data) {
@@ -289,8 +290,7 @@ gnutls_privkey_t load_private_key(int mand, common_info_st * info)
 /* Load the private key.
  * @mand should be non zero if it is required to read a private key.
  */
-gnutls_x509_privkey_t
-load_x509_private_key(int mand, common_info_st * info)
+gnutls_x509_privkey_t load_x509_private_key(int mand, common_info_st * info)
 {
 	gnutls_x509_privkey_t key;
 	int ret;
@@ -313,7 +313,7 @@ load_x509_private_key(int mand, common_info_st * info)
 		app_exit(1);
 	}
 
-	dat.data = (void *) read_file(info->privkey, RF_BINARY, &size);
+	dat.data = (void *)read_file(info->privkey, RF_BINARY, &size);
 	dat.size = size;
 
 	if (!dat.data) {
@@ -331,14 +331,12 @@ load_x509_private_key(int mand, common_info_st * info)
 	} else {
 		ret =
 		    gnutls_x509_privkey_import2(key, &dat,
-						info->incert_format, NULL,
-						0);
+						info->incert_format, NULL, 0);
 		if (ret == GNUTLS_E_DECRYPTION_FAILED) {
 			pass = get_password(info, &flags, 0);
 			ret =
 			    gnutls_x509_privkey_import2(key, &dat,
-							info->
-							incert_format,
+							info->incert_format,
 							pass, flags);
 		}
 	}
@@ -361,7 +359,6 @@ load_x509_private_key(int mand, common_info_st * info)
 	return key;
 }
 
-
 /* Loads the certificate
  * If mand is non zero then a certificate is mandatory. Otherwise
  * null will be returned if the certificate loading fails.
@@ -375,7 +372,7 @@ gnutls_x509_crt_t load_cert(int mand, common_info_st * info)
 	crt = load_cert_list(mand, &size, info);
 	if (crt) {
 		ret_crt = crt[0];
-		for (i=1;i<size;i++)
+		for (i = 1; i < size; i++)
 			gnutls_x509_crt_deinit(crt[i]);
 		gnutls_free(crt);
 		return ret_crt;
@@ -386,7 +383,7 @@ gnutls_x509_crt_t load_cert(int mand, common_info_st * info)
 
 /* Loads a certificate list
  */
-gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size,
+gnutls_x509_crt_t *load_cert_list(int mand, size_t *crt_size,
 				  common_info_st * info)
 {
 	FILE *fp;
@@ -422,31 +419,33 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size,
 
 	fclose(fp);
 
-	dat.data = (void *) lbuffer;
+	dat.data = (void *)lbuffer;
 	dat.size = size;
 
 	if (info->sort_chain)
 		flags |= GNUTLS_X509_CRT_LIST_SORT;
 
-	ret = gnutls_x509_crt_list_import2(&crt, &crt_max, &dat, GNUTLS_X509_FMT_PEM, flags);
+	ret =
+	    gnutls_x509_crt_list_import2(&crt, &crt_max, &dat,
+					 GNUTLS_X509_FMT_PEM, flags);
 	if (ret < 0) {
-		fprintf(stderr, "Error loading certificates: %s\n", gnutls_strerror(ret));
+		fprintf(stderr, "Error loading certificates: %s\n",
+			gnutls_strerror(ret));
 		app_exit(1);
 	}
 
 	*crt_size = crt_max;
 
 	if (info->verbose)
-		fprintf(stderr, "Loaded %d certificates.\n",
-			(int) crt_max);
+		fprintf(stderr, "Loaded %d certificates.\n", (int)crt_max);
 
 	return crt;
 }
 
 /* Loads a CRL list
  */
-gnutls_x509_crl_t *load_crl_list(int mand, size_t * crl_size,
-				  common_info_st * info)
+gnutls_x509_crl_t *load_crl_list(int mand, size_t *crl_size,
+				 common_info_st * info)
 {
 	FILE *fp;
 	static gnutls_x509_crl_t *crl;
@@ -480,23 +479,27 @@ gnutls_x509_crl_t *load_crl_list(int mand, size_t * crl_size,
 
 	fclose(fp);
 
-	dat.data = (void *) lbuffer;
+	dat.data = (void *)lbuffer;
 	dat.size = size;
 
-	ret = gnutls_x509_crl_list_import2(&crl, &crl_max, &dat, GNUTLS_X509_FMT_PEM, 0);
+	ret =
+	    gnutls_x509_crl_list_import2(&crl, &crl_max, &dat,
+					 GNUTLS_X509_FMT_PEM, 0);
 	if (ret == GNUTLS_E_BASE64_DECODING_ERROR) {
-		ret = gnutls_x509_crl_list_import2(&crl, &crl_max, &dat, GNUTLS_X509_FMT_DER, 0);
+		ret =
+		    gnutls_x509_crl_list_import2(&crl, &crl_max, &dat,
+						 GNUTLS_X509_FMT_DER, 0);
 	}
 	if (ret < 0) {
-		fprintf(stderr, "Error loading CRLs: %s\n", gnutls_strerror(ret));
+		fprintf(stderr, "Error loading CRLs: %s\n",
+			gnutls_strerror(ret));
 		app_exit(1);
 	}
 
 	*crl_size = crl_max;
 
 	if (info->verbose)
-		fprintf(stderr, "Loaded %d CRLs.\n",
-			(int) *crl_size);
+		fprintf(stderr, "Loaded %d CRLs.\n", (int)*crl_size);
 
 	return crl;
 }
@@ -519,7 +522,7 @@ gnutls_x509_crq_t load_request(common_info_st * info)
 		app_exit(1);
 	}
 
-	dat.data = (void *) read_file(info->request, RF_BINARY, &size);
+	dat.data = (void *)read_file(info->request, RF_BINARY, &size);
 	dat.size = size;
 
 	if (!dat.data) {
@@ -560,7 +563,7 @@ gnutls_privkey_t load_ca_private_key(common_info_st * info)
 	if (gnutls_url_is_supported(info->ca_privkey) != 0)
 		return _load_url_privkey(info->ca_privkey);
 
-	dat.data = (void *) read_file(info->ca_privkey, RF_BINARY, &size);
+	dat.data = (void *)read_file(info->ca_privkey, RF_BINARY, &size);
 	dat.size = size;
 
 	if (!dat.data) {
@@ -603,18 +606,20 @@ gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info)
 	if (gnutls_url_is_supported(info->ca) != 0) {
 		ret = gnutls_x509_crt_import_url(crt, info->ca, 0);
 		if (ret < 0) {
-			fprintf(stderr, "error importing CA certificate: %s: %s\n",
+			fprintf(stderr,
+				"error importing CA certificate: %s: %s\n",
 				info->ca, gnutls_strerror(ret));
 			app_exit(1);
 		}
 		return crt;
 	}
 
-	dat.data = (void *) read_file(info->ca, RF_BINARY, &size);
+	dat.data = (void *)read_file(info->ca, RF_BINARY, &size);
 	dat.size = size;
 
 	if (!dat.data) {
-		fprintf(stderr, "error reading file at --load-ca-certificate: %s\n",
+		fprintf(stderr,
+			"error reading file at --load-ca-certificate: %s\n",
 			info->ca);
 		app_exit(1);
 	}
@@ -657,17 +662,20 @@ gnutls_pubkey_t load_pubkey(int mand, common_info_st * info)
 		app_exit(1);
 	}
 
-	dat.data = (void *) read_file(info->pubkey, RF_BINARY, &size);
+	dat.data = (void *)read_file(info->pubkey, RF_BINARY, &size);
 	dat.size = size;
 
 	if (!dat.data) {
-		fprintf(stderr, "error reading file at --load-pubkey: %s\n", info->pubkey);
+		fprintf(stderr, "error reading file at --load-pubkey: %s\n",
+			info->pubkey);
 		app_exit(1);
 	}
 
 	ret = gnutls_pubkey_import(key, &dat, info->incert_format);
 	if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) {
-		ret = gnutls_pubkey_import_x509_raw(key, &dat, info->incert_format, 0);
+		ret =
+		    gnutls_pubkey_import_x509_raw(key, &dat,
+						  info->incert_format, 0);
 		if (ret < 0) {
 			fprintf(stderr,
 				"import error: could not find a valid PEM header; "
@@ -702,7 +710,8 @@ gnutls_pubkey_t load_public_key_or_import(int mand,
 		gnutls_pubkey_deinit(pubkey);
 		pubkey = load_pubkey(0, info);
 		if (pubkey == NULL && mand) {
-			fprintf(stderr, "Could not determine the public key for the operation.\nYou must specify --load-privkey or --load-pubkey if missing.\n");
+			fprintf(stderr,
+				"Could not determine the public key for the operation.\nYou must specify --load-privkey or --load-pubkey if missing.\n");
 			app_exit(1);
 		}
 	}
@@ -729,7 +738,8 @@ get_bits(gnutls_pk_algorithm_t key_type, int info_bits,
 	if (info_bits != 0) {
 		static int warned = 0;
 
-		if (warned == 0 && warn != 0 && GNUTLS_BITS_ARE_CURVE(info_bits)==0) {
+		if (warned == 0 && warn != 0
+		    && GNUTLS_BITS_ARE_CURVE(info_bits) == 0) {
 			warned = 1;
 			fprintf(stderr,
 				"** Note: You may use '--sec-param %s' instead of '--bits %d'\n",
@@ -756,7 +766,8 @@ gnutls_sec_param_t str_to_sec_param(const char *str)
 		return GNUTLS_SEC_PARAM_LOW;
 	} else if (strcasecmp(str, "legacy") == 0) {
 		return GNUTLS_SEC_PARAM_LEGACY;
-	} else if (strcasecmp(str, "normal") == 0 || strcasecmp(str, "medium") == 0) {
+	} else if (strcasecmp(str, "normal") == 0
+		   || strcasecmp(str, "medium") == 0) {
 		return GNUTLS_SEC_PARAM_MEDIUM;
 	} else if (strcasecmp(str, "high") == 0) {
 		return GNUTLS_SEC_PARAM_HIGH;
@@ -765,16 +776,14 @@ gnutls_sec_param_t str_to_sec_param(const char *str)
 	} else if (strcasecmp(str, "future") == 0) {
 		return GNUTLS_SEC_PARAM_FUTURE;
 	} else {
-		fprintf(stderr, "Unknown security parameter string: %s\n",
-			str);
+		fprintf(stderr, "Unknown security parameter string: %s\n", str);
 		app_exit(1);
 	}
 
 }
 
 #define SPACE "\t"
-static void
-print_hex_datum(FILE * outfile, gnutls_datum_t * dat, int cprint)
+static void print_hex_datum(FILE * outfile, gnutls_datum_t * dat, int cprint)
 {
 	unsigned int j;
 
@@ -782,7 +791,7 @@ print_hex_datum(FILE * outfile, gnutls_datum_t * dat, int cprint)
 		fprintf(outfile, "\n" SPACE "\"");
 		for (j = 0; j < dat->size; j++) {
 			fprintf(outfile, "\\x%.2x",
-				(unsigned char) dat->data[j]);
+				(unsigned char)dat->data[j]);
 			if ((j + 1) % 16 == 0) {
 				fprintf(outfile, "\"\n" SPACE "\"");
 			}
@@ -795,10 +804,10 @@ print_hex_datum(FILE * outfile, gnutls_datum_t * dat, int cprint)
 	fprintf(outfile, "\n" SPACE);
 	for (j = 0; j < dat->size; j++) {
 		if ((j + 1) % 16 == 0) {
-			fprintf(outfile, "%.2x", (unsigned char) dat->data[j]);
+			fprintf(outfile, "%.2x", (unsigned char)dat->data[j]);
 			fprintf(outfile, "\n" SPACE);
 		} else {
-			fprintf(outfile, "%.2x:", (unsigned char) dat->data[j]);
+			fprintf(outfile, "%.2x:", (unsigned char)dat->data[j]);
 		}
 	}
 	fprintf(outfile, "\n\n");
@@ -860,13 +869,13 @@ print_dsa_pkey(FILE * outfile, gnutls_datum_t * x, gnutls_datum_t * y,
 
 gnutls_ecc_curve_t str_to_curve(const char *str)
 {
-unsigned num = 0;
-const gnutls_ecc_curve_t *list, *p;
+	unsigned num = 0;
+	const gnutls_ecc_curve_t *list, *p;
 
 	list = gnutls_ecc_curve_list();
 
 	p = list;
-	while(*p != 0) {
+	while (*p != 0) {
 		if (strcasecmp(str, gnutls_ecc_curve_get_name(*p)) == 0)
 			return *p;
 		p++;
@@ -877,9 +886,8 @@ const gnutls_ecc_curve_t *list, *p;
 	if (num == 0)
 		printf("none\n");
 	p = list;
-	while(*p != 0) {
-		fprintf(stderr, "\t- %s\n",
-		       gnutls_ecc_curve_get_name(*p));
+	while (*p != 0) {
+		fprintf(stderr, "\t- %s\n", gnutls_ecc_curve_get_name(*p));
 		p++;
 	}
 	app_exit(1);
@@ -913,7 +921,7 @@ print_ecc_pkey(FILE * outfile, gnutls_ecc_curve_t curve,
 	}
 }
 
-static void reverse_datum(gnutls_datum_t *d)
+static void reverse_datum(gnutls_datum_t * d)
 {
 	unsigned int i;
 	unsigned char c;
@@ -927,9 +935,9 @@ static void reverse_datum(gnutls_datum_t *d)
 
 void
 print_gost_pkey(FILE * outfile, gnutls_ecc_curve_t curve,
-	       gnutls_digest_algorithm_t digest, gnutls_gost_paramset_t paramset,
-	       gnutls_datum_t * k, gnutls_datum_t * x, gnutls_datum_t * y,
-	       int cprint)
+		gnutls_digest_algorithm_t digest,
+		gnutls_gost_paramset_t paramset, gnutls_datum_t * k,
+		gnutls_datum_t * x, gnutls_datum_t * y, int cprint)
 {
 	if (cprint != 0)
 		fprintf(outfile, "/* curve: %s */\n",
@@ -994,7 +1002,7 @@ print_rsa_pkey(FILE * outfile, gnutls_datum_t * m, gnutls_datum_t * e,
 }
 
 void print_pubkey_info(gnutls_pubkey_t pubkey,
-		       FILE *outfile,
+		       FILE * outfile,
 		       gnutls_certificate_print_formats_t format,
 		       gnutls_x509_crt_fmt_t outcert_format,
 		       unsigned int outtext)
@@ -1018,9 +1026,7 @@ void print_pubkey_info(gnutls_pubkey_t pubkey,
 	fix_lbuffer(0);
 
 	size = lbuffer_size;
-	ret =
-	    gnutls_pubkey_export(pubkey, outcert_format, lbuffer,
-				 &size);
+	ret = gnutls_pubkey_export(pubkey, outcert_format, lbuffer, &size);
 	if (ret < 0) {
 		fprintf(stderr, "export error: %s\n", gnutls_strerror(ret));
 		app_exit(1);
@@ -1050,11 +1056,11 @@ print_dh_info(FILE * outfile, gnutls_datum_t * p, gnutls_datum_t * g,
 	print_head(outfile, "prime", p->size, cprint);
 	print_hex_datum(outfile, p, cprint);
 
-
 }
 
 static
-int import_dsa_dh(gnutls_dh_params_t dh_params, gnutls_datum_t *params, gnutls_x509_crt_fmt_t format)
+int import_dsa_dh(gnutls_dh_params_t dh_params, gnutls_datum_t * params,
+		  gnutls_x509_crt_fmt_t format)
 {
 	gnutls_x509_privkey_t pkey;
 	int ret;
@@ -1090,7 +1096,7 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci)
 		app_exit(1);
 	}
 
-	params.data = (void *) fread_file(infile, 0, &size);
+	params.data = (void *)fread_file(infile, 0, &size);
 	params.size = size;
 
 	if (params.data == NULL) {
@@ -1136,8 +1142,7 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci)
 				fwrite(lbuffer, 1, len, outfile);
 			}
 		} else {
-			fprintf(stderr, "Error: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "Error: %s\n", gnutls_strerror(ret));
 		}
 	}
 
@@ -1182,7 +1187,7 @@ int cipher_to_flags(const char *cipher)
 	app_exit(1);
 }
 
-static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
+static void privkey_info_int(FILE * outfile, common_info_st * cinfo,
 			     gnutls_x509_privkey_t key)
 {
 	int ret, key_type;
@@ -1220,7 +1225,8 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
 			goto spki_skip;
 		}
 
-		ret = gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size);
+		ret =
+		    gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size);
 		if (ret < 0) {
 			fprintf(stderr, "spki_get_rsa_pss_params: %s\n",
 				gnutls_strerror(ret));
@@ -1267,8 +1273,7 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
 		gnutls_datum_t p, q, g, y, x;
 
 		ret =
-		    gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y,
-						       &x);
+		    gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y, &x);
 		if (ret < 0)
 			fprintf(stderr,
 				"Error in key DSA data export: %s\n",
@@ -1292,8 +1297,7 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
 		gnutls_ecc_curve_t curve;
 
 		ret =
-		    gnutls_x509_privkey_export_ecc_raw(key, &curve, &x, &y,
-						       &k);
+		    gnutls_x509_privkey_export_ecc_raw(key, &curve, &x, &y, &k);
 		if (ret < 0)
 			fprintf(stderr,
 				"Error in key ECC data export: %s\n",
@@ -1317,16 +1321,14 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
 		ret =
 		    gnutls_x509_privkey_export_gost_raw(key, &curve,
 							&digest,
-							&paramset,
-							&x, &y, &k);
+							&paramset, &x, &y, &k);
 		if (ret < 0)
 			fprintf(stderr,
 				"Error in key GOST data export: %s\n",
 				gnutls_strerror(ret));
 		else {
 			print_gost_pkey(outfile, curve, digest, paramset,
-					&k, &x, &y,
-					cinfo->cprint);
+					&k, &x, &y, cinfo->cprint);
 
 			gnutls_free(x.data);
 			gnutls_free(y.data);
@@ -1338,17 +1340,16 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
 	ret = gnutls_x509_privkey_get_seed(key, &dig, lbuffer, &size);
 	if (ret >= 0) {
 		fprintf(outfile, "Validation parameters:\n");
-		fprintf(outfile, "\tHash: %s\n",
-			gnutls_digest_get_name(dig));
-		fprintf(outfile, "\tSeed: %s\n",
-			raw_to_hex(lbuffer, size));
+		fprintf(outfile, "\tHash: %s\n", gnutls_digest_get_name(dig));
+		fprintf(outfile, "\tSeed: %s\n", raw_to_hex(lbuffer, size));
 	}
 
 	fprintf(outfile, "\n");
 
 	size = lbuffer_size;
 	ret =
-	     gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA256, lbuffer, &size);
+	    gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA256,
+					   lbuffer, &size);
 	if (ret < 0) {
 		fprintf(stderr, "Error in key id calculation: %s\n",
 			gnutls_strerror(ret));
@@ -1361,7 +1362,8 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
 
 		size = lbuffer_size;
 		ret =
-		     gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA1, lbuffer, &size);
+		    gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA1,
+						   lbuffer, &size);
 		if (ret >= 0) {
 			fprintf(outfile, "\tsha1:%s\n",
 				raw_to_hex(lbuffer, size));
@@ -1372,7 +1374,8 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo,
 }
 
 void
-print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t key)
+print_private_key(FILE * outfile, common_info_st * cinfo,
+		  gnutls_x509_privkey_t key)
 {
 	int ret;
 	size_t size;
@@ -1382,7 +1385,8 @@ print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t k
 
 	/* Only print private key parameters when an unencrypted
 	 * format is used */
-	switch_to_pkcs8_when_needed(cinfo, key, gnutls_x509_privkey_get_pk_algorithm(key));
+	switch_to_pkcs8_when_needed(cinfo, key,
+				    gnutls_x509_privkey_get_pk_algorithm(key));
 
 	if (!cinfo->pkcs8) {
 
@@ -1459,17 +1463,28 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 				gnutls_keygen_data_st data;
 
 				if (info->seed_size < 32) {
-					fprintf(stderr, "For DH parameter generation a 32-byte seed value or larger is expected (have: %d); use -d 2 for more information.\n", (int)info->seed_size);
+					fprintf(stderr,
+						"For DH parameter generation a 32-byte seed value or larger is expected (have: %d); use -d 2 for more information.\n",
+						(int)info->seed_size);
 					app_exit(1);
 				}
 
 				data.type = GNUTLS_KEYGEN_SEED;
-				data.data = (void*)info->seed;
+				data.data = (void *)info->seed;
 				data.size = info->seed_size;
 
-				ret = gnutls_x509_privkey_generate2(pkey, GNUTLS_PK_DSA, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE, &data, 1);
+				ret =
+				    gnutls_x509_privkey_generate2(pkey,
+								  GNUTLS_PK_DSA,
+								  bits,
+								  GNUTLS_PRIVKEY_FLAG_PROVABLE,
+								  &data, 1);
 			} else {
-				ret = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_DSA, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE);
+				ret =
+				    gnutls_x509_privkey_generate(pkey,
+								 GNUTLS_PK_DSA,
+								 bits,
+								 GNUTLS_PRIVKEY_FLAG_PROVABLE);
 			}
 
 			if (ret < 0) {
@@ -1502,9 +1517,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 			}
 		}
 
-		ret =
-		    gnutls_dh_params_export_raw(dh_params, &p, &g,
-						&q_bits);
+		ret = gnutls_dh_params_export_raw(dh_params, &p, &g, &q_bits);
 		if (ret < 0) {
 			fprintf(stderr, "Error exporting parameters: %s\n",
 				gnutls_strerror(ret));
@@ -1512,7 +1525,8 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 		}
 	} else {
 		if (info->provable != 0) {
-			fprintf(stderr, "The DH parameters obtained via this option are not provable\n");
+			fprintf(stderr,
+				"The DH parameters obtained via this option are not provable\n");
 			app_exit(1);
 		}
 #if defined(ENABLE_DHE) || defined(ENABLE_ANON)
@@ -1569,8 +1583,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 			app_exit(1);
 		}
 #else
-		fprintf(stderr,
-			"Parameters unavailable as SRP is disabled.\n");
+		fprintf(stderr, "Parameters unavailable as SRP is disabled.\n");
 		app_exit(1);
 #endif
 	}
@@ -1593,8 +1606,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 				fwrite(lbuffer, 1, len, outfile);
 
 		} else {
-			fprintf(stderr, "Error: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "Error: %s\n", gnutls_strerror(ret));
 		}
 
 	}
@@ -1609,7 +1621,7 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 	return 0;
 }
 
-void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size)
+void decode_seed(gnutls_datum_t * seed, const char *hex, unsigned hex_size)
 {
 	int ret;
 	size_t seed_size;
@@ -1625,7 +1637,8 @@ void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size)
 	seed_size = hex_size;
 	ret = gnutls_hex2bin(hex, hex_size, seed->data, &seed_size);
 	if (ret < 0) {
-		fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret));
+		fprintf(stderr, "Could not hex decode data: %s\n",
+			gnutls_strerror(ret));
 		app_exit(1);
 	}
 	seed->size = seed_size;
@@ -1639,7 +1652,8 @@ gnutls_pk_algorithm_t figure_key_type(const char *key_type)
 		return GNUTLS_PK_RSA;
 	else if (strcasecmp(key_type, "rsa-pss") == 0)
 		return GNUTLS_PK_RSA_PSS;
-	else if (strcasecmp(key_type, "ed25519") == 0 || strcasecmp(key_type, "eddsa") == 0)
+	else if (strcasecmp(key_type, "ed25519") == 0
+		 || strcasecmp(key_type, "eddsa") == 0)
 		return GNUTLS_PK_EDDSA_ED25519;
 	else if (strcasecmp(key_type, "ed448") == 0)
 		return GNUTLS_PK_EDDSA_ED448;
@@ -1649,7 +1663,8 @@ gnutls_pk_algorithm_t figure_key_type(const char *key_type)
 		return GNUTLS_PK_ECDH_X448;
 	else if (strcasecmp(key_type, "dsa") == 0)
 		return GNUTLS_PK_DSA;
-	else if (strcasecmp(key_type, "ecdsa") == 0 || strcasecmp(key_type, "ecc") == 0)
+	else if (strcasecmp(key_type, "ecdsa") == 0
+		 || strcasecmp(key_type, "ecc") == 0)
 		return GNUTLS_PK_ECDSA;
 	else if (strcasecmp(key_type, "gost01") == 0)
 		return GNUTLS_PK_GOST_01;
@@ -1694,7 +1709,7 @@ gnutls_digest_algorithm_t hash_to_id(const char *hash)
 	}
 }
 
-void sign_params_to_flags(common_info_st *cinfo, const char *params)
+void sign_params_to_flags(common_info_st * cinfo, const char *params)
 {
 	char *p, *sp;
 
@@ -1706,15 +1721,15 @@ void sign_params_to_flags(common_info_st *cinfo, const char *params)
 
 	p = strtok(sp, ",");
 
-	while(p != NULL) {
-		if (strcasecmp(p, "rsa-pss")==0) {
+	while (p != NULL) {
+		if (strcasecmp(p, "rsa-pss") == 0) {
 			cinfo->rsa_pss_sign = 1;
 		} else {
 			fprintf(stderr, "Unknown signature parameter: %s\n", p);
 			app_exit(1);
 		}
 
-		p=strtok(NULL, ",");
+		p = strtok(NULL, ",");
 	}
 
 	free(sp);
diff --git a/src/certtool-common.h b/src/certtool-common.h
index 0c8c69540f..071ddd4fbe 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -20,22 +20,22 @@
  */
 
 #ifndef GNUTLS_SRC_CERTTOOL_COMMON_H
-#define GNUTLS_SRC_CERTTOOL_COMMON_H
+# define GNUTLS_SRC_CERTTOOL_COMMON_H
 
-#include <gnutls/x509.h>
-#include <stdio.h>
-#include <stdbool.h>
-#include "attribute.h"
+# include <gnutls/x509.h>
+# include <stdio.h>
+# include <stdbool.h>
+# include "attribute.h"
 
-#define TYPE_CRT 1
-#define TYPE_CRQ 2
+# define TYPE_CRT 1
+# define TYPE_CRQ 2
 
-#define SERIAL_MAX_BYTES 20
+# define SERIAL_MAX_BYTES 20
 
 void certtool_version(void);
 
-#include <gnutls/x509.h>
-#include <gnutls/abstract.h>
+# include <gnutls/x509.h>
+# include <gnutls/abstract.h>
 
 typedef struct common_info {
 	const char *secret_key;
@@ -86,26 +86,33 @@ typedef struct common_info {
 } common_info_st;
 
 static inline
-void switch_to_pkcs8_when_needed(common_info_st *cinfo, gnutls_x509_privkey_t key, unsigned key_type)
+    void switch_to_pkcs8_when_needed(common_info_st * cinfo,
+				     gnutls_x509_privkey_t key,
+				     unsigned key_type)
 {
 	if (cinfo->pkcs8)
 		return;
 
-	if (key_type == GNUTLS_PK_RSA_PSS || key_type == GNUTLS_PK_EDDSA_ED25519 || key_type == GNUTLS_PK_EDDSA_ED448 ||
-            key_type == GNUTLS_PK_ECDH_X25519 || key_type == GNUTLS_PK_ECDH_X448 ||
-	    key_type == GNUTLS_PK_GOST_01 || key_type == GNUTLS_PK_GOST_12_256 ||
-	    key_type == GNUTLS_PK_GOST_12_512) {
+	if (key_type == GNUTLS_PK_RSA_PSS || key_type == GNUTLS_PK_EDDSA_ED25519
+	    || key_type == GNUTLS_PK_EDDSA_ED448
+	    || key_type == GNUTLS_PK_ECDH_X25519
+	    || key_type == GNUTLS_PK_ECDH_X448 || key_type == GNUTLS_PK_GOST_01
+	    || key_type == GNUTLS_PK_GOST_12_256
+	    || key_type == GNUTLS_PK_GOST_12_512) {
 		if (cinfo->verbose)
-			fprintf(stderr, "Assuming --pkcs8 is given; %s private keys can only be exported in PKCS#8 format\n",
+			fprintf(stderr,
+				"Assuming --pkcs8 is given; %s private keys can only be exported in PKCS#8 format\n",
 				gnutls_pk_algorithm_get_name(key_type));
 		cinfo->pkcs8 = 1;
 		if (cinfo->password == NULL)
 			cinfo->password = "";
 	}
 
-	if (gnutls_x509_privkey_get_seed(key, NULL, NULL, 0) != GNUTLS_E_INVALID_REQUEST) {
+	if (gnutls_x509_privkey_get_seed(key, NULL, NULL, 0) !=
+	    GNUTLS_E_INVALID_REQUEST) {
 		if (cinfo->verbose)
-			fprintf(stderr, "Assuming --pkcs8 is given; provable private keys can only be exported in PKCS#8 format\n");
+			fprintf(stderr,
+				"Assuming --pkcs8 is given; provable private keys can only be exported in PKCS#8 format\n");
 		cinfo->pkcs8 = 1;
 		if (cinfo->password == NULL)
 			cinfo->password = "";
@@ -116,21 +123,20 @@ void switch_to_pkcs8_when_needed(common_info_st *cinfo, gnutls_x509_privkey_t ke
 const char *get_pass(void);
 const char *get_confirmed_pass(bool empty_ok);
 void app_exit(int val)
-#ifdef __GNUC__
-__attribute__ ((__noreturn__))
-#endif
-;
+# ifdef __GNUC__
+    __attribute__((__noreturn__))
+# endif
+    ;
 int cipher_to_flags(const char *cipher);
 
 void
-print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t key);
-gnutls_pubkey_t load_public_key_or_import(int mand,
-					  gnutls_privkey_t privkey,
+print_private_key(FILE * outfile, common_info_st * cinfo,
+		  gnutls_x509_privkey_t key);
+gnutls_pubkey_t load_public_key_or_import(int mand, gnutls_privkey_t privkey,
 					  common_info_st * info);
 gnutls_privkey_t load_private_key(int mand, common_info_st * info);
-gnutls_x509_privkey_t load_x509_private_key(int mand,
-					    common_info_st * info);
-gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
+gnutls_x509_privkey_t load_x509_private_key(int mand, common_info_st * info);
+gnutls_x509_privkey_t *load_privkey_list(int mand, size_t *privkey_size,
 					 common_info_st * info);
 gnutls_x509_crq_t load_request(common_info_st * info);
 gnutls_privkey_t load_ca_private_key(common_info_st * info);
@@ -138,10 +144,9 @@ gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info);
 gnutls_x509_crt_t load_cert(int mand, common_info_st * info);
 gnutls_datum_t *load_secret_key(int mand, common_info_st * info);
 gnutls_pubkey_t load_pubkey(int mand, common_info_st * info);
-gnutls_x509_crt_t *load_cert_list(int mand, size_t * size,
-				  common_info_st * info);
-gnutls_x509_crl_t *load_crl_list(int mand, size_t * size,
+gnutls_x509_crt_t *load_cert_list(int mand, size_t *size,
 				  common_info_st * info);
+gnutls_x509_crl_t *load_crl_list(int mand, size_t *size, common_info_st * info);
 int get_bits(gnutls_pk_algorithm_t key_type, int info_bits,
 	     const char *info_sec_param, int warn);
 
@@ -152,11 +157,11 @@ gnutls_ecc_curve_t str_to_curve(const char *str);
 int generate_prime(FILE * outfile, int how, common_info_st * info);
 void dh_info(FILE * infile, FILE * outfile, common_info_st * ci);
 
-gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
+gnutls_x509_privkey_t *load_privkey_list(int mand, size_t *privkey_size,
 					 common_info_st * info);
 
 void print_pubkey_info(gnutls_pubkey_t pubkey,
-		       FILE *outfile,
+		       FILE * outfile,
 		       gnutls_certificate_print_formats_t format,
 		       gnutls_x509_crt_fmt_t outcert_format,
 		       unsigned int outtext);
@@ -171,14 +176,12 @@ void print_gost_pkey(FILE * outfile, gnutls_ecc_curve_t curve,
 void print_rsa_pkey(FILE * outfile, gnutls_datum_t * m, gnutls_datum_t * e,
 		    gnutls_datum_t * d, gnutls_datum_t * p,
 		    gnutls_datum_t * q, gnutls_datum_t * u,
-		    gnutls_datum_t * exp1, gnutls_datum_t * exp2,
-		    int cprint);
+		    gnutls_datum_t * exp1, gnutls_datum_t * exp2, int cprint);
 void print_dsa_pkey(FILE * outfile, gnutls_datum_t * x, gnutls_datum_t * y,
 		    gnutls_datum_t * p, gnutls_datum_t * q,
 		    gnutls_datum_t * g, int cprint);
 
-ATTRIBUTE_MALLOC
-FILE *safe_open_rw(const char *file, int privkey_op);
+ATTRIBUTE_MALLOC FILE *safe_open_rw(const char *file, int privkey_op);
 
 const char *get_password(common_info_st * cinfo, unsigned int *flags,
 			 int confirm);
@@ -188,14 +191,14 @@ extern unsigned long lbuffer_size;
 
 void fix_lbuffer(unsigned long);
 
-void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size);
+void decode_seed(gnutls_datum_t * seed, const char *hex, unsigned hex_size);
 
-#define GNUTLS_PK_IS_RSA(pk) ((pk) == GNUTLS_PK_RSA || (pk) == GNUTLS_PK_RSA_PSS)
+# define GNUTLS_PK_IS_RSA(pk) ((pk) == GNUTLS_PK_RSA || (pk) == GNUTLS_PK_RSA_PSS)
 
 gnutls_pk_algorithm_t figure_key_type(const char *key_type);
 
 gnutls_digest_algorithm_t hash_to_id(const char *hash);
 
-void sign_params_to_flags(common_info_st *cinfo, const char *params);
+void sign_params_to_flags(common_info_st * cinfo, const char *params);
 
-#endif /* GNUTLS_SRC_CERTTOOL_COMMON_H */
+#endif				/* GNUTLS_SRC_CERTTOOL_COMMON_H */
diff --git a/src/certtool-extras.c b/src/certtool-extras.c
index 7ae54faa50..38317d5b4d 100644
--- a/src/certtool-extras.c
+++ b/src/certtool-extras.c
@@ -41,12 +41,11 @@
 #include "certtool-common.h"
 #include "certtool-cfg.h"
 
-
 #define MAX_KEYS 256
 
 /* Loads a x509 private key list
  */
-gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
+gnutls_x509_privkey_t *load_privkey_list(int mand, size_t *privkey_size,
 					 common_info_st * info)
 {
 	static gnutls_x509_privkey_t key[MAX_KEYS];
@@ -74,7 +73,7 @@ gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
 		exit(1);
 	}
 
-	ptr = (void *) file_data.data;
+	ptr = (void *)file_data.data;
 	ptr_size = file_data.size;
 
 	for (i = 0; i < MAX_KEYS; i++) {
@@ -85,19 +84,17 @@ gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
 			exit(1);
 		}
 
-		dat.data = (void *) ptr;
+		dat.data = (void *)ptr;
 		dat.size = ptr_size;
 
 		ret =
 		    gnutls_x509_privkey_import2(key[i], &dat,
-						info->incert_format, NULL,
-						0);
+						info->incert_format, NULL, 0);
 		if (ret == GNUTLS_E_DECRYPTION_FAILED) {
 			pass = get_password(info, &flags, 0);
 			ret =
 			    gnutls_x509_privkey_import2(key[i], &dat,
-							info->
-							incert_format,
+							info->incert_format,
 							pass, flags);
 		}
 
@@ -121,8 +118,7 @@ gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
 
 		ptr_size = file_data.size;
 		ptr_size -=
-		    ((unsigned char *) ptr -
-				    (unsigned char *) file_data.data);
+		    ((unsigned char *)ptr - (unsigned char *)file_data.data);
 
 		if (ptr_size < 0)
 			break;
@@ -130,7 +126,7 @@ gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size,
 	}
 
 	gnutls_free(file_data.data);
-	fprintf(stderr, "Loaded %d private keys.\n", (int) *privkey_size);
+	fprintf(stderr, "Loaded %d private keys.\n", (int)*privkey_size);
 
 	return key;
 }
diff --git a/src/certtool.c b/src/certtool.c
index 71d4aff13e..b6cbcfb082 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -57,24 +57,26 @@
 
 static FILE *stdlog = NULL;
 
-static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *cinfo);
-void pkcs7_info(common_info_st *cinfo, unsigned display_data);
+static void print_crl_info(gnutls_x509_crl_t crl, FILE * out,
+			   common_info_st * cinfo);
+void pkcs7_info(common_info_st * cinfo, unsigned display_data);
 void pkcs7_sign(common_info_st *, unsigned embed);
 void pkcs7_generate(common_info_st *);
 void pkcs8_info(void);
-void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
-			unsigned ignore_err, FILE *out, const char *tab);
-void crq_info(common_info_st *cinfo);
+void pkcs8_info_int(gnutls_datum_t * data, unsigned format,
+		    unsigned ignore_err, FILE * out, const char *tab);
+void crq_info(common_info_st * cinfo);
 void smime_to_pkcs7(void);
 void pkcs12_info(common_info_st *);
 void generate_pkcs12(common_info_st *);
 void generate_pkcs8(common_info_st *);
 static void verify_chain(common_info_st * cinfo);
 void verify_crl(common_info_st * cinfo);
-void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_data);
+void verify_pkcs7(common_info_st * cinfo, const char *purpose,
+		  unsigned display_data);
 void pubkey_info(gnutls_x509_crt_t crt, common_info_st *);
 void certificate_info(int, common_info_st *);
-void crl_info(common_info_st *cinfo);
+void crl_info(common_info_st * cinfo);
 void privkey_info(common_info_st *);
 static void cmd_parser(int argc, char **argv);
 void generate_self_signed(common_info_st *);
@@ -87,10 +89,11 @@ static void privkey_to_rsa(common_info_st * cinfo);
 
 static void pubkey_keyid(common_info_st * cinfo);
 static void certificate_fpr(common_info_st * cinfo);
-static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt, common_info_st * cinfo);
+static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt,
+					 common_info_st * cinfo);
 
 FILE *outfile;
-static const char *outfile_name = NULL; /* to delete on exit */
+static const char *outfile_name = NULL;	/* to delete on exit */
 
 #define REQ_KEY_TYPE_DEFAULT GNUTLS_PK_RSA
 
@@ -145,8 +148,7 @@ int main(int argc, char **argv)
 		gnutls_x509_spki_set_rsa_pss_params(spki, cinfo->hash, _salt_size); \
 	} while(0)
 
-static gnutls_x509_privkey_t
-generate_private_key_int(common_info_st * cinfo)
+static gnutls_x509_privkey_t generate_private_key_int(common_info_st * cinfo)
 {
 	gnutls_x509_privkey_t key;
 	int ret, key_type, bits;
@@ -178,7 +180,8 @@ generate_private_key_int(common_info_st * cinfo)
 		if (GNUTLS_BITS_ARE_CURVE(bits)) {
 			gnutls_ecc_curve_t curve = GNUTLS_BITS_TO_CURVE(bits);
 			ecc_bits = gnutls_ecc_curve_get_size(curve) * 8;
-			snprintf(name, sizeof(name), "(%s)", gnutls_ecc_curve_get_name(curve));
+			snprintf(name, sizeof(name), "(%s)",
+				 gnutls_ecc_curve_get_name(curve));
 		} else {
 			ecc_bits = bits;
 			name[0] = 0;
@@ -195,7 +198,8 @@ generate_private_key_int(common_info_st * cinfo)
 			bits, gnutls_pk_algorithm_get_name(key_type));
 	}
 
-	if (provable && (!GNUTLS_PK_IS_RSA(key_type) && key_type != GNUTLS_PK_DSA)) {
+	if (provable
+	    && (!GNUTLS_PK_IS_RSA(key_type) && key_type != GNUTLS_PK_DSA)) {
 		fprintf(stderr,
 			"The --provable parameter can only be used with RSA and DSA keys.\n");
 		app_exit(1);
@@ -211,13 +215,15 @@ generate_private_key_int(common_info_st * cinfo)
 		if (bits != 2048 && bits != 3072 && bits != 4096 &&
 		    bits != 6144 && bits != 7680 && bits != 8192 &&
 		    bits != 15360) {
-			fprintf(stderr, "Note that the FIPS 186-4 key generation restricts keys to be of known lengths (2048, 3072, etc)\n");
+			fprintf(stderr,
+				"Note that the FIPS 186-4 key generation restricts keys to be of known lengths (2048, 3072, etc)\n");
 		}
 	}
 
 	ret = gnutls_x509_spki_init(&spki);
 	if (ret < 0) {
-		fprintf(stderr, "error in SPKI initialization: %s\n", gnutls_strerror(ret));
+		fprintf(stderr, "error in SPKI initialization: %s\n",
+			gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -225,7 +231,7 @@ generate_private_key_int(common_info_st * cinfo)
 
 	if (cinfo->seed_size > 0) {
 		kdata[kdata_size].type = GNUTLS_KEYGEN_SEED;
-		kdata[kdata_size].data = (void*)cinfo->seed;
+		kdata[kdata_size].data = (void *)cinfo->seed;
 		kdata[kdata_size++].size = cinfo->seed_size;
 
 		if (GNUTLS_PK_IS_RSA(key_type)) {
@@ -238,33 +244,39 @@ generate_private_key_int(common_info_st * cinfo)
 			    (bits == 7680 && cinfo->seed_size != 48) ||
 			    (bits == 8192 && cinfo->seed_size != 50) ||
 			    (bits == 15360 && cinfo->seed_size != 64)) {
-				fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)cinfo->seed_size);
+				fprintf(stderr,
+					"The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n",
+					(int)cinfo->seed_size);
 			}
 		} else if (key_type == GNUTLS_PK_DSA) {
 			if (cinfo->seed_size != 65) {
-				fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)cinfo->seed_size);
+				fprintf(stderr,
+					"The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n",
+					(int)cinfo->seed_size);
 			}
 		}
 
 		flags |= GNUTLS_PRIVKEY_FLAG_PROVABLE;
 	}
 
-	if (key_type == GNUTLS_PK_RSA_PSS && (cinfo->hash || HAVE_OPT(SALT_SIZE))) {
+	if (key_type == GNUTLS_PK_RSA_PSS
+	    && (cinfo->hash || HAVE_OPT(SALT_SIZE))) {
 
 		SET_SPKI_PARAMS(spki, cinfo);
 
 		kdata[kdata_size].type = GNUTLS_KEYGEN_SPKI;
-		kdata[kdata_size].data = (void*)spki;
+		kdata[kdata_size].data = (void *)spki;
 		kdata[kdata_size++].size = sizeof(spki);
 	}
 
 	if (provable)
 		flags |= GNUTLS_PRIVKEY_FLAG_PROVABLE;
 
-	ret = gnutls_x509_privkey_generate2(key, key_type, bits, flags, kdata, kdata_size);
+	ret =
+	    gnutls_x509_privkey_generate2(key, key_type, bits, flags, kdata,
+					  kdata_size);
 	if (ret < 0) {
-		fprintf(stderr, "privkey_generate: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "privkey_generate: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -280,7 +292,6 @@ generate_private_key_int(common_info_st * cinfo)
 	return key;
 }
 
-
 static void generate_private_key(common_info_st * cinfo)
 {
 	gnutls_x509_privkey_t key;
@@ -300,16 +311,20 @@ static void verify_provable_privkey(common_info_st * cinfo)
 	pkey = load_private_key(1, cinfo);
 
 	if (cinfo->seed_size > 0) {
-		ret = gnutls_privkey_verify_seed(pkey, 0, cinfo->seed, cinfo->seed_size);
+		ret =
+		    gnutls_privkey_verify_seed(pkey, 0, cinfo->seed,
+					       cinfo->seed_size);
 	} else {
 		ret = gnutls_privkey_verify_seed(pkey, 0, NULL, 0);
 	}
 
 	if (ret < 0) {
 		if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE)
-			fprintf(stderr, "The private key type cannot be associated with validated parameters\n");
+			fprintf(stderr,
+				"The private key type cannot be associated with validated parameters\n");
 		else
-			fprintf(stderr, "Error verifying private key: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Error verifying private key: %s\n",
+				gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -449,15 +464,20 @@ generate_certificate(gnutls_privkey_t * ret_key,
 		ask = 0;
 		secs = get_expiration_date();
 
-		if (ca_crt && (secs > gnutls_x509_crt_get_expiration_time(ca_crt))) {
-			time_t exp = gnutls_x509_crt_get_expiration_time(ca_crt);
-			fprintf(stderr, "\nExpiration time: %s\n", simple_ctime(&secs, timebuf));
-			fprintf(stderr, "CA expiration time: %s\n", simple_ctime(&exp, timebuf));
-			fprintf(stderr, "Warning: The time set exceeds the CA's expiration time\n");
+		if (ca_crt
+		    && (secs > gnutls_x509_crt_get_expiration_time(ca_crt))) {
+			time_t exp =
+			    gnutls_x509_crt_get_expiration_time(ca_crt);
+			fprintf(stderr, "\nExpiration time: %s\n",
+				simple_ctime(&secs, timebuf));
+			fprintf(stderr, "CA expiration time: %s\n",
+				simple_ctime(&exp, timebuf));
+			fprintf(stderr,
+				"Warning: The time set exceeds the CA's expiration time\n");
 			ask = 1;
 		}
-	} while(batch == 0 && ask != 0 && read_yesno("Is it ok to proceed? (y/N): ", 0) == 0);
-
+	} while (batch == 0 && ask != 0
+		 && read_yesno("Is it ok to proceed? (y/N): ", 0) == 0);
 
 	result = gnutls_x509_crt_set_expiration_time(crt, secs);
 	if (result < 0) {
@@ -497,8 +517,7 @@ generate_certificate(gnutls_privkey_t * ret_key,
 				    ("1.3.6.1.5.5.7.21.2 ::= id-ppl-independent\n");
 			}
 
-			policylanguage =
-			    get_proxy_policy(&policy, &policylen);
+			policylanguage = get_proxy_policy(&policy, &policylen);
 
 			result =
 			    gnutls_x509_crt_set_proxy(crt, proxypathlen,
@@ -565,23 +584,18 @@ generate_certificate(gnutls_privkey_t * ret_key,
 		}
 
 		if (!ca_status || server) {
-			if (pk == GNUTLS_PK_RSA ||
-			    pk == GNUTLS_PK_GOST_01 ||
-			    pk == GNUTLS_PK_GOST_12_256 ||
-			    pk == GNUTLS_PK_GOST_12_512)  {	/* DSA and ECDSA keys can only sign. */
+			if (pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_GOST_01 || pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512) {	/* DSA and ECDSA keys can only sign. */
 				result = get_sign_status(server);
 				if (result)
-					usage |=
-					    GNUTLS_KEY_DIGITAL_SIGNATURE;
+					usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
 
 				result = get_encrypt_status(server);
 				if (result)
-					usage |=
-					    GNUTLS_KEY_KEY_ENCIPHERMENT;
+					usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
 			} else if (pk == GNUTLS_PK_ECDH_X25519 ||
-                                   pk == GNUTLS_PK_ECDH_X448) {
-                                /* X25519 and X448 are only for key agreement. */
-                                usage |= GNUTLS_KEY_KEY_AGREEMENT;
+				   pk == GNUTLS_PK_ECDH_X448) {
+				/* X25519 and X448 are only for key agreement. */
+				usage |= GNUTLS_KEY_KEY_AGREEMENT;
 			} else {
 				usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
 			}
@@ -672,7 +686,6 @@ generate_certificate(gnutls_privkey_t * ret_key,
 			if (result)
 				usage |= GNUTLS_KEY_CRL_SIGN;
 
-
 			crt_constraints_set(crt);
 		}
 
@@ -696,7 +709,9 @@ generate_certificate(gnutls_privkey_t * ret_key,
 		/* Subject Key ID.
 		 */
 		size = lbuffer_size;
-		result = gnutls_x509_crt_get_key_id(crt, GNUTLS_KEYID_USE_SHA1, lbuffer, &size);
+		result =
+		    gnutls_x509_crt_get_key_id(crt, GNUTLS_KEYID_USE_SHA1,
+					       lbuffer, &size);
 		if (result >= 0) {
 			result =
 			    gnutls_x509_crt_set_subject_key_id(crt, lbuffer,
@@ -715,8 +730,7 @@ generate_certificate(gnutls_privkey_t * ret_key,
 			result =
 			    gnutls_x509_crt_get_subject_key_id(ca_crt,
 							       lbuffer,
-							       &size,
-							       NULL);
+							       &size, NULL);
 			if (result >= 0) {
 				result =
 				    gnutls_x509_crt_set_authority_key_id
@@ -744,10 +758,13 @@ generate_certificate(gnutls_privkey_t * ret_key,
 		app_exit(1);
 	}
 
-	if ((HAVE_OPT(KEY_TYPE) || req_key_type != REQ_KEY_TYPE_DEFAULT) && req_key_type != pk) {
+	if ((HAVE_OPT(KEY_TYPE) || req_key_type != REQ_KEY_TYPE_DEFAULT)
+	    && req_key_type != pk) {
 		if (pk != GNUTLS_PK_RSA || req_key_type != GNUTLS_PK_RSA_PSS) {
-			fprintf(stderr, "cannot set certificate type (%s) incompatible with the key (%s)\n",
-				gnutls_pk_get_name(req_key_type), gnutls_pk_get_name(pk));
+			fprintf(stderr,
+				"cannot set certificate type (%s) incompatible with the key (%s)\n",
+				gnutls_pk_get_name(req_key_type),
+				gnutls_pk_get_name(pk));
 			app_exit(1);
 		}
 	}
@@ -766,7 +783,8 @@ generate_certificate(gnutls_privkey_t * ret_key,
 		if (result >= 0) {
 			result = gnutls_x509_crt_set_spki(crt, spki, 0);
 			if (result < 0) {
-				fprintf(stderr, "error setting RSA-PSS SPKI information: %s\n",
+				fprintf(stderr,
+					"error setting RSA-PSS SPKI information: %s\n",
 					gnutls_strerror(result));
 				app_exit(1);
 			}
@@ -786,7 +804,8 @@ generate_certificate(gnutls_privkey_t * ret_key,
 
 		result = gnutls_x509_crt_set_spki(crt, spki, 0);
 		if (result < 0) {
-			fprintf(stderr, "error setting RSA-PSS SPKI information: %s\n",
+			fprintf(stderr,
+				"error setting RSA-PSS SPKI information: %s\n",
 				gnutls_strerror(result));
 			app_exit(1);
 		}
@@ -828,7 +847,8 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
 	} else {
 		result = gnutls_x509_crl_init(&crl);
 		if (result < 0) {
-			fprintf(stderr, "crl_init: %s\n", gnutls_strerror(result));
+			fprintf(stderr, "crl_init: %s\n",
+				gnutls_strerror(result));
 			app_exit(1);
 		}
 	}
@@ -852,25 +872,21 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
 
 	result = gnutls_x509_crl_set_this_update(crl, this_update);
 	if (result < 0) {
-		fprintf(stderr, "this_update: %s\n",
-			gnutls_strerror(result));
+		fprintf(stderr, "this_update: %s\n", gnutls_strerror(result));
 		app_exit(1);
 	}
 
 	secs = get_crl_next_update();
 
-	result =
-	    gnutls_x509_crl_set_next_update(crl, secs);
+	result = gnutls_x509_crl_set_next_update(crl, secs);
 	if (result < 0) {
-		fprintf(stderr, "next_update: %s\n",
-			gnutls_strerror(result));
+		fprintf(stderr, "next_update: %s\n", gnutls_strerror(result));
 		app_exit(1);
 	}
 
 	result = gnutls_x509_crl_set_version(crl, 2);
 	if (result < 0) {
-		fprintf(stderr, "set_version: %s\n",
-			gnutls_strerror(result));
+		fprintf(stderr, "set_version: %s\n", gnutls_strerror(result));
 		app_exit(1);
 	}
 
@@ -883,8 +899,7 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
 		if (result >= 0) {
 			result =
 			    gnutls_x509_crl_set_authority_key_id(crl,
-								 lbuffer,
-								 size);
+								 lbuffer, size);
 			if (result < 0) {
 				fprintf(stderr, "set_authority_key_id: %s\n",
 					gnutls_strerror(result));
@@ -913,15 +928,15 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
 	return crl;
 }
 
-static gnutls_digest_algorithm_t get_dig_for_pub(gnutls_pubkey_t pubkey, common_info_st * cinfo)
+static gnutls_digest_algorithm_t get_dig_for_pub(gnutls_pubkey_t pubkey,
+						 common_info_st * cinfo)
 {
 	gnutls_digest_algorithm_t dig;
 	int result;
 	unsigned int mand;
 
 	result =
-	    gnutls_pubkey_get_preferred_hash_algorithm(pubkey, &dig,
-						       &mand);
+	    gnutls_pubkey_get_preferred_hash_algorithm(pubkey, &dig, &mand);
 	if (result < 0) {
 		{
 			fprintf(stderr,
@@ -938,7 +953,8 @@ static gnutls_digest_algorithm_t get_dig_for_pub(gnutls_pubkey_t pubkey, common_
 	return dig;
 }
 
-static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt, common_info_st * cinfo)
+static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt,
+					 common_info_st * cinfo)
 {
 	gnutls_digest_algorithm_t dig;
 	gnutls_pubkey_t pubkey;
@@ -989,14 +1005,14 @@ void generate_self_signed(common_info_st * cinfo)
 		flags |= GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS;
 
 	result =
-	    gnutls_x509_crt_privkey_sign(crt, crt, key, get_dig(crt, cinfo), flags);
+	    gnutls_x509_crt_privkey_sign(crt, crt, key, get_dig(crt, cinfo),
+					 flags);
 	if (result < 0) {
 		fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result));
 		app_exit(1);
 	}
 
-	result =
-	    gnutls_x509_crt_export2(crt, outcert_format, &out);
+	result = gnutls_x509_crt_export2(crt, outcert_format, &out);
 	if (result < 0) {
 		fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result));
 		app_exit(1);
@@ -1041,8 +1057,7 @@ static void generate_signed_certificate(common_info_st * cinfo)
 		app_exit(1);
 	}
 
-	result =
-	    gnutls_x509_crt_export2(crt, outcert_format, &out);
+	result = gnutls_x509_crt_export2(crt, outcert_format, &out);
 	if (result < 0) {
 		fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result));
 		app_exit(1);
@@ -1080,15 +1095,14 @@ static void generate_proxy_certificate(common_info_st * cinfo)
 		flags |= GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS;
 
 	result =
-	    gnutls_x509_crt_privkey_sign(crt, eecrt, eekey, get_dig(eecrt, cinfo),
-					 flags);
+	    gnutls_x509_crt_privkey_sign(crt, eecrt, eekey,
+					 get_dig(eecrt, cinfo), flags);
 	if (result < 0) {
 		fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result));
 		app_exit(1);
 	}
 
-	result =
-	    gnutls_x509_crt_export2(crt, outcert_format, &out);
+	result = gnutls_x509_crt_export2(crt, outcert_format, &out);
 	if (result < 0) {
 		fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result));
 		app_exit(1);
@@ -1147,7 +1161,6 @@ static void update_signed_certificate(common_info_st * cinfo)
 
 	fprintf(stdlog, "Generating a signed certificate...\n");
 
-
 	ca_key = load_ca_private_key(cinfo);
 	ca_crt = load_ca_cert(1, cinfo);
 	crt = load_cert(1, cinfo);
@@ -1196,8 +1209,7 @@ static void update_signed_certificate(common_info_st * cinfo)
 		app_exit(1);
 	}
 
-	result =
-	    gnutls_x509_crt_export2(crt, outcert_format, &out);
+	result = gnutls_x509_crt_export2(crt, outcert_format, &out);
 	if (result < 0) {
 		fprintf(stderr, "crt_export: %s\n", gnutls_strerror(result));
 		app_exit(1);
@@ -1213,12 +1225,13 @@ static void load_infile(const char *file)
 {
 	struct stat st;
 	if (stat(file, &st) == 0) {
-		fix_lbuffer(2*st.st_size);
+		fix_lbuffer(2 * st.st_size);
 	}
 
 	infile = fopen(file, "rb");
 	if (infile == NULL) {
-		fprintf(stderr, "Cannot open %s for reading\n", OPT_ARG(INFILE));
+		fprintf(stderr, "Cannot open %s for reading\n",
+			OPT_ARG(INFILE));
 		app_exit(1);
 	}
 }
@@ -1246,7 +1259,8 @@ static void cmd_parser(int argc, char **argv)
 	if (HAVE_OPT(OUTFILE)) {
 		outfile = safe_open_rw(OPT_ARG(OUTFILE), privkey_op);
 		if (outfile == NULL) {
-			fprintf(stderr, "Cannot open %s for writing\n", OPT_ARG(OUTFILE));
+			fprintf(stderr, "Cannot open %s for writing\n",
+				OPT_ARG(OUTFILE));
 			app_exit(1);
 		}
 		outfile_name = OPT_ARG(OUTFILE);
@@ -1274,7 +1288,6 @@ static void cmd_parser(int argc, char **argv)
 		load_infile(OPT_ARG(INFILE));
 	}
 
-
 	fix_lbuffer(0);
 
 	if (HAVE_OPT(INDER))
@@ -1308,12 +1321,11 @@ static void cmd_parser(int argc, char **argv)
 		template_parse(OPT_ARG(TEMPLATE));
 	}
 
-
 	gnutls_global_set_log_function(tls_log_func);
 
 	if (HAVE_OPT(DEBUG)) {
 		gnutls_global_set_log_level(OPT_VALUE_DEBUG);
-		printf("Setting log level to %d\n", (int) OPT_VALUE_DEBUG);
+		printf("Setting log level to %d\n", (int)OPT_VALUE_DEBUG);
 	}
 
 	if ((ret = gnutls_global_init()) < 0) {
@@ -1332,7 +1344,6 @@ static void cmd_parser(int argc, char **argv)
 			app_exit(1);
 		}
 	}
-
 #ifdef ENABLE_PKCS11
 	if (HAVE_OPT(PROVIDER)) {
 		ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
@@ -1341,8 +1352,7 @@ static void cmd_parser(int argc, char **argv)
 				gnutls_strerror(ret));
 		else {
 			ret =
-			    gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER),
-						       NULL);
+			    gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER), NULL);
 			if (ret < 0) {
 				fprintf(stderr, "pkcs11_add_provider: %s",
 					gnutls_strerror(ret));
@@ -1389,7 +1399,8 @@ static void cmd_parser(int argc, char **argv)
 	cinfo.pkcs8 = HAVE_OPT(PKCS8);
 	cinfo.incert_format = incert_format;
 	cinfo.outcert_format = outcert_format;
-	cinfo.outtext = ENABLED_OPT(TEXT) && outcert_format == GNUTLS_X509_FMT_PEM;
+	cinfo.outtext = ENABLED_OPT(TEXT)
+	    && outcert_format == GNUTLS_X509_FMT_PEM;
 
 	if (HAVE_OPT(LOAD_CERTIFICATE))
 		cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
@@ -1440,14 +1451,19 @@ static void cmd_parser(int argc, char **argv)
 
 	if (HAVE_OPT(VERIFY_PROFILE)) {
 		if (strcasecmp(OPT_ARG(VERIFY_PROFILE), "none") == 0) {
-			cinfo.verification_profile = (gnutls_sec_param_t)GNUTLS_PROFILE_UNKNOWN;
+			cinfo.verification_profile =
+			    (gnutls_sec_param_t) GNUTLS_PROFILE_UNKNOWN;
 		} else {
-			cinfo.verification_profile = (gnutls_sec_param_t)gnutls_certificate_verification_profile_get_id(OPT_ARG(VERIFY_PROFILE));
+			cinfo.verification_profile = (gnutls_sec_param_t)
+			    gnutls_certificate_verification_profile_get_id
+			    (OPT_ARG(VERIFY_PROFILE));
 		}
 	} else if (!HAVE_OPT(VERIFY_ALLOW_BROKEN)) {
 		if (HAVE_OPT(VERIFY_CHAIN) || HAVE_OPT(VERIFY)) {
-			fprintf(stderr, "Note that no verification profile was selected. In the future the medium profile will be enabled by default.\n");
-			fprintf(stderr, "Use --verify-profile low to apply the default verification of NORMAL priority string.\n");
+			fprintf(stderr,
+				"Note that no verification profile was selected. In the future the medium profile will be enabled by default.\n");
+			fprintf(stderr,
+				"Use --verify-profile low to apply the default verification of NORMAL priority string.\n");
 		}
 		/* cinfo.verification_profile = GNUTLS_PROFILE_LOW; */
 	}
@@ -1512,7 +1528,8 @@ static void cmd_parser(int argc, char **argv)
 	else if (HAVE_OPT(P7_DETACHED_SIGN))
 		pkcs7_sign(&cinfo, 0);
 	else if (HAVE_OPT(P7_VERIFY))
-		verify_pkcs7(&cinfo, OPT_ARG(VERIFY_PURPOSE), ENABLED_OPT(P7_SHOW_DATA));
+		verify_pkcs7(&cinfo, OPT_ARG(VERIFY_PURPOSE),
+			     ENABLED_OPT(P7_SHOW_DATA));
 	else if (HAVE_OPT(P8_INFO))
 		pkcs8_info();
 	else if (HAVE_OPT(SMIME_TO_P7))
@@ -1527,7 +1544,6 @@ static void cmd_parser(int argc, char **argv)
 	if (outfile != stdout)
 		fclose(outfile);
 
-
 	free(cinfo.seed);
 #ifdef ENABLE_PKCS11
 	gnutls_pkcs11_deinit();
@@ -1544,7 +1560,7 @@ void certificate_info(int pubkey, common_info_st * cinfo)
 	gnutls_datum_t pem;
 	unsigned int crt_num;
 
-	pem.data = (void *) fread_file(infile, 0, &size);
+	pem.data = (void *)fread_file(infile, 0, &size);
 	pem.size = size;
 
 	if (!pem.data) {
@@ -1553,7 +1569,8 @@ void certificate_info(int pubkey, common_info_st * cinfo)
 	}
 
 	ret =
-	    gnutls_x509_crt_list_import2(&crts, &crt_num, &pem, incert_format, 0);
+	    gnutls_x509_crt_list_import2(&crts, &crt_num, &pem, incert_format,
+					 0);
 	if (ret < 0) {
 		fprintf(stderr, "import error: %s\n", gnutls_strerror(ret));
 		app_exit(1);
@@ -1582,7 +1599,8 @@ void certificate_info(int pubkey, common_info_st * cinfo)
 			pubkey_info(crts[i], cinfo);
 		} else {
 			ret =
-			    gnutls_x509_crt_export2(crts[i], outcert_format, &out);
+			    gnutls_x509_crt_export2(crts[i], outcert_format,
+						    &out);
 			if (ret < 0) {
 				fprintf(stderr, "export error: %s\n",
 					gnutls_strerror(ret));
@@ -1624,7 +1642,8 @@ print_certificate_info(gnutls_x509_crt_t crt, FILE * out, unsigned int all)
 		}
 }
 
-static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *cinfo)
+static void print_crl_info(gnutls_x509_crl_t crl, FILE * out,
+			   common_info_st * cinfo)
 {
 	gnutls_datum_t data;
 	gnutls_datum_t cout;
@@ -1633,7 +1652,8 @@ static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *ci
 	if (cinfo->outtext) {
 		ret = gnutls_x509_crl_print(crl, full_format, &data);
 		if (ret < 0) {
-			fprintf(stderr, "crl_print: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "crl_print: %s\n",
+				gnutls_strerror(ret));
 			app_exit(1);
 		}
 		fprintf(out, "%s\n", data.data);
@@ -1641,8 +1661,7 @@ static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *ci
 		gnutls_free(data.data);
 	}
 
-	ret =
-	    gnutls_x509_crl_export2(crl, outcert_format, &cout);
+	ret = gnutls_x509_crl_export2(crl, outcert_format, &cout);
 	if (ret < 0) {
 		fprintf(stderr, "crl_export: %s\n", gnutls_strerror(ret));
 		app_exit(1);
@@ -1652,7 +1671,7 @@ static void print_crl_info(gnutls_x509_crl_t crl, FILE * out, common_info_st *ci
 	gnutls_free(cout.data);
 }
 
-void crl_info(common_info_st *cinfo)
+void crl_info(common_info_st * cinfo)
 {
 	gnutls_x509_crl_t crl;
 	int ret;
@@ -1665,7 +1684,7 @@ void crl_info(common_info_st *cinfo)
 		app_exit(1);
 	}
 
-	pem.data = (void *) fread_file(infile, 0, &size);
+	pem.data = (void *)fread_file(infile, 0, &size);
 	pem.size = size;
 
 	if (!pem.data) {
@@ -1686,7 +1705,8 @@ void crl_info(common_info_st *cinfo)
 	gnutls_x509_crl_deinit(crl);
 }
 
-static void print_crq_info(gnutls_x509_crq_t crq, FILE * out, common_info_st *cinfo)
+static void print_crq_info(gnutls_x509_crq_t crq, FILE * out,
+			   common_info_st * cinfo)
 {
 	gnutls_datum_t data;
 	int ret;
@@ -1724,7 +1744,7 @@ static void print_crq_info(gnutls_x509_crq_t crq, FILE * out, common_info_st *ci
 	fwrite(lbuffer, 1, size, outfile);
 }
 
-void crq_info(common_info_st *cinfo)
+void crq_info(common_info_st * cinfo)
 {
 	gnutls_x509_crq_t crq;
 	int ret;
@@ -1737,7 +1757,7 @@ void crq_info(common_info_st *cinfo)
 		app_exit(1);
 	}
 
-	pem.data = (void *) fread_file(infile, 0, &size);
+	pem.data = (void *)fread_file(infile, 0, &size);
 	pem.size = size;
 
 	if (!pem.data) {
@@ -1780,7 +1800,8 @@ void privkey_info(common_info_st * cinfo)
 	pem.size = size;
 
 	ret =
-	    gnutls_x509_privkey_import2(key, &pem, incert_format, NULL, GNUTLS_PKCS_PLAIN);
+	    gnutls_x509_privkey_import2(key, &pem, incert_format, NULL,
+					GNUTLS_PKCS_PLAIN);
 
 	/* If we failed to import the certificate previously try PKCS #8 */
 	if (ret == GNUTLS_E_DECRYPTION_FAILED) {
@@ -1794,8 +1815,7 @@ void privkey_info(common_info_st * cinfo)
 		pass = get_password(cinfo, &flags, 0);
 
 		ret = gnutls_x509_privkey_import2(key, &pem,
-						  incert_format, pass,
-						  flags);
+						  incert_format, pass, flags);
 	}
 	if (ret < 0) {
 		fprintf(stderr, "import error: %s\n", gnutls_strerror(ret));
@@ -1838,7 +1858,8 @@ static void privkey_to_rsa(common_info_st * cinfo)
 	pem.size = size;
 
 	ret =
-	    gnutls_x509_privkey_import2(key, &pem, incert_format, NULL, GNUTLS_PKCS_PLAIN);
+	    gnutls_x509_privkey_import2(key, &pem, incert_format, NULL,
+					GNUTLS_PKCS_PLAIN);
 
 	/* If we failed to import the certificate previously try PKCS #8 */
 	if (ret == GNUTLS_E_DECRYPTION_FAILED) {
@@ -1852,8 +1873,7 @@ static void privkey_to_rsa(common_info_st * cinfo)
 		pass = get_password(cinfo, &flags, 0);
 
 		ret = gnutls_x509_privkey_import2(key, &pem,
-						  incert_format, pass,
-						  flags);
+						  incert_format, pass, flags);
 	}
 	if (ret < 0) {
 		fprintf(stderr, "import error: %s\n", gnutls_strerror(ret));
@@ -1862,7 +1882,8 @@ static void privkey_to_rsa(common_info_st * cinfo)
 
 	ret = gnutls_x509_privkey_get_pk_algorithm(key);
 	if (ret != GNUTLS_PK_RSA && ret != GNUTLS_PK_RSA_PSS) {
-		fprintf(stderr, "unexpected key type: %s\n", gnutls_pk_get_name(ret));
+		fprintf(stderr, "unexpected key type: %s\n",
+			gnutls_pk_get_name(ret));
 		app_exit(1);
 	}
 
@@ -1880,7 +1901,6 @@ static void privkey_to_rsa(common_info_st * cinfo)
 	gnutls_x509_privkey_deinit(key);
 }
 
-
 /* Generate a PKCS #10 certificate request.
  */
 void generate_request(common_info_st * cinfo)
@@ -1906,7 +1926,8 @@ void generate_request(common_info_st * cinfo)
 	pkey = load_private_key(0, cinfo);
 	if (!pkey) {
 		if (HAVE_OPT(LOAD_PUBKEY)) {
-			fprintf(stderr, "--load-pubkey was specified without corresponding --load-privkey\n");
+			fprintf(stderr,
+				"--load-pubkey was specified without corresponding --load-privkey\n");
 			app_exit(1);
 		}
 
@@ -1962,8 +1983,7 @@ void generate_request(common_info_st * cinfo)
 	if (pass != NULL && pass[0] != 0) {
 		ret = gnutls_x509_crq_set_challenge_password(crq, pass);
 		if (ret < 0) {
-			fprintf(stderr, "set_pass: %s\n",
-				gnutls_strerror(ret));
+			fprintf(stderr, "set_pass: %s\n", gnutls_strerror(ret));
 			app_exit(1);
 		}
 	}
@@ -2001,7 +2021,8 @@ void generate_request(common_info_st * cinfo)
 				usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
 		} else {	/* DSA and ECDSA are always signing */
 			if (get_encrypt_status(1))
-				fprintf(stderr, "warning: this algorithm does not support encryption; disabling the encryption flag\n");
+				fprintf(stderr,
+					"warning: this algorithm does not support encryption; disabling the encryption flag\n");
 
 			usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
 		}
@@ -2071,7 +2092,6 @@ void generate_request(common_info_st * cinfo)
 			if (ret)
 				usage |= GNUTLS_KEY_CRL_SIGN;
 
-
 		}
 
 		ret = gnutls_x509_crq_set_key_usage(crq, usage);
@@ -2156,12 +2176,11 @@ static int detailed_verification(gnutls_x509_crt_t cert,
 {
 	char tmp[255];
 	size_t tmp_size;
-	gnutls_datum_t name = {NULL,0}, issuer_name = {NULL,0};
-	gnutls_datum_t serial = {NULL,0};
+	gnutls_datum_t name = { NULL, 0 }, issuer_name = { NULL, 0 };
+	gnutls_datum_t serial = { NULL, 0 };
 	int ret;
 
-	ret =
-	    gnutls_x509_crt_get_issuer_dn3(cert, &issuer_name, 0);
+	ret = gnutls_x509_crt_get_issuer_dn3(cert, &issuer_name, 0);
 	if (ret < 0) {
 		fprintf(stderr, "gnutls_x509_crt_get_issuer_dn: %s\n",
 			gnutls_strerror(ret));
@@ -2185,8 +2204,7 @@ static int detailed_verification(gnutls_x509_crt_t cert,
 
 	if (issuer != NULL) {
 		gnutls_free(issuer_name.data);
-		ret =
-		    gnutls_x509_crt_get_dn3(issuer, &issuer_name, 0);
+		ret = gnutls_x509_crt_get_dn3(issuer, &issuer_name, 0);
 		if (ret < 0) {
 			fprintf(stderr,
 				"gnutls_x509_crt_get_issuer_dn: %s\n",
@@ -2197,14 +2215,14 @@ static int detailed_verification(gnutls_x509_crt_t cert,
 		fprintf(outfile, "\tChecked against: %s\n", issuer_name.data);
 	}
 
-	fprintf(outfile, "\tSignature algorithm: %s\n", get_signature_algo(cert));
+	fprintf(outfile, "\tSignature algorithm: %s\n",
+		get_signature_algo(cert));
 
 	if (crl != NULL) {
 		gnutls_datum_t data;
 		gnutls_free(issuer_name.data);
 
-		ret =
-		    gnutls_x509_crl_get_issuer_dn3(crl, &issuer_name, 0);
+		ret = gnutls_x509_crl_get_issuer_dn3(crl, &issuer_name, 0);
 		if (ret < 0) {
 			fprintf(stderr,
 				"gnutls_x509_crl_get_issuer_dn: %s\n",
@@ -2213,12 +2231,11 @@ static int detailed_verification(gnutls_x509_crt_t cert,
 		}
 
 		tmp_size = sizeof(tmp);
-		ret =
-		    gnutls_x509_crl_get_number(crl, tmp, &tmp_size, NULL);
+		ret = gnutls_x509_crl_get_number(crl, tmp, &tmp_size, NULL);
 		if (ret < 0) {
-			serial.data = (void*)gnutls_strdup("unnumbered");
+			serial.data = (void *)gnutls_strdup("unnumbered");
 		} else {
-			data.data = (void *) tmp;
+			data.data = (void *)tmp;
 			data.size = tmp_size;
 
 			ret = gnutls_hex_encode2(&data, &serial);
@@ -2244,7 +2261,7 @@ static int detailed_verification(gnutls_x509_crt_t cert,
 	return 0;
 }
 
-static void load_data(common_info_st *cinfo, gnutls_datum_t *data)
+static void load_data(common_info_st * cinfo, gnutls_datum_t * data)
 {
 	FILE *fp;
 	size_t size;
@@ -2255,7 +2272,7 @@ static void load_data(common_info_st *cinfo, gnutls_datum_t *data)
 		app_exit(1);
 	}
 
-	data->data = (void *) fread_file(fp, 0, &size);
+	data->data = (void *)fread_file(fp, 0, &size);
 	if (data->data == NULL) {
 		fprintf(stderr, "Error reading data file");
 		app_exit(1);
@@ -2277,24 +2294,36 @@ static gnutls_x509_trust_list_t load_tl(common_info_st * cinfo)
 		app_exit(1);
 	}
 
-	if (cinfo->ca == NULL) { /* system */
+	if (cinfo->ca == NULL) {	/* system */
 		ret = gnutls_x509_trust_list_add_system_trust(list, 0, 0);
 		if (ret < 0) {
 			fprintf(stderr, "Error loading system trust: %s\n",
 				gnutls_strerror(ret));
 			app_exit(1);
 		}
-		fprintf(stderr, "Loaded system trust (%d CAs available)\n", ret);
+		fprintf(stderr, "Loaded system trust (%d CAs available)\n",
+			ret);
 	} else if (cinfo->ca != NULL) {
-		ret = gnutls_x509_trust_list_add_trust_file(list, cinfo->ca, cinfo->crl, cinfo->incert_format, 0, 0);
+		ret =
+		    gnutls_x509_trust_list_add_trust_file(list, cinfo->ca,
+							  cinfo->crl,
+							  cinfo->incert_format,
+							  0, 0);
 		if (ret < 0) {
-			int ret2 = gnutls_x509_trust_list_add_trust_file(list, cinfo->ca, cinfo->crl, GNUTLS_X509_FMT_PEM, 0, 0);
+			int ret2 = gnutls_x509_trust_list_add_trust_file(list,
+									 cinfo->
+									 ca,
+									 cinfo->
+									 crl,
+									 GNUTLS_X509_FMT_PEM,
+									 0, 0);
 			if (ret2 >= 0)
 				ret = ret2;
 		}
 
 		if (ret < 0) {
-			fprintf(stderr, "gnutls_x509_trust_add_trust_file: %s\n",
+			fprintf(stderr,
+				"gnutls_x509_trust_add_trust_file: %s\n",
 				gnutls_strerror(ret));
 			app_exit(1);
 		}
@@ -2308,7 +2337,8 @@ static gnutls_x509_trust_list_t load_tl(common_info_st * cinfo)
 /* Loads from a certificate chain, the last certificate on the
  * trusted list. In addition it will load any CRLs if present.
  */
-static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert, int cert_size)
+static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert,
+							int cert_size)
 {
 	gnutls_datum_t tmp;
 	gnutls_x509_crt_t *x509_cert_list = NULL;
@@ -2326,10 +2356,12 @@ static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert, int ce
 		app_exit(1);
 	}
 
-	tmp.data = (void *) cert;
+	tmp.data = (void *)cert;
 	tmp.size = cert_size;
 
-	ret = gnutls_x509_crt_list_import2(&x509_cert_list, &x509_ncerts, &tmp, GNUTLS_X509_FMT_PEM, 0);
+	ret =
+	    gnutls_x509_crt_list_import2(&x509_cert_list, &x509_ncerts, &tmp,
+					 GNUTLS_X509_FMT_PEM, 0);
 	if (ret < 0 || x509_ncerts < 1) {
 		fprintf(stderr, "error parsing CRTs: %s\n",
 			gnutls_strerror(ret));
@@ -2347,8 +2379,9 @@ static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert, int ce
 
 	/* add CAs */
 	ret =
-	    gnutls_x509_trust_list_add_cas(list, &x509_cert_list[x509_ncerts - 1],
-					   1, 0);
+	    gnutls_x509_trust_list_add_cas(list,
+					   &x509_cert_list[x509_ncerts - 1], 1,
+					   0);
 	if (ret < 0) {
 		fprintf(stderr, "gnutls_x509_trust_add_cas: %s\n",
 			gnutls_strerror(ret));
@@ -2368,7 +2401,7 @@ static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert, int ce
 	}
 
 	if (x509_ncerts > 1) {
-		for (i=0;i<x509_ncerts-1;i++)
+		for (i = 0; i < x509_ncerts - 1; i++)
 			gnutls_x509_crt_deinit(x509_cert_list[i]);
 	}
 	gnutls_free(x509_cert_list);
@@ -2383,11 +2416,9 @@ static gnutls_x509_trust_list_t load_tl_from_cert_chain(const char *cert, int ce
  *
  * If @system is non-zero then the system's CA will be used.
  */
-static int
-_verify_x509_mem(const void *cert, int cert_size, common_info_st *cinfo,
-		 unsigned use_system_trust, /* if ca_file == NULL */
-		 const char *purpose,
-		 const char *hostname, const char *email)
+static int _verify_x509_mem(const void *cert, int cert_size, common_info_st * cinfo, unsigned use_system_trust,	/* if ca_file == NULL */
+			    const char *purpose,
+			    const char *hostname, const char *email)
 {
 	int ret;
 	unsigned i;
@@ -2411,7 +2442,7 @@ _verify_x509_mem(const void *cert, int cert_size, common_info_st *cinfo,
 		}
 	}
 
-	tmp.data = (void *) cert;
+	tmp.data = (void *)cert;
 	tmp.size = cert_size;
 
 	ret =
@@ -2430,26 +2461,25 @@ _verify_x509_mem(const void *cert, int cert_size, common_info_st *cinfo,
 	if (HAVE_OPT(VERIFY_ALLOW_BROKEN))
 		vflags |= GNUTLS_VERIFY_ALLOW_BROKEN;
 
-
 	if (purpose || hostname || email) {
 		gnutls_typed_vdata_st vdata[2];
 		unsigned vdata_size = 0;
 
 		if (purpose) {
 			vdata[vdata_size].type = GNUTLS_DT_KEY_PURPOSE_OID;
-			vdata[vdata_size].data = (void*)purpose;
+			vdata[vdata_size].data = (void *)purpose;
 			vdata[vdata_size].size = strlen(purpose);
 			vdata_size++;
 		}
 
 		if (hostname) {
 			vdata[vdata_size].type = GNUTLS_DT_DNS_HOSTNAME;
-			vdata[vdata_size].data = (void*)hostname;
+			vdata[vdata_size].data = (void *)hostname;
 			vdata[vdata_size].size = strlen(hostname);
 			vdata_size++;
 		} else if (email) {
 			vdata[vdata_size].type = GNUTLS_DT_RFC822NAME;
-			vdata[vdata_size].data = (void*)email;
+			vdata[vdata_size].data = (void *)email;
 			vdata[vdata_size].size = strlen(email);
 			vdata_size++;
 		}
@@ -2482,7 +2512,7 @@ _verify_x509_mem(const void *cert, int cert_size, common_info_st *cinfo,
 	fprintf(outfile, "\n\n");
 
 	gnutls_x509_trust_list_deinit(list, 1);
-	for (i=0;i<x509_ncerts;i++)
+	for (i = 0; i < x509_ncerts; i++)
 		gnutls_x509_crt_deinit(x509_cert_list[i]);
 	gnutls_free(x509_cert_list);
 
@@ -2523,11 +2553,12 @@ static void verify_chain(common_info_st * cinfo)
 	size_t size;
 
 	if (cinfo->ca != NULL) {
-		fprintf(stderr, "This option cannot be combined with --load-ca-certificate\n");
+		fprintf(stderr,
+			"This option cannot be combined with --load-ca-certificate\n");
 		app_exit(1);
 	}
 
-	buf = (void *) fread_file(infile, 0, &size);
+	buf = (void *)fread_file(infile, 0, &size);
 	if (buf == NULL) {
 		fprintf(stderr, "Error reading certificate chain");
 		app_exit(1);
@@ -2544,7 +2575,7 @@ static void verify_certificate(common_info_st * cinfo)
 	char *cas = NULL;
 	size_t cert_size;
 
-	cert = (void *) fread_file(infile, 0, &cert_size);
+	cert = (void *)fread_file(infile, 0, &cert_size);
 	if (cert == NULL) {
 		fprintf(stderr, "Error reading certificate chain");
 		app_exit(1);
@@ -2556,7 +2587,6 @@ static void verify_certificate(common_info_st * cinfo)
 	free(cert);
 	free(cas);
 
-
 }
 
 void verify_crl(common_info_st * cinfo)
@@ -2587,7 +2617,7 @@ void verify_crl(common_info_st * cinfo)
 		app_exit(1);
 	}
 
-	pem.data = (void *) fread_file(infile, 0, &size);
+	pem.data = (void *)fread_file(infile, 0, &size);
 	pem.size = size;
 
 	if (!pem.data) {
@@ -2638,15 +2668,17 @@ void verify_crl(common_info_st * cinfo)
 	app_exit(rc);
 }
 
-static void print_pkcs7_sig_info(gnutls_pkcs7_signature_info_st *info, common_info_st *cinfo)
+static void print_pkcs7_sig_info(gnutls_pkcs7_signature_info_st * info,
+				 common_info_st * cinfo)
 {
 	int ret;
 	gnutls_datum_t str;
 
-	ret = gnutls_pkcs7_print_signature_info(info, GNUTLS_CRT_PRINT_COMPACT, &str);
+	ret =
+	    gnutls_pkcs7_print_signature_info(info, GNUTLS_CRT_PRINT_COMPACT,
+					      &str);
 	if (ret < 0) {
-		fprintf(stderr, "printing error: %s\n",
-				gnutls_strerror(ret));
+		fprintf(stderr, "printing error: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -2654,13 +2686,14 @@ static void print_pkcs7_sig_info(gnutls_pkcs7_signature_info_st *info, common_in
 	gnutls_free(str.data);
 }
 
-void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_data)
+void verify_pkcs7(common_info_st * cinfo, const char *purpose,
+		  unsigned display_data)
 {
 	gnutls_pkcs7_t pkcs7;
 	int ret, ecode;
 	size_t size;
-	gnutls_datum_t data, detached = {NULL,0};
-	gnutls_datum_t tmp = {NULL,0};
+	gnutls_datum_t data, detached = { NULL, 0 };
+	gnutls_datum_t tmp = { NULL, 0 };
 	int i;
 	gnutls_pkcs7_signature_info_st info;
 	gnutls_x509_trust_list_t tl = NULL;
@@ -2675,7 +2708,7 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_
 		app_exit(1);
 	}
 
-	data.data = (void *) fread_file(infile, 0, &size);
+	data.data = (void *)fread_file(infile, 0, &size);
 	data.size = size;
 
 	if (!data.data) {
@@ -2686,14 +2719,13 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_
 	ret = gnutls_pkcs7_import(pkcs7, &data, cinfo->incert_format);
 	free(data.data);
 	if (ret < 0) {
-		fprintf(stderr, "import error: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "import error: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
 	if (cinfo->cert != NULL) {
 		signer = load_cert(1, cinfo);
-	} else { /* trust list */
+	} else {		/* trust list */
 		tl = load_tl(cinfo);
 		if (tl == NULL) {
 			fprintf(stderr, "error loading trust list\n");
@@ -2705,28 +2737,34 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_
 
 	if (purpose) {
 		vdata[vdata_size].type = GNUTLS_DT_KEY_PURPOSE_OID;
-		vdata[vdata_size].data = (void*)purpose;
+		vdata[vdata_size].data = (void *)purpose;
 		vdata[vdata_size].size = strlen(purpose);
 		vdata_size++;
 	}
 
 	ecode = 1;
-	for (i=0;;i++) {
+	for (i = 0;; i++) {
 		ret = gnutls_pkcs7_get_signature_info(pkcs7, i, &info);
 		if (ret < 0)
 			break;
 
 		if (!display_data) {
-			if (i==0) {
-				fprintf(outfile, "eContent Type: %s\n", gnutls_pkcs7_get_embedded_data_oid(pkcs7));
+			if (i == 0) {
+				fprintf(outfile, "eContent Type: %s\n",
+					gnutls_pkcs7_get_embedded_data_oid
+					(pkcs7));
 				fprintf(outfile, "Signers:\n");
 			}
 			print_pkcs7_sig_info(&info, cinfo);
 		} else if (i == 0) {
 			if (!detached.data) {
-				ret = gnutls_pkcs7_get_embedded_data(pkcs7, 0, &tmp);
+				ret =
+				    gnutls_pkcs7_get_embedded_data(pkcs7, 0,
+								   &tmp);
 				if (ret < 0) {
-					fprintf(stderr, "error getting embedded data: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"error getting embedded data: %s\n",
+						gnutls_strerror(ret));
 					app_exit(1);
 				}
 
@@ -2734,7 +2772,8 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_
 				gnutls_free(tmp.data);
 				tmp.data = NULL;
 			} else {
-				fwrite(detached.data, 1, detached.size, outfile);
+				fwrite(detached.data, 1, detached.size,
+				       outfile);
 			}
 		}
 
@@ -2744,20 +2783,32 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_
 			flags |= GNUTLS_VERIFY_ALLOW_BROKEN;
 
 		if (signer) {
-			ret = gnutls_pkcs7_verify_direct(pkcs7, signer, i, detached.data!=NULL?&detached:NULL, flags);
+			ret =
+			    gnutls_pkcs7_verify_direct(pkcs7, signer, i,
+						       detached.data !=
+						       NULL ? &detached : NULL,
+						       flags);
 
 			if (ret >= 0 && purpose) {
-				unsigned res = gnutls_x509_crt_check_key_purpose(signer, purpose, 0);
+				unsigned res =
+				    gnutls_x509_crt_check_key_purpose(signer,
+								      purpose,
+								      0);
 				if (res == 0)
 					ret = GNUTLS_E_CONSTRAINT_ERROR;
 			}
 
 		} else {
 			assert(tl != NULL);
-			ret = gnutls_pkcs7_verify(pkcs7, tl, vdata, vdata_size, i, detached.data!=NULL?&detached:NULL, flags);
+			ret =
+			    gnutls_pkcs7_verify(pkcs7, tl, vdata, vdata_size, i,
+						detached.data !=
+						NULL ? &detached : NULL, flags);
 		}
 		if (ret < 0) {
-			fprintf(stderr, "\tSignature status: verification failed: %s\n", gnutls_strerror(ret));
+			fprintf(stderr,
+				"\tSignature status: verification failed: %s\n",
+				gnutls_strerror(ret));
 			ecode = 1;
 		} else {
 			fprintf(stderr, "\tSignature status: ok\n");
@@ -2765,7 +2816,6 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_
 		}
 	}
 
-
 	gnutls_pkcs7_deinit(pkcs7);
 	if (signer)
 		gnutls_x509_crt_deinit(signer);
@@ -2799,7 +2849,7 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed)
 		app_exit(1);
 	}
 
-	data.data = (void *) fread_file(infile, 0, &size);
+	data.data = (void *)fread_file(infile, 0, &size);
 	data.size = size;
 
 	if (!data.data) {
@@ -2813,24 +2863,25 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed)
 	if (embed)
 		flags |= GNUTLS_PKCS7_EMBED_DATA;
 
-	ret = gnutls_pkcs7_sign(pkcs7, *crts, key, &data, NULL, NULL, get_dig(*crts, cinfo), flags);
+	ret =
+	    gnutls_pkcs7_sign(pkcs7, *crts, key, &data, NULL, NULL,
+			      get_dig(*crts, cinfo), flags);
 	if (ret < 0) {
 		fprintf(stderr, "Error signing: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
-	for (i=1;i<crt_size;i++) {
+	for (i = 1; i < crt_size; i++) {
 		ret = gnutls_pkcs7_set_crt(pkcs7, crts[i]);
 		if (ret < 0) {
-			fprintf(stderr, "Error adding cert: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Error adding cert: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 	}
 
-
 	size = lbuffer_size;
-	ret =
-	    gnutls_pkcs7_export(pkcs7, outcert_format, lbuffer, &size);
+	ret = gnutls_pkcs7_export(pkcs7, outcert_format, lbuffer, &size);
 	if (ret < 0) {
 		fprintf(stderr, "pkcs7_export: %s\n", gnutls_strerror(ret));
 		app_exit(1);
@@ -2839,7 +2890,7 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed)
 	fwrite(lbuffer, 1, size, outfile);
 
 	gnutls_privkey_deinit(key);
-	for (i=0;i<crt_size;i++) {
+	for (i = 0; i < crt_size; i++) {
 		gnutls_x509_crt_deinit(crts[i]);
 	}
 	gnutls_free(crts);
@@ -2866,28 +2917,29 @@ void pkcs7_generate(common_info_st * cinfo)
 		app_exit(1);
 	}
 
-	for (i=0;i<crt_size;i++) {
+	for (i = 0; i < crt_size; i++) {
 		ret = gnutls_pkcs7_set_crt(pkcs7, crts[i]);
 		if (ret < 0) {
-			fprintf(stderr, "Error adding cert: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Error adding cert: %s\n",
+				gnutls_strerror(ret));
 			app_exit(1);
 		}
 		gnutls_x509_crt_deinit(crts[i]);
 	}
 	gnutls_free(crts);
 
-	for (i=0;i<crl_size;i++) {
+	for (i = 0; i < crl_size; i++) {
 		ret = gnutls_pkcs7_set_crl(pkcs7, crls[i]);
 		if (ret < 0) {
-			fprintf(stderr, "Error adding CRL: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Error adding CRL: %s\n",
+				gnutls_strerror(ret));
 			app_exit(1);
 		}
 		gnutls_x509_crl_deinit(crls[i]);
 	}
 	gnutls_free(crls);
 
-	ret =
-	    gnutls_pkcs7_export2(pkcs7, outcert_format, &tmp);
+	ret = gnutls_pkcs7_export2(pkcs7, outcert_format, &tmp);
 	if (ret < 0) {
 		fprintf(stderr, "pkcs7_export: %s\n", gnutls_strerror(ret));
 		app_exit(1);
@@ -2900,7 +2952,6 @@ void pkcs7_generate(common_info_st * cinfo)
 	app_exit(0);
 }
 
-
 void generate_pkcs8(common_info_st * cinfo)
 {
 	gnutls_x509_privkey_t key;
@@ -2920,8 +2971,7 @@ void generate_pkcs8(common_info_st * cinfo)
 	size = lbuffer_size;
 	result =
 	    gnutls_x509_privkey_export_pkcs8(key, outcert_format,
-					     password, flags, lbuffer,
-					     &size);
+					     password, flags, lbuffer, &size);
 
 	if (result < 0) {
 		fprintf(stderr, "key_export: %s\n", gnutls_strerror(result));
@@ -2932,7 +2982,6 @@ void generate_pkcs8(common_info_st * cinfo)
 
 }
 
-
 #include <gnutls/pkcs12.h>
 #include <unistd.h>
 
@@ -2965,12 +3014,13 @@ void generate_pkcs12(common_info_st * cinfo)
 	crls = load_crl_list(0, &ncrls, cinfo);
 
 	if (keys == NULL && crts == NULL && ca_crt == NULL && crls == NULL) {
-		fprintf(stderr, "You must specify one of\n\t--load-privkey\n\t--load-certificate\n\t--load-ca-certificate\n\t--load-crl\n");
+		fprintf(stderr,
+			"You must specify one of\n\t--load-privkey\n\t--load-certificate\n\t--load-ca-certificate\n\t--load-crl\n");
 		app_exit(1);
 	}
 
 	if (cinfo->hash != GNUTLS_DIG_UNKNOWN)
-		mac = (gnutls_mac_algorithm_t)cinfo->hash;
+		mac = (gnutls_mac_algorithm_t) cinfo->hash;
 	else
 		mac = GNUTLS_MAC_SHA256;
 
@@ -2982,8 +3032,7 @@ void generate_pkcs12(common_info_st * cinfo)
 
 	result = gnutls_pkcs12_init(&pkcs12);
 	if (result < 0) {
-		fprintf(stderr, "pkcs12_init: %s\n",
-			gnutls_strerror(result));
+		fprintf(stderr, "pkcs12_init: %s\n", gnutls_strerror(result));
 		app_exit(1);
 	}
 
@@ -3024,7 +3073,8 @@ void generate_pkcs12(common_info_st * cinfo)
 
 		size = sizeof(_key_id);
 		result =
-		    gnutls_x509_crt_get_key_id(crts[i], GNUTLS_KEYID_USE_SHA1, _key_id, &size);
+		    gnutls_x509_crt_get_key_id(crts[i], GNUTLS_KEYID_USE_SHA1,
+					       _key_id, &size);
 		if (result < 0) {
 			fprintf(stderr, "key_id[%d]: %s\n", i,
 				gnutls_strerror(result));
@@ -3164,8 +3214,7 @@ void generate_pkcs12(common_info_st * cinfo)
 
 		indx = result;
 
-		result =
-		    gnutls_pkcs12_bag_set_friendly_name(kbag, indx, name);
+		result = gnutls_pkcs12_bag_set_friendly_name(kbag, indx, name);
 		if (result < 0) {
 			fprintf(stderr, "bag_set_friendly_name: %s\n",
 				gnutls_strerror(result));
@@ -3174,8 +3223,9 @@ void generate_pkcs12(common_info_st * cinfo)
 
 		size = sizeof(_key_id);
 		result =
-		    gnutls_x509_privkey_get_key_id(keys[i], GNUTLS_KEYID_USE_SHA1, _key_id,
-						   &size);
+		    gnutls_x509_privkey_get_key_id(keys[i],
+						   GNUTLS_KEYID_USE_SHA1,
+						   _key_id, &size);
 		if (result < 0) {
 			fprintf(stderr, "key_id[%d]: %s\n", i,
 				gnutls_strerror(result));
@@ -3203,22 +3253,19 @@ void generate_pkcs12(common_info_st * cinfo)
 
 	result = gnutls_pkcs12_generate_mac2(pkcs12, mac, pass);
 	if (result < 0) {
-		fprintf(stderr, "generate_mac: %s\n",
-			gnutls_strerror(result));
+		fprintf(stderr, "generate_mac: %s\n", gnutls_strerror(result));
 		app_exit(1);
 	}
 
 	size = lbuffer_size;
-	result =
-	    gnutls_pkcs12_export(pkcs12, outcert_format, lbuffer, &size);
+	result = gnutls_pkcs12_export(pkcs12, outcert_format, lbuffer, &size);
 	if (result < 0) {
-		fprintf(stderr, "pkcs12_export: %s\n",
-			gnutls_strerror(result));
+		fprintf(stderr, "pkcs12_export: %s\n", gnutls_strerror(result));
 		app_exit(1);
 	}
 
 	fwrite(lbuffer, 1, size, outfile);
-	for (i=0;i<ncrts;i++)
+	for (i = 0; i < ncrts; i++)
 		gnutls_x509_crt_deinit(crts[i]);
 	gnutls_free(crts);
 	gnutls_x509_crt_deinit(ca_crt);
@@ -3282,14 +3329,13 @@ static void print_bag_data(gnutls_pkcs12_bag_t bag, int outtext)
 			app_exit(1);
 		}
 
-		if (type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY &&
-		    outtext)
-			pkcs8_info_int(&cdata, GNUTLS_X509_FMT_DER, 1, outfile, "\t");
+		if (type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY && outtext)
+			pkcs8_info_int(&cdata, GNUTLS_X509_FMT_DER, 1, outfile,
+				       "\t");
 
 		name = NULL;
 		result =
-		    gnutls_pkcs12_bag_get_friendly_name(bag, i,
-							(char **) &name);
+		    gnutls_pkcs12_bag_get_friendly_name(bag, i, (char **)&name);
 		if (result < 0) {
 			fprintf(stderr, "get_friendly_name: %s\n",
 				gnutls_strerror(result));
@@ -3312,7 +3358,6 @@ static void print_bag_data(gnutls_pkcs12_bag_t bag, int outtext)
 			fprintf(outfile, "\tKey ID: %s\n",
 				raw_to_string(id.data, id.size));
 
-
 		switch (type) {
 		case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
 			str = "ENCRYPTED PRIVATE KEY";
@@ -3333,9 +3378,12 @@ static void print_bag_data(gnutls_pkcs12_bag_t bag, int outtext)
 		}
 
 		if (str != NULL) {
-			result = gnutls_pem_base64_encode_alloc(str, &cdata, &out);
+			result =
+			    gnutls_pem_base64_encode_alloc(str, &cdata, &out);
 			if (result < 0) {
-				fprintf(stderr, "Error in base64 encoding: %s\n", gnutls_strerror(result));
+				fprintf(stderr,
+					"Error in base64 encoding: %s\n",
+					gnutls_strerror(result));
 				app_exit(1);
 			}
 			fprintf(outfile, "%s", out.data);
@@ -3346,13 +3394,13 @@ static void print_bag_data(gnutls_pkcs12_bag_t bag, int outtext)
 }
 
 static
-void pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, FILE *out)
+void pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, FILE * out)
 {
 	int ret;
 	unsigned schema;
 	unsigned cipher;
 	unsigned char salt[32];
-	char hex[64+1];
+	char hex[64 + 1];
 	unsigned salt_size = sizeof(salt);
 	unsigned iter_count;
 	gnutls_datum_t bin;
@@ -3361,7 +3409,8 @@ void pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, FILE *out)
 	char *oid = NULL;
 
 	ret = gnutls_pkcs12_bag_enc_info(bag,
-		&schema, &cipher, salt, &salt_size, &iter_count, &oid);
+					 &schema, &cipher, salt, &salt_size,
+					 &iter_count, &oid);
 	if (ret == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
 		fprintf(out, "\tSchema: unsupported (%s)\n", oid);
 		gnutls_free(oid);
@@ -3379,15 +3428,15 @@ void pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, FILE *out)
 
 	str = gnutls_pkcs_schema_get_name(schema);
 	if (str != NULL) {
-		fprintf(out, "\tSchema: %s (%s)\n", str, gnutls_pkcs_schema_get_oid(schema));
+		fprintf(out, "\tSchema: %s (%s)\n", str,
+			gnutls_pkcs_schema_get_oid(schema));
 	}
 
 	bin.data = salt;
 	bin.size = salt_size;
 	ret = gnutls_hex_encode(&bin, hex, &hex_size);
 	if (ret < 0) {
-		fprintf(stderr, "hex encode error: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "hex encode error: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -3402,7 +3451,7 @@ void pkcs12_info(common_info_st * cinfo)
 	gnutls_pkcs12_bag_t bag;
 	gnutls_mac_algorithm_t mac_algo;
 	char *mac_oid = NULL;
-	char hex[64+1];
+	char hex[64 + 1];
 	size_t hex_size = sizeof(hex);
 	char salt[32];
 	unsigned int salt_size;
@@ -3419,7 +3468,7 @@ void pkcs12_info(common_info_st * cinfo)
 		app_exit(1);
 	}
 
-	data.data = (void *) fread_file(infile, 0, &size);
+	data.data = (void *)fread_file(infile, 0, &size);
 	data.size = size;
 
 	if (!data.data) {
@@ -3435,7 +3484,9 @@ void pkcs12_info(common_info_st * cinfo)
 	}
 
 	salt_size = sizeof(salt);
-	result = gnutls_pkcs12_mac_info(pkcs12, &mac_algo, salt, &salt_size, &mac_iter, &mac_oid);
+	result =
+	    gnutls_pkcs12_mac_info(pkcs12, &mac_algo, salt, &salt_size,
+				   &mac_iter, &mac_oid);
 	if (result == GNUTLS_E_UNKNOWN_HASH_ALGORITHM && cinfo->outtext) {
 		fprintf(outfile, "MAC info:\n");
 		if (mac_oid != NULL)
@@ -3444,9 +3495,10 @@ void pkcs12_info(common_info_st * cinfo)
 		gnutls_datum_t bin;
 
 		fprintf(outfile, "MAC info:\n");
-		fprintf(outfile, "\tMAC: %s (%s)\n", gnutls_mac_get_name(mac_algo), mac_oid);
+		fprintf(outfile, "\tMAC: %s (%s)\n",
+			gnutls_mac_get_name(mac_algo), mac_oid);
 
-		bin.data = (void*)salt;
+		bin.data = (void *)salt;
 		bin.size = salt_size;
 		result = gnutls_hex_encode(&bin, hex, &hex_size);
 		if (result < 0) {
@@ -3504,7 +3556,8 @@ void pkcs12_info(common_info_st * cinfo)
 
 		if (result == GNUTLS_BAG_ENCRYPTED) {
 			if (cinfo->outtext) {
-				fprintf(outfile, "\tType: %s\n", BAGTYPE(result));
+				fprintf(outfile, "\tType: %s\n",
+					BAGTYPE(result));
 				pkcs12_bag_enc_info(bag, outfile);
 				fprintf(outfile, "\n\tDecrypting...\n");
 			}
@@ -3536,20 +3589,19 @@ void pkcs12_info(common_info_st * cinfo)
 	gnutls_pkcs12_deinit(pkcs12);
 
 	if (fail) {
-		fprintf(stderr,
-			"There were errors parsing the structure\n");
+		fprintf(stderr, "There were errors parsing the structure\n");
 		app_exit(1);
 	}
 }
 
-void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
-		    unsigned ignore_err, FILE *out, const char *tab)
+void pkcs8_info_int(gnutls_datum_t * data, unsigned format,
+		    unsigned ignore_err, FILE * out, const char *tab)
 {
 	int ret;
 	unsigned schema;
 	unsigned cipher;
 	unsigned char salt[32];
-	char hex[64+1];
+	char hex[64 + 1];
 	unsigned salt_size = sizeof(salt);
 	unsigned iter_count;
 	gnutls_datum_t bin;
@@ -3558,7 +3610,8 @@ void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
 	char *oid = NULL;
 
 	ret = gnutls_pkcs8_info(data, format,
-		&schema, &cipher, salt, &salt_size, &iter_count, &oid);
+				&schema, &cipher, salt, &salt_size, &iter_count,
+				&oid);
 	if (ret == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
 		fprintf(out, "PKCS #8 information:\n");
 		fprintf(out, "\tSchema: unsupported (%s)\n", oid);
@@ -3582,16 +3635,15 @@ void pkcs8_info_int(gnutls_datum_t *data, unsigned format,
 
 	str = gnutls_pkcs_schema_get_name(schema);
 	if (str != NULL) {
-		fprintf(out, "%s\tSchema: %s (%s)\n", tab, str,  gnutls_pkcs_schema_get_oid(schema));
+		fprintf(out, "%s\tSchema: %s (%s)\n", tab, str,
+			gnutls_pkcs_schema_get_oid(schema));
 	}
 
-
 	bin.data = salt;
 	bin.size = salt_size;
 	ret = gnutls_hex_encode(&bin, hex, &hex_size);
 	if (ret < 0) {
-		fprintf(stderr, "hex encode error: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "hex encode error: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -3608,7 +3660,7 @@ void pkcs8_info(void)
 	size_t size;
 	gnutls_datum_t data;
 
-	data.data = (void *) fread_file(infile, 0, &size);
+	data.data = (void *)fread_file(infile, 0, &size);
 	data.size = size;
 
 	if (!data.data) {
@@ -3620,7 +3672,7 @@ void pkcs8_info(void)
 	free(data.data);
 }
 
-void pkcs7_info(common_info_st *cinfo, unsigned display_data)
+void pkcs7_info(common_info_st * cinfo, unsigned display_data)
 {
 	gnutls_pkcs7_t pkcs7;
 	int ret;
@@ -3633,7 +3685,7 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data)
 		app_exit(1);
 	}
 
-	data.data = (void *) fread_file(infile, 0, &size);
+	data.data = (void *)fread_file(infile, 0, &size);
 	data.size = size;
 
 	if (!data.data) {
@@ -3644,8 +3696,7 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data)
 	ret = gnutls_pkcs7_import(pkcs7, &data, incert_format);
 	free(data.data);
 	if (ret < 0) {
-		fprintf(stderr, "import error: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "import error: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -3655,7 +3706,9 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data)
 		ret = gnutls_pkcs7_get_embedded_data(pkcs7, 0, &tmp);
 		if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
 			if (ret < 0) {
-				fprintf(stderr, "error getting embedded data: %s\n", gnutls_strerror(ret));
+				fprintf(stderr,
+					"error getting embedded data: %s\n",
+					gnutls_strerror(ret));
 				app_exit(1);
 			}
 
@@ -3667,7 +3720,9 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data)
 		}
 	} else {
 		if (cinfo->outtext) {
-			ret = gnutls_pkcs7_print(pkcs7, GNUTLS_CRT_PRINT_FULL, &str);
+			ret =
+			    gnutls_pkcs7_print(pkcs7, GNUTLS_CRT_PRINT_FULL,
+					       &str);
 			if (ret < 0) {
 				fprintf(stderr, "printing error: %s\n",
 					gnutls_strerror(ret));
@@ -3680,8 +3735,7 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data)
 
 		size = lbuffer_size;
 		ret =
-		    gnutls_pkcs7_export(pkcs7, outcert_format,
-					lbuffer, &size);
+		    gnutls_pkcs7_export(pkcs7, outcert_format, lbuffer, &size);
 		if (ret < 0) {
 			fprintf(stderr, "export error: %s\n",
 				gnutls_strerror(ret));
@@ -3788,8 +3842,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo)
 
 		if (privkey != NULL) {
 			ret =
-			    gnutls_pubkey_import_privkey(pubkey, privkey,
-							 0, 0);
+			    gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0);
 			if (ret < 0) {
 				fprintf(stderr,
 					"pubkey_import_privkey: %s\n",
@@ -3801,12 +3854,14 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo)
 			gnutls_pubkey_deinit(pubkey);
 			pubkey = load_pubkey(0, cinfo);
 
-			if (pubkey == NULL) { /* load from stdin */
-				pem.data = (void *) fread_file(infile, 0, &size);
+			if (pubkey == NULL) {	/* load from stdin */
+				pem.data = (void *)fread_file(infile, 0, &size);
 				pem.size = size;
 
 				if (!pem.data) {
-					fprintf(stderr, "%s", infile ? "file" : "standard input");
+					fprintf(stderr, "%s",
+						infile ? "file" :
+						"standard input");
 					app_exit(1);
 				}
 
@@ -3818,8 +3873,11 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo)
 					app_exit(1);
 				}
 
-				if (memmem(pem.data, pem.size, "BEGIN CERTIFICATE", 16) != 0 ||
-				    memmem(pem.data, pem.size, "BEGIN X509", 10) != 0) {
+				if (memmem
+				    (pem.data, pem.size, "BEGIN CERTIFICATE",
+				     16) != 0
+				    || memmem(pem.data, pem.size, "BEGIN X509",
+					      10) != 0) {
 					ret = gnutls_x509_crt_init(&crt);
 					if (ret < 0) {
 						fprintf(stderr,
@@ -3828,7 +3886,9 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo)
 						app_exit(1);
 					}
 
-					ret = gnutls_x509_crt_import(crt, &pem, GNUTLS_X509_FMT_PEM);
+					ret =
+					    gnutls_x509_crt_import(crt, &pem,
+								   GNUTLS_X509_FMT_PEM);
 					if (ret < 0) {
 						fprintf(stderr,
 							"crt_import: %s\n",
@@ -3836,15 +3896,20 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo)
 						app_exit(1);
 					}
 
-					ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+					ret =
+					    gnutls_pubkey_import_x509(pubkey,
+								      crt, 0);
 					if (ret < 0) {
-						fprintf(stderr, "pubkey_import_x509: %s\n",
-						gnutls_strerror(ret));
+						fprintf(stderr,
+							"pubkey_import_x509: %s\n",
+							gnutls_strerror(ret));
 						app_exit(1);
 					}
 					gnutls_x509_crt_deinit(crt);
 				} else {
-					ret = gnutls_pubkey_import(pubkey, &pem, incert_format);
+					ret =
+					    gnutls_pubkey_import(pubkey, &pem,
+								 incert_format);
 					if (ret < 0) {
 						fprintf(stderr,
 							"pubkey_import: %s\n",
@@ -3871,7 +3936,8 @@ void pubkey_info(gnutls_x509_crt_t crt, common_info_st * cinfo)
 		app_exit(1);
 	}
 
-	print_pubkey_info(pubkey, outfile, full_format, outcert_format, cinfo->outtext);
+	print_pubkey_info(pubkey, outfile, full_format, outcert_format,
+			  cinfo->outtext);
 	gnutls_pubkey_deinit(pubkey);
 }
 
@@ -3880,7 +3946,7 @@ void pubkey_keyid(common_info_st * cinfo)
 {
 	gnutls_pubkey_t pubkey;
 	uint8_t fpr[MAX_HASH_SIZE];
-	char txt[MAX_HASH_SIZE*2+1];
+	char txt[MAX_HASH_SIZE * 2 + 1];
 	int ret;
 	size_t size, fpr_size;
 	gnutls_datum_t tmp;
@@ -3893,22 +3959,21 @@ void pubkey_keyid(common_info_st * cinfo)
 	}
 
 	if (cinfo->hash == GNUTLS_DIG_SHA1 || cinfo->hash == GNUTLS_DIG_UNKNOWN)
-		flags = GNUTLS_KEYID_USE_SHA1; /* be backwards compatible */
+		flags = GNUTLS_KEYID_USE_SHA1;	/* be backwards compatible */
 	else if (cinfo->hash == GNUTLS_DIG_SHA512)
 		flags = GNUTLS_KEYID_USE_SHA512;
 	else if (cinfo->hash == GNUTLS_DIG_SHA256)
 		flags = GNUTLS_KEYID_USE_SHA256;
 	else {
-		fprintf(stderr, "Cannot calculate key ID with the provided hash (use sha1, sha256 or sha512)\n");
+		fprintf(stderr,
+			"Cannot calculate key ID with the provided hash (use sha1, sha256 or sha512)\n");
 		app_exit(1);
 	}
 
 	fpr_size = sizeof(fpr);
 	ret = gnutls_pubkey_get_key_id(pubkey, flags, fpr, &fpr_size);
 	if (ret < 0) {
-		fprintf(stderr,
-			"get_key_id: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "get_key_id: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -3918,9 +3983,7 @@ void pubkey_keyid(common_info_st * cinfo)
 	size = sizeof(txt);
 	ret = gnutls_hex_encode(&tmp, txt, &size);
 	if (ret < 0) {
-		fprintf(stderr,
-			"hex_encode: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "hex_encode: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -3940,27 +4003,28 @@ void certificate_fpr(common_info_st * cinfo)
 	gnutls_datum_t pem, tmp;
 	unsigned int crt_num;
 	uint8_t fpr[MAX_HASH_SIZE];
-	char txt[MAX_HASH_SIZE*2+1];
+	char txt[MAX_HASH_SIZE * 2 + 1];
 	size_t fpr_size;
 
 	crt = load_cert(0, cinfo);
 
 	if (crt == NULL) {
-		pem.data = (void *) fread_file(infile, 0, &size);
+		pem.data = (void *)fread_file(infile, 0, &size);
 		pem.size = size;
 
 		if (!pem.data) {
-			fprintf(stderr, "%s", infile ? "file" : "standard input");
+			fprintf(stderr, "%s",
+				infile ? "file" : "standard input");
 			app_exit(1);
 		}
 
 		crt_num = 1;
 		ret =
-		    gnutls_x509_crt_list_import(&crt, &crt_num, &pem, incert_format,
+		    gnutls_x509_crt_list_import(&crt, &crt_num, &pem,
+						incert_format,
 						GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
 		if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
-			fprintf(stderr, "too many certificates (%d).",
-				crt_num);
+			fprintf(stderr, "too many certificates (%d).", crt_num);
 		} else if (ret >= 0 && crt_num == 0) {
 			fprintf(stderr, "no certificates were found.\n");
 		}
@@ -3980,9 +4044,7 @@ void certificate_fpr(common_info_st * cinfo)
 
 	ret = gnutls_x509_crt_get_fingerprint(crt, cinfo->hash, fpr, &fpr_size);
 	if (ret < 0) {
-		fprintf(stderr,
-			"get_key_id: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "get_key_id: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -3992,9 +4054,7 @@ void certificate_fpr(common_info_st * cinfo)
 	size = sizeof(txt);
 	ret = gnutls_hex_encode(&tmp, txt, &size);
 	if (ret < 0) {
-		fprintf(stderr,
-			"hex_encode: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "hex_encode: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
diff --git a/src/cfg.c b/src/cfg.c
index b8925f9c7c..545e73f140 100644
--- a/src/cfg.c
+++ b/src/cfg.c
@@ -39,23 +39,20 @@ struct options_st {
 	size_t capacity;
 };
 
-struct parser_st
-{
+struct parser_st {
 	FILE *fp;
 	char pushback[2];
 	size_t pushback_length;
 };
 
-static inline void
-clear_option(struct cfg_option_st *option)
+static inline void clear_option(struct cfg_option_st *option)
 {
 	free(option->name);
 	free(option->value);
 	memset(option, 0, sizeof(*option));
 }
 
-void
-cfg_free(cfg_option_t options)
+void cfg_free(cfg_option_t options)
 {
 	for (size_t i = 0; options[i].name; i++) {
 		clear_option(&options[i]);
@@ -76,8 +73,7 @@ struct buffer_st {
 	size_t capacity;
 };
 
-static int
-buffer_append(struct buffer_st *buffer, int c)
+static int buffer_append(struct buffer_st *buffer, int c)
 {
 	size_t new_length = xsum(buffer->length, 1);
 	if (size_overflow_p(new_length)) {
@@ -103,8 +99,7 @@ buffer_append(struct buffer_st *buffer, int c)
 	return 0;
 }
 
-static int
-parser_getc(struct parser_st *parser)
+static int parser_getc(struct parser_st *parser)
 {
 	if (parser->pushback_length > 0) {
 		return parser->pushback[--parser->pushback_length];
@@ -113,15 +108,13 @@ parser_getc(struct parser_st *parser)
 	return c;
 }
 
-static void
-parser_ungetc(struct parser_st *parser, int c)
+static void parser_ungetc(struct parser_st *parser, int c)
 {
 	assert(parser->pushback_length < SIZEOF(parser->pushback));
 	parser->pushback[parser->pushback_length++] = c;
 }
 
-static void
-skip_comment(struct parser_st *parser)
+static void skip_comment(struct parser_st *parser)
 {
 	int c;
 
@@ -144,8 +137,7 @@ skip_comment(struct parser_st *parser)
 	parser_ungetc(parser, c);
 }
 
-static void
-skip_chars(struct parser_st *parser, const char *chars)
+static void skip_chars(struct parser_st *parser, const char *chars)
 {
 	int c;
 
@@ -161,8 +153,7 @@ skip_chars(struct parser_st *parser, const char *chars)
 	parser_ungetc(parser, c);
 }
 
-static void
-skip_comments_and_whitespaces(struct parser_st *parser)
+static void skip_comments_and_whitespaces(struct parser_st *parser)
 {
 	int c;
 
@@ -183,8 +174,7 @@ skip_comments_and_whitespaces(struct parser_st *parser)
 }
 
 /* Read the name part of an option.  Returns NULL if it fails.  */
-static char *
-read_name(struct parser_st *parser)
+static char *read_name(struct parser_st *parser)
 {
 	struct buffer_st buffer;
 	int c;
@@ -227,8 +217,7 @@ read_name(struct parser_st *parser)
 	return buffer.data;
 }
 
-static char *
-read_quoted_value(struct parser_st *parser)
+static char *read_quoted_value(struct parser_st *parser)
 {
 	struct buffer_st buffer;
 	int c, quote_char;
@@ -278,8 +267,7 @@ read_quoted_value(struct parser_st *parser)
 }
 
 /* Read the value part of an option.  Returns NULL if it fails.  */
-static char *
-read_value(struct parser_st *parser)
+static char *read_value(struct parser_st *parser)
 {
 	struct buffer_st buffer;
 	int c;
@@ -308,7 +296,7 @@ read_value(struct parser_st *parser)
 	}
 
 	if (c == '\n') {
-		return strdup(""); /* empty value */
+		return strdup("");	/* empty value */
 	} else if (c == '"' || c == '\'') {
 		parser_ungetc(parser, c);
 		return read_quoted_value(parser);
@@ -342,8 +330,7 @@ read_value(struct parser_st *parser)
 }
 
 /* Append OPTION to OPTIONS.  Take ownership of the fields of OPTION.  */
-static int
-take_option(struct options_st *options, struct cfg_option_st *option)
+static int take_option(struct options_st *options, struct cfg_option_st *option)
 {
 	size_t new_length = xsum(options->length, 1);
 	if (size_overflow_p(new_length)) {
@@ -379,16 +366,14 @@ take_option(struct options_st *options, struct cfg_option_st *option)
 	return 0;
 }
 
-static void
-clear_options(struct options_st *options)
+static void clear_options(struct options_st *options)
 {
 	for (size_t i = 0; options->length; i++) {
 		clear_option(&options->data[i]);
 	}
 }
 
-cfg_option_t
-cfg_load(const char *filename)
+cfg_option_t cfg_load(const char *filename)
 {
 	struct parser_st parser;
 	struct options_st options;
@@ -428,14 +413,13 @@ cfg_load(const char *filename)
 	take_option(&options, &null_option);
 	return options.data;
 
-error:
+ error:
 	clear_options(&options);
 	fclose(parser.fp);
 	return NULL;
 }
 
-cfg_option_t
-cfg_next(const cfg_option_t options, const char *name)
+cfg_option_t cfg_next(const cfg_option_t options, const char *name)
 {
 	for (size_t i = 0; options[i].name; i++) {
 		if (strcmp(options[i].name, name) == 0) {
@@ -446,8 +430,7 @@ cfg_next(const cfg_option_t options, const char *name)
 }
 
 #ifdef TEST
-int
-main(int argc, char **argv)
+int main(int argc, char **argv)
 {
 	cfg_option_t opts;
 
diff --git a/src/cfg.h b/src/cfg.h
index 20e8fc9faa..6bfd70bdc7 100644
--- a/src/cfg.h
+++ b/src/cfg.h
@@ -19,7 +19,7 @@
  */
 
 #ifndef CFG_H_
-#define CFG_H_ 1
+# define CFG_H_ 1
 
 typedef struct cfg_option_st {
 	char *name;
@@ -30,4 +30,4 @@ cfg_option_t cfg_load(const char *filename);
 void cfg_free(cfg_option_t options);
 cfg_option_t cfg_next(const cfg_option_t options, const char *name);
 
-#endif	/* CFG_H_ */
+#endif				/* CFG_H_ */
diff --git a/src/cli-debug.c b/src/cli-debug.c
index cdd88b96ea..493556054e 100644
--- a/src/cli-debug.c
+++ b/src/cli-debug.c
@@ -28,9 +28,9 @@
 #include <gnutls/gnutls.h>
 #include <sys/time.h>
 #if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
+# include <sys/socket.h>
 #elif HAVE_WS2TCPIP_H
-#include <ws2tcpip.h>
+# include <ws2tcpip.h>
 #endif
 #include <tests.h>
 #include <common.h>
@@ -88,7 +88,8 @@ static const TLS_TEST tls_tests[] = {
 	/* The following test will disable extensions if the server
 	 * does support SSL 3.0, but only incompletely and without
 	 * extensions. */
-	{"for SSL 3.0 with extensions", test_ssl3_with_extensions, "yes", "no", "dunno"},
+	{"for SSL 3.0 with extensions", test_ssl3_with_extensions, "yes", "no",
+	 "dunno"},
 	{"for SSL 3.0 with cipher suites not in SSL 3.0 spec",
 	 test_ssl3_unknown_ciphersuites, "yes", "no", "dunno"},
 #endif
@@ -107,30 +108,39 @@ static const TLS_TEST tls_tests[] = {
 	{"whether %COMPAT is required", test_record_padding, "no", "yes",
 	 "dunno"},
 	{"for TLS 1.0 (RFC2246) support", test_tls1, "yes", "no", "dunno"},
-	{"for TLS 1.0 (RFC2246) support with TLS 1.0 record version", test_tls1_nossl3, "yes", "no", "dunno"},
+	{"for TLS 1.0 (RFC2246) support with TLS 1.0 record version",
+	 test_tls1_nossl3, "yes", "no", "dunno"},
 	{"for TLS 1.1 (RFC4346) support", test_tls1_1, "yes", "no", "dunno"},
 	{"fallback from TLS 1.1 to", test_tls1_1_fallback, "TLS 1.0",
 	 "failed",
 	 "SSL 3.0"},
 	{"for TLS 1.2 (RFC5246) support", test_tls1_2, "yes", "no", "dunno"},
 	{"for TLS 1.3 (RFC8446) support", test_tls1_3, "yes", "no", "dunno"},
-	{"for known TLS or SSL protocols support", test_known_protocols, "yes", "no", "dunno", 0, 1},
+	{"for known TLS or SSL protocols support", test_known_protocols, "yes",
+	 "no", "dunno", 0, 1},
 
 	{"TLS1.2 neg fallback from TLS 1.6 to", test_tls1_6_fallback, NULL,
 	 "failed (server requires fallback dance)", "dunno"},
-	{"for inappropriate fallback (RFC7507) support", test_rfc7507, "yes", "no", "dunno"},
-	{"for HTTPS server name", test_server, NULL, "failed", "not checked", 1},
+	{"for inappropriate fallback (RFC7507) support", test_rfc7507, "yes",
+	 "no", "dunno"},
+	{"for HTTPS server name", test_server, NULL, "failed", "not checked",
+	 1},
 	{"for certificate information", test_certificate, NULL, "", ""},
-	{"for certificate chain order", test_chain_order, "sorted", "unsorted", "unknown"},
+	{"for certificate chain order", test_chain_order, "sorted", "unsorted",
+	 "unknown"},
 	{"for trusted CAs", test_server_cas, NULL, "", ""},
-	{"for safe renegotiation (RFC5746) support", test_safe_renegotiation, "yes",
+	{"for safe renegotiation (RFC5746) support", test_safe_renegotiation,
+	 "yes",
 	 "no", "dunno"},
 	{"for Safe renegotiation support (SCSV)",
 	 test_safe_renegotiation_scsv,
 	 "yes", "no", "dunno"},
-	{"for encrypt-then-MAC (RFC7366) support", test_etm, "yes", "no", "dunno"},
-	{"for ext master secret (RFC7627) support", test_ext_master_secret, "yes", "no", "dunno"},
-	{"for heartbeat (RFC6520) support", test_heartbeat_extension, "yes", "no", "dunno"},
+	{"for encrypt-then-MAC (RFC7366) support", test_etm, "yes", "no",
+	 "dunno"},
+	{"for ext master secret (RFC7627) support", test_ext_master_secret,
+	 "yes", "no", "dunno"},
+	{"for heartbeat (RFC6520) support", test_heartbeat_extension, "yes",
+	 "no", "dunno"},
 	{"for version rollback bug in RSA PMS", test_rsa_pms, "no", "yes",
 	 "dunno"},
 	{"for version rollback bug in Client Hello", test_version_rollback,
@@ -141,7 +151,8 @@ static const TLS_TEST tls_tests[] = {
 	 test_small_records, "yes", "no", "dunno"},
 	{"whether cipher suites not in SSL 3.0 spec are accepted",
 	 test_unknown_ciphersuites, "yes", "no", "dunno"},
-	{"whether a bogus TLS record version in the client hello is accepted", test_version_oob, "yes", "no", "dunno"},
+	{"whether a bogus TLS record version in the client hello is accepted",
+	 test_version_oob, "yes", "no", "dunno"},
 	{"whether the server understands TLS closure alerts", test_bye,
 	 "yes", "no", "partially"},
 	/* the fact that is after the closure alert test does matter.
@@ -168,11 +179,15 @@ static const TLS_TEST tls_tests[] = {
 	 "no",
 	 "dunno"},
 #ifdef ENABLE_GOST
-	{"for VKO GOST-2012 (draft-smyshlyaev-tls12-gost-suites) support", test_vko_gost_12, "yes", "no", "dunno"},
+	{"for VKO GOST-2012 (draft-smyshlyaev-tls12-gost-suites) support",
+	 test_vko_gost_12, "yes", "no", "dunno"},
 #endif
-	{"for curve SECP256r1 (RFC4492)", test_ecdhe_secp256r1, "yes", "no", "dunno"},
-	{"for curve SECP384r1 (RFC4492)", test_ecdhe_secp384r1, "yes", "no", "dunno"},
-	{"for curve SECP521r1 (RFC4492)", test_ecdhe_secp521r1, "yes", "no", "dunno"},
+	{"for curve SECP256r1 (RFC4492)", test_ecdhe_secp256r1, "yes", "no",
+	 "dunno"},
+	{"for curve SECP384r1 (RFC4492)", test_ecdhe_secp384r1, "yes", "no",
+	 "dunno"},
+	{"for curve SECP521r1 (RFC4492)", test_ecdhe_secp521r1, "yes", "no",
+	 "dunno"},
 	{"for curve X25519 (RFC8422)", test_ecdhe_x25519, "yes", "no", "dunno"},
 	{"for AES-GCM cipher (RFC5288) support", test_aes_gcm, "yes", "no",
 	 "dunno"},
@@ -182,14 +197,18 @@ static const TLS_TEST tls_tests[] = {
 	 "dunno"},
 	{"for AES-CBC cipher (RFC3268) support", test_aes, "yes", "no",
 	 "dunno"},
-	{"for CAMELLIA-GCM cipher (RFC6367) support", test_camellia_gcm, "yes", "no",
+	{"for CAMELLIA-GCM cipher (RFC6367) support", test_camellia_gcm, "yes",
+	 "no",
+	 "dunno"},
+	{"for CAMELLIA-CBC cipher (RFC5932) support", test_camellia_cbc, "yes",
+	 "no",
 	 "dunno"},
-	{"for CAMELLIA-CBC cipher (RFC5932) support", test_camellia_cbc, "yes", "no",
+	{"for 3DES-CBC cipher (RFC2246) support", test_3des, "yes", "no",
 	 "dunno"},
-	{"for 3DES-CBC cipher (RFC2246) support", test_3des, "yes", "no", "dunno"},
 	{"for ARCFOUR 128 cipher (RFC2246) support", test_arcfour, "yes", "no",
 	 "dunno"},
-	{"for CHACHA20-POLY1305 cipher (RFC7905) support", test_chacha20, "yes", "no",
+	{"for CHACHA20-POLY1305 cipher (RFC7905) support", test_chacha20, "yes",
+	 "no",
 	 "dunno"},
 #ifdef ENABLE_GOST
 	{"for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support", test_gost_cnt, "yes", "no",
@@ -199,7 +218,8 @@ static const TLS_TEST tls_tests[] = {
 	{"for SHA1 MAC support", test_sha, "yes", "no", "dunno"},
 	{"for SHA256 MAC support", test_sha256, "yes", "no", "dunno"},
 #ifdef ENABLE_GOST
-	{"for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support", test_gost_imit, "yes", "no", "dunno"},
+	{"for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support",
+	 test_gost_imit, "yes", "no", "dunno"},
 #endif
 	{"for max record size (RFC6066) support", test_max_record_size, "yes",
 	 "no", "dunno"},
@@ -227,7 +247,7 @@ gnutls_session_t init_tls_session(const char *host)
 
 int do_handshake(socket_st * socket)
 {
-	return 0; /* we do it locally */
+	return 0;		/* we do it locally */
 }
 
 int main(int argc, char **argv)
@@ -281,11 +301,13 @@ int main(int argc, char **argv)
 #endif
 
 	if (HAVE_OPT(STARTTLS_PROTO)) {
-		snprintf(app_proto, sizeof(app_proto), "%s", OPT_ARG(STARTTLS_PROTO));
+		snprintf(app_proto, sizeof(app_proto), "%s",
+			 OPT_ARG(STARTTLS_PROTO));
 	}
 
 	if (app_proto[0] == 0) {
-		snprintf(app_proto, sizeof(app_proto), "%s", port_to_service(portname, "tcp"));
+		snprintf(app_proto, sizeof(app_proto), "%s",
+			 port_to_service(portname, "tcp"));
 	}
 
 	sockets_init();
@@ -295,16 +317,17 @@ int main(int argc, char **argv)
 	canonicalize_host(hostname, portname, sizeof(portname));
 	printf("Checking %s:%s\n", hostname, portname);
 
-	for (i = 0;
-	     tls_tests[i].test_name != NULL;
-	     i++) {
+	for (i = 0; tls_tests[i].test_name != NULL; i++) {
 
-		if (strcmp(app_proto, "https") != 0 && tls_tests[i].https_only != 0) {
+		if (strcmp(app_proto, "https") != 0
+		    && tls_tests[i].https_only != 0) {
 			continue;
 		}
 
 		if (!socket_opened) {
-			socket_open(&hd, hostname, portname, app_proto, SOCKET_FLAG_STARTTLS|SOCKET_FLAG_RAW, NULL, NULL);
+			socket_open(&hd, hostname, portname, app_proto,
+				    SOCKET_FLAG_STARTTLS | SOCKET_FLAG_RAW,
+				    NULL, NULL);
 			hd.verbose = verbose;
 			socket_opened = true;
 		}
diff --git a/src/cli.c b/src/cli.c
index 1af329fadc..3579e1a73a 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -29,9 +29,9 @@
 #include <sys/time.h>
 #include <sys/stat.h>
 #if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
+# include <sys/socket.h>
 #elif HAVE_WS2TCPIP_H
-#include <ws2tcpip.h>
+# include <ws2tcpip.h>
 #endif
 #include <sys/select.h>
 #include <unistd.h>
@@ -44,7 +44,7 @@
 
 /* Get TCP_FASTOPEN */
 #ifdef HAVE_NETINET_TCP_H
-#include <netinet/tcp.h>
+# include <netinet/tcp.h>
 #endif
 
 #include <gnutls/gnutls.h>
@@ -65,7 +65,7 @@
 #include "inline_cmds.h"
 
 #ifdef HAVE_DANE
-#include <gnutls/dane.h>
+# include <gnutls/dane.h>
 #endif
 
 #include <common.h>
@@ -86,7 +86,7 @@ int resume, starttls, insecure, ranges, rehandshake, udp, mtu,
     inline_commands, waitresumption;
 unsigned int global_vflags = 0;
 char *hostname = NULL;
-char service[32]="";
+char service[32] = "";
 int record_max_size;
 int crlf;
 int fastopen;
@@ -123,11 +123,12 @@ static gnutls_certificate_credentials_t xcred;
 static void check_server_cmd(socket_st * socket, int ret);
 static void init_global_tls_stuff(void);
 static int cert_verify_ocsp(gnutls_session_t session);
-static const char *host_from_url(const char *url, unsigned int *port, const char **path);
+static const char *host_from_url(const char *url, unsigned int *port,
+				 const char **path);
 static size_t get_data(void *buf, size_t size, size_t nmemb, void *userp);
 static int getissuer_callback(const gnutls_x509_trust_list_t tlist,
 			      const gnutls_x509_crt_t cert,
-			      gnutls_x509_crt_t **issuers,
+			      gnutls_x509_crt_t ** issuers,
 			      unsigned int *issuers_size);
 
 #define MAX_CRT 6
@@ -137,10 +138,9 @@ static gnutls_privkey_t x509_key = NULL;
 static gnutls_pcert_st rawpk;
 static gnutls_privkey_t rawpk_key = NULL;
 
-
 /* Load a PKCS #8, PKCS #12 private key or PKCS #11 URL
  */
-static void load_priv_key(gnutls_privkey_t* privkey, const char* key_source)
+static void load_priv_key(gnutls_privkey_t * privkey, const char *key_source)
 {
 	int ret;
 	gnutls_datum_t data = { NULL, 0 };
@@ -153,8 +153,7 @@ static void load_priv_key(gnutls_privkey_t* privkey, const char* key_source)
 		exit(1);
 	}
 
-	gnutls_privkey_set_pin_function(*privkey, pin_callback,
-					NULL);
+	gnutls_privkey_set_pin_function(*privkey, pin_callback, NULL);
 
 	if (gnutls_url_is_supported(key_source) != 0) {
 		ret = gnutls_privkey_import_url(*privkey, key_source, 0);
@@ -167,13 +166,12 @@ static void load_priv_key(gnutls_privkey_t* privkey, const char* key_source)
 	} else {
 		ret = gnutls_load_file(key_source, &data);
 		if (ret < 0) {
-			fprintf(stderr,
-				"*** Error loading key file.\n");
+			fprintf(stderr, "*** Error loading key file.\n");
 			exit(1);
 		}
 
 		ret = gnutls_privkey_import_x509_raw(*privkey, &data,
-		                                     x509ctype, NULL, 0);
+						     x509ctype, NULL, 0);
 		if (ret < 0) {
 			fprintf(stderr,
 				"*** Error importing key: %s\n",
@@ -205,13 +203,11 @@ static void load_x509_keys(void)
 				exit(1);
 			}
 			gnutls_x509_crt_set_pin_function(crt_list[0],
-							 pin_callback,
-							 NULL);
+							 pin_callback, NULL);
 
 			ret =
 			    gnutls_x509_crt_import_pkcs11_url(crt_list[0],
-							      x509_certfile,
-							      0);
+							      x509_certfile, 0);
 
 			if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
 				ret =
@@ -291,16 +287,17 @@ static void load_rawpk_keys(void)
 		// First we load the raw public key
 		ret = gnutls_load_file(rawpk_file, &data);
 		if (ret < 0) {
-			fprintf(stderr,
-				"*** Error loading cert file.\n");
+			fprintf(stderr, "*** Error loading cert file.\n");
 			exit(1);
 		}
 
-		ret = gnutls_pcert_import_rawpk_raw(&rawpk, &data, x509ctype, 0, 0);
+		ret =
+		    gnutls_pcert_import_rawpk_raw(&rawpk, &data, x509ctype, 0,
+						  0);
 		if (ret < 0) {
 			fprintf(stderr,
-			        "*** Error importing rawpk to pcert: %s\n",
-			        gnutls_strerror(ret));
+				"*** Error importing rawpk to pcert: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 
@@ -310,7 +307,7 @@ static void load_rawpk_keys(void)
 		load_priv_key(&rawpk_key, rawpk_keyfile);
 
 		log_msg(stdout,
-			"Processed %d client raw public key pair...\n",	1);
+			"Processed %d client raw public key pair...\n", 1);
 	}
 }
 
@@ -353,8 +350,10 @@ static void try_save_cert(gnutls_session_t session)
 		exit(1);
 	}
 
-	for (i=0;i<cert_list_size;i++) {
-		ret = gnutls_pem_base64_encode_alloc("CERTIFICATE", &cert_list[i], &t);
+	for (i = 0; i < cert_list_size; i++) {
+		ret =
+		    gnutls_pem_base64_encode_alloc("CERTIFICATE", &cert_list[i],
+						   &t);
 		if (ret < 0) {
 			fprintf(stderr, "error[%d]: %s\n", __LINE__,
 				gnutls_strerror(ret));
@@ -374,7 +373,8 @@ static void try_save_ocsp_status(gnutls_session_t session)
 	unsigned int cert_num = 0;
 	gnutls_certificate_get_peers(session, &cert_num);
 	if (cert_num == 0) {
-		fprintf(stderr, "no certificates sent by server, so can't get OCSP status!\n");
+		fprintf(stderr,
+			"no certificates sent by server, so can't get OCSP status!\n");
 		return;
 	}
 
@@ -384,8 +384,7 @@ static void try_save_ocsp_status(gnutls_session_t session)
 
 	/* This function is called if exactly one of SAVE_OCSP and
 	 * SAVE_OCSP_MULTI is set. */
-	if (HAVE_OPT(SAVE_OCSP))
-	{
+	if (HAVE_OPT(SAVE_OCSP)) {
 		path = OPT_ARG(SAVE_OCSP);
 		type = GNUTLS_X509_FMT_DER;
 		max_out = 1;
@@ -405,11 +404,12 @@ static void try_save_ocsp_status(gnutls_session_t session)
 		gnutls_datum_t oresp;
 		int ret = gnutls_ocsp_status_request_get2(session, i, &oresp);
 		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
-			fprintf(stderr, "no OCSP response for certificate %u\n", i);
+			fprintf(stderr, "no OCSP response for certificate %u\n",
+				i);
 			continue;
 		} else if (ret < 0) {
 			fprintf(stderr, "error getting OCSP response %u: %s\n",
-			        i, gnutls_strerror(ret));
+				i, gnutls_strerror(ret));
 			exit(1);
 		}
 
@@ -425,10 +425,11 @@ static void try_save_ocsp_status(gnutls_session_t session)
 
 		gnutls_datum_t t;
 		ret = gnutls_pem_base64_encode_alloc("OCSP RESPONSE",
-		                                     &oresp, &t);
+						     &oresp, &t);
 		if (ret < 0) {
-			fprintf(stderr, "error allocating PEM OCSP response: %s\n",
-			        gnutls_strerror(ret));
+			fprintf(stderr,
+				"error allocating PEM OCSP response: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 
@@ -468,7 +469,7 @@ static int cert_verify_callback(gnutls_session_t session)
 
 	if (HAVE_OPT(VERIFY_HOSTNAME)) {
 		host = OPT_ARG(VERIFY_HOSTNAME);
-		canonicalize_host((char *) host, NULL, 0);
+		canonicalize_host((char *)host, NULL, 0);
 	} else
 		host = hostname;
 
@@ -493,7 +494,8 @@ static int cert_verify_callback(gnutls_session_t session)
 		rc = cert_verify(session, host, GNUTLS_KP_TLS_WWW_SERVER);
 		if (rc == 0) {
 			log_msg
-			    (stdout, "*** PKI verification of server certificate failed...\n");
+			    (stdout,
+			     "*** PKI verification of server certificate failed...\n");
 			if (!insecure && !ssh)
 				return -1;
 		}
@@ -502,13 +504,17 @@ static int cert_verify_callback(gnutls_session_t session)
 			rc = cert_verify_ocsp(session);
 			if (rc == -1) {
 				log_msg
-				    (stdout, "*** Verifying (with OCSP) server certificate chain failed...\n");
+				    (stdout,
+				     "*** Verifying (with OCSP) server certificate chain failed...\n");
 				if (!insecure && !ssh)
 					return -1;
 			} else if (rc == 0)
-				log_msg(stdout, "*** OCSP: nothing to check.\n");
+				log_msg(stdout,
+					"*** OCSP: nothing to check.\n");
 			else
-				log_msg(stdout, "*** OCSP: verified %d certificate(s).\n", rc);
+				log_msg(stdout,
+					"*** OCSP: verified %d certificate(s).\n",
+					rc);
 		}
 #endif
 	}
@@ -518,15 +524,14 @@ static int cert_verify_callback(gnutls_session_t session)
 		int port;
 		unsigned vflags = 0;
 		unsigned int sflags =
-		    ENABLED_OPT(LOCAL_DNS) ? 0 :
-		    DANE_F_IGNORE_LOCAL_RESOLVER;
+		    ENABLED_OPT(LOCAL_DNS) ? 0 : DANE_F_IGNORE_LOCAL_RESOLVER;
 
 		/* if we didn't verify the chain it only makes sense
 		 * to check the end certificate using dane. */
 		if (ca_verify == 0)
 			vflags |= DANE_VFLAG_ONLY_CHECK_EE_USAGE;
 
-		port = service_to_port(service, udp?"udp":"tcp");
+		port = service_to_port(service, udp ? "udp" : "tcp");
 		rc = dane_verify_session_crt(NULL, session, host,
 					     udp ? "udp" : "tcp", port,
 					     sflags, vflags, &status);
@@ -539,8 +544,7 @@ static int cert_verify_callback(gnutls_session_t session)
 		} else {
 			gnutls_datum_t out;
 
-			rc = dane_verification_status_print(status, &out,
-							    0);
+			rc = dane_verification_status_print(status, &out, 0);
 			if (rc < 0) {
 				fprintf(stderr, "*** DANE error: %s\n",
 					dane_strerror(rc));
@@ -553,7 +557,8 @@ static int cert_verify_callback(gnutls_session_t session)
 				return -1;
 		}
 #else
-		fprintf(stderr, "*** DANE error: GnuTLS is not compiled with DANE support.\n");
+		fprintf(stderr,
+			"*** DANE error: GnuTLS is not compiled with DANE support.\n");
 		if (!insecure && !ssh)
 			return -1;
 #endif
@@ -565,12 +570,11 @@ static int cert_verify_callback(gnutls_session_t session)
 
 		cert = gnutls_certificate_get_peers(session, &list_size);
 		if (cert == NULL) {
-			fprintf(stderr,
-				"Cannot obtain peer's certificate!\n");
+			fprintf(stderr, "Cannot obtain peer's certificate!\n");
 			return -1;
 		}
 
-		txt_service = port_to_service(service, udp?"udp":"tcp");
+		txt_service = port_to_service(service, udp ? "udp" : "tcp");
 
 		rc = gnutls_verify_stored_pubkey(NULL, NULL, host,
 						 txt_service,
@@ -606,7 +610,7 @@ static int cert_verify_callback(gnutls_session_t session)
 				return -1;
 
 			rc = read_yesno
-				("Do you trust the received key? (y/N): ");
+			    ("Do you trust the received key? (y/N): ");
 			if (rc == 0)
 				return -1;
 		} else if (rc < 0) {
@@ -619,8 +623,7 @@ static int cert_verify_callback(gnutls_session_t session)
 		if (rc != 0) {
 			rc = gnutls_store_pubkey(NULL, NULL, host,
 						 txt_service,
-						 GNUTLS_CRT_X509, cert, 0,
-						 0);
+						 GNUTLS_CRT_X509, cert, 0, 0);
 			if (rc < 0)
 				fprintf(stderr,
 					"Could not store key: %s\n",
@@ -653,7 +656,8 @@ cert_callback(gnutls_session_t session,
 			log_msg(stdout, "- Server's trusted authorities:\n");
 		else
 			log_msg
-			    (stdout, "- Server did not send us any trusted authorities names.\n");
+			    (stdout,
+			     "- Server did not send us any trusted authorities names.\n");
 
 		/* print the names (if any) */
 		for (i = 0; i < nreqs; i++) {
@@ -678,39 +682,42 @@ cert_callback(gnutls_session_t session,
 	*pcert_length = 0;
 
 	switch (cert_type) {
-		case GNUTLS_CRT_X509:
-			if (x509_crt_size > 0) {
-				if (x509_key != NULL) {
-					*pkey = x509_key;
-				} else {
-					log_msg
-					      (stdout, "- Could not find a suitable key to send to server\n");
-					return -1;
-				}
-
-				*pcert_length = x509_crt_size;
-				*pcert = x509_crt;
-			}
-			break;
-		case GNUTLS_CRT_RAWPK:
-			if (rawpk_key == NULL || rawpk.type != GNUTLS_CRT_RAWPK) {
+	case GNUTLS_CRT_X509:
+		if (x509_crt_size > 0) {
+			if (x509_key != NULL) {
+				*pkey = x509_key;
+			} else {
 				log_msg
-				      (stdout, "- Could not find a suitable key to send to server\n");
+				    (stdout,
+				     "- Could not find a suitable key to send to server\n");
 				return -1;
 			}
 
-			*pkey = rawpk_key;
-			*pcert = &rawpk;
-			*pcert_length = 1;
-			break;
-		default:
-			log_msg(stdout, "- Could not retrieve unsupported certificate type %s.\n",
-	       gnutls_certificate_type_get_name(cert_type));
-	    return -1;
+			*pcert_length = x509_crt_size;
+			*pcert = x509_crt;
+		}
+		break;
+	case GNUTLS_CRT_RAWPK:
+		if (rawpk_key == NULL || rawpk.type != GNUTLS_CRT_RAWPK) {
+			log_msg
+			    (stdout,
+			     "- Could not find a suitable key to send to server\n");
+			return -1;
+		}
+
+		*pkey = rawpk_key;
+		*pcert = &rawpk;
+		*pcert_length = 1;
+		break;
+	default:
+		log_msg(stdout,
+			"- Could not retrieve unsupported certificate type %s.\n",
+			gnutls_certificate_type_get_name(cert_type));
+		return -1;
 	}
 
 	log_msg(stdout, "- Successfully sent %u certificate(s) to server.\n",
-	       *pcert_length);
+		*pcert_length);
 	return 0;
 
 }
@@ -735,7 +742,7 @@ gnutls_session_t init_tls_session(const char *host)
 		ret = gnutls_set_default_priority(session);
 		if (ret < 0) {
 			fprintf(stderr, "Error in setting priorities: %s\n",
-					gnutls_strerror(ret));
+				gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -756,8 +763,9 @@ gnutls_session_t init_tls_session(const char *host)
 		if (HAVE_OPT(SNI_HOSTNAME)) {
 			const char *sni_host = OPT_ARG(SNI_HOSTNAME);
 
-			canonicalize_host((char *) sni_host, NULL, 0);
-			gnutls_server_name_set(session, GNUTLS_NAME_DNS, sni_host, strlen(sni_host));
+			canonicalize_host((char *)sni_host, NULL, 0);
+			gnutls_server_name_set(session, GNUTLS_NAME_DNS,
+					       sni_host, strlen(sni_host));
 		} else if (host != NULL && is_ip(host) == 0)
 			gnutls_server_name_set(session, GNUTLS_NAME_DNS,
 					       host, strlen(host));
@@ -772,24 +780,24 @@ gnutls_session_t init_tls_session(const char *host)
 #endif
 	}
 
-
 	if (HAVE_OPT(ALPN)) {
 #ifndef ENABLE_ALPN
 		fprintf(stderr, "ALPN is not supported\n");
 		exit(1);
 #else
 		unsigned proto_n = STACKCT_OPT(ALPN);
-		char **protos = (void *) STACKLST_OPT(ALPN);
+		char **protos = (void *)STACKLST_OPT(ALPN);
 
 		if (proto_n > 1024) {
-			fprintf(stderr, "Number of ALPN protocols too large (%d)\n",
-					proto_n);
+			fprintf(stderr,
+				"Number of ALPN protocols too large (%d)\n",
+				proto_n);
 			exit(1);
 		}
 
 		gnutls_datum_t p[1024];
 		for (i = 0; i < proto_n; i++) {
-			p[i].data = (void *) protos[i];
+			p[i].data = (void *)protos[i];
 			p[i].size = strlen(protos[i]);
 		}
 		gnutls_alpn_set_protocols(session, p, proto_n, 0);
@@ -804,13 +812,11 @@ gnutls_session_t init_tls_session(const char *host)
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
 
 	gnutls_certificate_set_retrieve_function2(xcred, cert_callback);
-	gnutls_certificate_set_verify_function(xcred,
-					       cert_verify_callback);
+	gnutls_certificate_set_verify_function(xcred, cert_verify_callback);
 
 	/* use the max record size extension */
 	if (record_max_size > 0 && disable_extensions == 0) {
-		if (gnutls_record_set_max_size(session, record_max_size) <
-		    0) {
+		if (gnutls_record_set_max_size(session, record_max_size) < 0) {
 			fprintf(stderr,
 				"Cannot set the maximum record size to %d.\n",
 				record_max_size);
@@ -843,14 +849,15 @@ gnutls_session_t init_tls_session(const char *host)
 		else if (ret != 0)
 			fprintf(stderr, "Error in profiles: %s\n",
 				gnutls_strerror(ret));
-		else fprintf(stderr,"DTLS profile set to %s\n",
-			     OPT_ARG(SRTP_PROFILES));
+		else
+			fprintf(stderr, "DTLS profile set to %s\n",
+				OPT_ARG(SRTP_PROFILES));
 
-		if (ret != 0) exit(1);
+		if (ret != 0)
+			exit(1);
 	}
 #endif
 
-
 	return session;
 }
 
@@ -863,8 +870,7 @@ static int handle_error(socket_st * hd, int err)
 	int alert, ret;
 	const char *err_type, *str;
 
-	if (err >= 0 || err == GNUTLS_E_AGAIN
-	    || err == GNUTLS_E_INTERRUPTED)
+	if (err >= 0 || err == GNUTLS_E_AGAIN || err == GNUTLS_E_INTERRUPTED)
 		return 0;
 
 	if (gnutls_error_is_fatal(err) == 0) {
@@ -992,11 +998,14 @@ static int try_rekey(socket_st * hd, unsigned peer)
 	int ret;
 
 	do {
-		ret = gnutls_session_key_update(hd->session, peer?GNUTLS_KU_PEER:0);
-	} while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+		ret =
+		    gnutls_session_key_update(hd->session,
+					      peer ? GNUTLS_KU_PEER : 0);
+	} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
 
 	if (ret < 0) {
-		fprintf(stderr, "*** Rekey has failed: %s\n", gnutls_strerror(ret));
+		fprintf(stderr, "*** Rekey has failed: %s\n",
+			gnutls_strerror(ret));
 		return ret;
 	} else {
 		log_msg(stdout, "- Rekey was completed\n");
@@ -1007,8 +1016,8 @@ static int try_rekey(socket_st * hd, unsigned peer)
 static int try_resume(socket_st * hd)
 {
 	int ret, socket_flags = SOCKET_FLAG_DONT_PRINT_ERRORS;
-	gnutls_datum_t rdata = {NULL, 0};
-	gnutls_datum_t edata = {NULL, 0};
+	gnutls_datum_t rdata = { NULL, 0 };
+	gnutls_datum_t edata = { NULL, 0 };
 
 	if (gnutls_session_is_resumed(hd->session) == 0) {
 		do {
@@ -1018,9 +1027,11 @@ static int try_resume(socket_st * hd)
 				rdata.data = NULL;
 			}
 
-			if ((gnutls_protocol_get_version(hd->session) != GNUTLS_TLS1_3) ||
-					((gnutls_session_get_flags(hd->session) &
-					 GNUTLS_SFLAGS_SESSION_TICKET))) {
+			if ((gnutls_protocol_get_version(hd->session) !=
+			     GNUTLS_TLS1_3)
+			    ||
+			    ((gnutls_session_get_flags(hd->session) &
+			      GNUTLS_SFLAGS_SESSION_TICKET))) {
 				break;
 			}
 		} while (waitresumption);
@@ -1037,7 +1048,8 @@ static int try_resume(socket_st * hd)
 	canonicalize_host(hostname, service, sizeof(service));
 
 	log_msg
-	    (stdout, "\n\n- Connecting again- trying to resume previous session\n");
+	    (stdout,
+	     "\n\n- Connecting again- trying to resume previous session\n");
 	if (HAVE_OPT(STARTTLS_PROTO))
 		socket_flags |= SOCKET_FLAG_STARTTLS;
 	else if (fastopen)
@@ -1052,10 +1064,11 @@ static int try_resume(socket_st * hd)
 
 		fp = fopen(OPT_ARG(EARLYDATA), "r");
 		if (fp == NULL) {
-			fprintf(stderr, "could not open %s\n", OPT_ARG(EARLYDATA));
+			fprintf(stderr, "could not open %s\n",
+				OPT_ARG(EARLYDATA));
 			exit(1);
 		}
-		edata.data = (void *) fread_file(fp, 0, &size);
+		edata.data = (void *)fread_file(fp, 0, &size);
 		edata.size = size;
 		fclose(fp);
 	}
@@ -1085,14 +1098,12 @@ bool parse_for_inline_commands_in_buffer(char *buffer, size_t bytes,
 
 	if (inline_cmds->bytes_copied) {
 		local_buffer_ptr =
-		    &inline_cmds->inline_cmd_buffer[inline_cmds->
-						    bytes_copied];
+		    &inline_cmds->inline_cmd_buffer[inline_cmds->bytes_copied];
 
 		local_bytes =
 		    ((inline_cmds->bytes_copied + bytes) <=
 		     MAX_INLINE_COMMAND_BYTES) ? (ssize_t) bytes
-		    : (MAX_INLINE_COMMAND_BYTES -
-		       inline_cmds->bytes_copied);
+		    : (MAX_INLINE_COMMAND_BYTES - inline_cmds->bytes_copied);
 
 		memcpy(local_buffer_ptr, buffer, local_bytes);
 		prev_bytes_copied = inline_cmds->bytes_copied;
@@ -1119,8 +1130,7 @@ bool parse_for_inline_commands_in_buffer(char *buffer, size_t bytes,
 				       inline_commands_def[jj].string);
 				inline_command_string[strlen
 						      (inline_commands_def
-						       [jj].string)] =
-				    '\0';
+						       [jj].string)] = '\0';
 				inline_command_string[0] =
 				    inline_commands_prefix[0];
 				/* Inline commands are delimited by the inline_commands_prefix[0] (default is ^).
@@ -1135,20 +1145,17 @@ bool parse_for_inline_commands_in_buffer(char *buffer, size_t bytes,
 
 			l = strlen(ptr);
 			match_bytes = (local_bytes <= l) ? local_bytes : l;
-			if (strncmp(ptr, local_buffer_ptr, match_bytes) ==
-			    0) {
+			if (strncmp(ptr, local_buffer_ptr, match_bytes) == 0) {
 				if (match_bytes == (ssize_t) strlen(ptr)) {
 					inline_cmds->new_buffer_ptr =
 					    buffer + match_bytes -
 					    prev_bytes_copied;
 					inline_cmds->cmd_found =
-					    inline_commands_def[jj].
-					    command;
+					    inline_commands_def[jj].command;
 					inline_cmds->bytes_copied = 0;	/* reset it */
 				} else {
 					/* partial command */
-					memcpy(&inline_cmds->
-					       inline_cmd_buffer
+					memcpy(&inline_cmds->inline_cmd_buffer
 					       [inline_cmds->bytes_copied],
 					       buffer, bytes);
 					inline_cmds->bytes_copied += bytes;
@@ -1200,21 +1207,19 @@ int run_inline_command(inline_cmds_st * cmd, socket_st * hd)
 
 static
 int do_inline_command_processing(char *buffer_ptr, size_t curr_bytes,
-				 socket_st * hd,
-				 inline_cmds_st * inline_cmds)
+				 socket_st * hd, inline_cmds_st * inline_cmds)
 {
 	int skip_bytes, bytes;
 	bool inline_cmd_start_found;
 
 	bytes = curr_bytes;
 
-      continue_inline_processing:
+ continue_inline_processing:
 	/* parse_for_inline_commands_in_buffer hunts for start of an inline command
 	 * sequence. The function maintains state information in inline_cmds.
 	 */
 	inline_cmd_start_found =
-	    parse_for_inline_commands_in_buffer(buffer_ptr, bytes,
-						inline_cmds);
+	    parse_for_inline_commands_in_buffer(buffer_ptr, bytes, inline_cmds);
 	if (!inline_cmd_start_found)
 		return bytes;
 
@@ -1246,15 +1251,14 @@ int do_inline_command_processing(char *buffer_ptr, size_t curr_bytes,
 	}
 }
 
-static void
-print_other_info(gnutls_session_t session)
+static void print_other_info(gnutls_session_t session)
 {
 #ifdef ENABLE_OCSP
 	int ret;
 	unsigned i;
 	unsigned int list_size;
 	gnutls_datum_t oresp;
-	const gnutls_datum_t * peers;
+	const gnutls_datum_t *peers;
 
 	peers = gnutls_certificate_get_peers(session, &list_size);
 
@@ -1291,11 +1295,10 @@ print_other_info(gnutls_session_t session)
 			flag = GNUTLS_OCSP_PRINT_FULL;
 		else
 			flag = GNUTLS_OCSP_PRINT_COMPACT;
-		ret =
-		    gnutls_ocsp_resp_print(r, flag, &p);
+		ret = gnutls_ocsp_resp_print(r, flag, &p);
 		gnutls_ocsp_resp_deinit(r);
-		if (ret>=0) {
-			log_msg(stdout, "%s", (char*) p.data);
+		if (ret >= 0) {
+			log_msg(stdout, "%s", (char *)p.data);
 			gnutls_free(p.data);
 		}
 	}
@@ -1325,7 +1328,8 @@ int main(int argc, char **argv)
 	if (HAVE_OPT(LOGFILE)) {
 		logfile = fopen(OPT_ARG(LOGFILE), "w+");
 		if (!logfile) {
-			log_msg(stderr, "Unable to open '%s'!\n", OPT_ARG(LOGFILE));
+			log_msg(stderr, "Unable to open '%s'!\n",
+				OPT_ARG(LOGFILE));
 			exit(1);
 		}
 		log_set(logfile);
@@ -1427,8 +1431,7 @@ int main(int argc, char **argv)
 			fprintf(stderr, "*** Starting TLS handshake\n");
 			ret = do_handshake(&hd);
 			if (ret < 0) {
-				fprintf(stderr,
-					"*** Handshake has failed\n");
+				fprintf(stderr, "*** Handshake has failed\n");
 				retval = 1;
 				break;
 			}
@@ -1442,9 +1445,11 @@ int main(int argc, char **argv)
 			memset(buffer, 0, MAX_BUF + 1);
 			ret = socket_recv(&hd, buffer, MAX_BUF);
 
-			if (ret == 0 || (ret == GNUTLS_E_PREMATURE_TERMINATION && user_term)) {
-				log_msg
-				    (stdout, "- Peer has closed the GnuTLS connection\n");
+			if (ret == 0
+			    || (ret == GNUTLS_E_PREMATURE_TERMINATION
+				&& user_term)) {
+				log_msg(stdout,
+					"- Peer has closed the GnuTLS connection\n");
 				break;
 			} else if (handle_error(&hd, ret) < 0) {
 				fprintf(stderr,
@@ -1453,7 +1458,8 @@ int main(int argc, char **argv)
 				break;
 			} else if (ret > 0) {
 				if (verbose != 0)
-					log_msg(stdout, "- Received[%d]: ", ret);
+					log_msg(stdout, "- Received[%d]: ",
+						ret);
 				for (ii = 0; ii < ret; ii++) {
 					fputc(buffer[ii], stdout);
 				}
@@ -1463,8 +1469,7 @@ int main(int argc, char **argv)
 
 		if (inp == IN_KEYBOARD && user_term == 0) {
 			if ((bytes =
-			    read(fileno(stdin), buffer,
-			    MAX_BUF - 1)) <= 0) {
+			     read(fileno(stdin), buffer, MAX_BUF - 1)) <= 0) {
 				if (hd.secure == 0) {
 					/* Warning!  Do not touch this text string, it is
 					   used by external programs to search for when
@@ -1481,9 +1486,11 @@ int main(int argc, char **argv)
 					}
 				} else {
 					do {
-						ret = gnutls_bye(hd.session, GNUTLS_SHUT_WR);
-					} while (ret == GNUTLS_E_INTERRUPTED ||
-					         ret == GNUTLS_E_AGAIN);
+						ret =
+						    gnutls_bye(hd.session,
+							       GNUTLS_SHUT_WR);
+					} while (ret == GNUTLS_E_INTERRUPTED
+						 || ret == GNUTLS_E_AGAIN);
 
 					user_term = 1;
 				}
@@ -1502,7 +1509,7 @@ int main(int argc, char **argv)
 			keyboard_bytes = bytes;
 			keyboard_buffer_ptr = buffer;
 
-		      inline_command_processing:
+ inline_command_processing:
 
 			if (inline_commands) {
 				keyboard_bytes =
@@ -1524,8 +1531,7 @@ int main(int argc, char **argv)
 			}
 
 			if (ranges
-			    && gnutls_record_can_use_length_hiding(hd.
-								   session))
+			    && gnutls_record_can_use_length_hiding(hd.session))
 			{
 				gnutls_range_st range;
 				range.low = 0;
@@ -1533,8 +1539,7 @@ int main(int argc, char **argv)
 				ret =
 				    socket_send_range(&hd,
 						      keyboard_buffer_ptr,
-						      keyboard_bytes,
-						      &range);
+						      keyboard_bytes, &range);
 			} else {
 				ret =
 				    socket_send(&hd, keyboard_buffer_ptr,
@@ -1543,13 +1548,13 @@ int main(int argc, char **argv)
 
 			if (ret > 0) {
 				if (verbose != 0)
-					log_msg(stdout, "- Sent: %d bytes\n", ret);
+					log_msg(stdout, "- Sent: %d bytes\n",
+						ret);
 			} else
 				handle_error(&hd, ret);
 
 			if (inline_commands &&
-			    inline_cmds.new_buffer_ptr < (buffer + bytes))
-			{
+			    inline_cmds.new_buffer_ptr < (buffer + bytes)) {
 				keyboard_buffer_ptr =
 				    inline_cmds.new_buffer_ptr;
 				keyboard_bytes =
@@ -1593,11 +1598,14 @@ void print_priority_list(void)
 	const char *str;
 	unsigned int lineb = 0;
 
-	log_msg(stdout, "Priority strings in GnuTLS %s:\n", gnutls_check_version(NULL));
+	log_msg(stdout, "Priority strings in GnuTLS %s:\n",
+		gnutls_check_version(NULL));
 
 	fputs("\t", stdout);
-	for (idx=0;;idx++) {
-		str = gnutls_priority_string_list(idx, GNUTLS_PRIORITY_LIST_INIT_KEYWORDS);
+	for (idx = 0;; idx++) {
+		str =
+		    gnutls_priority_string_list(idx,
+						GNUTLS_PRIORITY_LIST_INIT_KEYWORDS);
 		if (str == NULL)
 			break;
 		lineb += log_msg(stdout, "%s ", str);
@@ -1610,8 +1618,10 @@ void print_priority_list(void)
 	log_msg(stdout, "\n\nSpecial strings:\n");
 	lineb = 0;
 	fputs("\t", stdout);
-	for (idx=0;;idx++) {
-		str = gnutls_priority_string_list(idx, GNUTLS_PRIORITY_LIST_SPECIAL);
+	for (idx = 0;; idx++) {
+		str =
+		    gnutls_priority_string_list(idx,
+						GNUTLS_PRIORITY_LIST_SPECIAL);
 		if (str == NULL)
 			break;
 		if (str[0] == 0)
@@ -1638,7 +1648,6 @@ static void cmd_parser(int argc, char **argv)
 	if (rest == NULL && argc > 0)
 		rest = argv[0];
 
-
 	if (HAVE_OPT(FIPS140_MODE)) {
 		if (gnutls_fips140_mode_enabled() != 0) {
 			fprintf(stderr, "library is in FIPS140-2 mode\n");
@@ -1654,7 +1663,8 @@ static void cmd_parser(int argc, char **argv)
 		for (p = gnutls_get_library_config(); p->name; p++) {
 			log_msg(stdout, "%s: %s\n", p->name, p->value);
 		}
-		log_msg(stdout, "system-config: %s\n", gnutls_get_system_config_file());
+		log_msg(stdout, "system-config: %s\n",
+			gnutls_get_system_config_file());
 		exit(0);
 	}
 
@@ -1711,7 +1721,7 @@ static void cmd_parser(int argc, char **argv)
 			exit(1);
 		}
 		inline_commands_prefix =
-		    (char *) OPT_ARG(INLINE_COMMANDS_PREFIX);
+		    (char *)OPT_ARG(INLINE_COMMANDS_PREFIX);
 		if (!isascii(inline_commands_prefix[0])) {
 			fprintf(stderr,
 				"inline-commands-prefix value is a single US-ASCII character (octets 0 - 127)\n");
@@ -1738,7 +1748,9 @@ static void cmd_parser(int argc, char **argv)
 		snprintf(service, sizeof(service), "%s", OPT_ARG(PORT));
 	} else {
 		if (HAVE_OPT(STARTTLS_PROTO))
-			snprintf(service, sizeof(service), "%s", starttls_proto_to_service(OPT_ARG(STARTTLS_PROTO)));
+			snprintf(service, sizeof(service), "%s",
+				 starttls_proto_to_service(OPT_ARG
+							   (STARTTLS_PROTO)));
 		else
 			strcpy(service, "443");
 	}
@@ -1778,7 +1790,7 @@ static void cmd_parser(int argc, char **argv)
 		psk_username = OPT_ARG(PSKUSERNAME);
 
 	if (HAVE_OPT(PSKKEY)) {
-		psk_key.data = (unsigned char *) OPT_ARG(PSKKEY);
+		psk_key.data = (unsigned char *)OPT_ARG(PSKKEY);
 		psk_key.size = strlen(OPT_ARG(PSKKEY));
 	} else
 		psk_key.size = 0;
@@ -1789,7 +1801,8 @@ static void cmd_parser(int argc, char **argv)
 	fastopen = HAVE_OPT(FASTOPEN);
 #else
 	if (HAVE_OPT(FASTOPEN)) {
-		fprintf(stderr, "Warning: TCP Fast Open not supported on this OS\n");
+		fprintf(stderr,
+			"Warning: TCP Fast Open not supported on this OS\n");
 	}
 #endif
 
@@ -1817,9 +1830,11 @@ static void check_server_cmd(socket_st * socket, int ret)
 			ret = do_handshake(socket);
 
 			if (ret == 0) {
-				log_msg(stdout, "*** Rehandshake was performed.\n");
+				log_msg(stdout,
+					"*** Rehandshake was performed.\n");
 			} else {
-				log_msg(stdout, "*** Rehandshake Failed: %s\n", gnutls_strerror(ret));
+				log_msg(stdout, "*** Rehandshake Failed: %s\n",
+					gnutls_strerror(ret));
 			}
 		} else if (ret == GNUTLS_E_REAUTH_REQUEST) {
 			do {
@@ -1829,20 +1844,21 @@ static void check_server_cmd(socket_st * socket, int ret)
 			if (ret == 0) {
 				log_msg(stdout, "*** Re-auth was performed.\n");
 			} else {
-				log_msg(stdout, "*** Re-auth failed: %s\n", gnutls_strerror(ret));
+				log_msg(stdout, "*** Re-auth failed: %s\n",
+					gnutls_strerror(ret));
 			}
 		}
 	}
 }
 
-
 int do_handshake(socket_st * socket)
 {
 	int ret;
 
 	if (fastopen && socket->connect_addrlen) {
 		gnutls_transport_set_fastopen(socket->session, socket->fd,
-					      (struct sockaddr*)&socket->connect_addr,
+					      (struct sockaddr *)
+					      &socket->connect_addr,
 					      socket->connect_addrlen, 0);
 		socket->connect_addrlen = 0;
 	} else {
@@ -1862,7 +1878,8 @@ int do_handshake(socket_st * socket)
 
 	if (ret == 0) {
 		/* print some information */
-		print_info(socket->session, verbose, HAVE_OPT(X509CERTFILE)?P_WAIT_FOR_CERT:0);
+		print_info(socket->session, verbose,
+			   HAVE_OPT(X509CERTFILE) ? P_WAIT_FOR_CERT : 0);
 		if (HAVE_OPT(KEYMATEXPORT))
 			print_key_material(socket->session,
 					   OPT_ARG(KEYMATEXPORT),
@@ -1893,8 +1910,7 @@ srp_username_callback(gnutls_session_t session,
 #endif
 
 static int
-psk_callback(gnutls_session_t session, char **username,
-	     gnutls_datum_t * key)
+psk_callback(gnutls_session_t session, char **username, gnutls_datum_t * key)
 {
 	const char *hint = gnutls_psk_client_get_hint(session);
 	char *rawkey;
@@ -1920,8 +1936,7 @@ psk_callback(gnutls_session_t session, char **username,
 		ret = getline(&p, &n, stdin);
 
 		if (ret == -1 || p == NULL) {
-			fprintf(stderr,
-				"No username given, aborting...\n");
+			fprintf(stderr, "No username given, aborting...\n");
 			return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 		}
 
@@ -1942,7 +1957,7 @@ psk_callback(gnutls_session_t session, char **username,
 		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 	}
 
-	tmp.data = (void *) passwd;
+	tmp.data = (void *)passwd;
 	tmp.size = strlen(passwd);
 
 	res_size = tmp.size / 2 + 1;
@@ -1959,7 +1974,7 @@ psk_callback(gnutls_session_t session, char **username,
 		return ret;
 	}
 
-	key->data = (void *) rawkey;
+	key->data = (void *)rawkey;
 	key->size = res_size;
 
 	if (HAVE_OPT(DEBUG)) {
@@ -1967,7 +1982,8 @@ psk_callback(gnutls_session_t session, char **username,
 		res_size = sizeof(hexkey);
 		ret = gnutls_hex_encode(key, hexkey, &res_size);
 		if (ret < 0) {
-			fprintf(stderr, "Error in hex encoding: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Error in hex encoding: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 		fprintf(stderr, "PSK username: %s\n", *username);
@@ -1991,8 +2007,7 @@ static void init_global_tls_stuff(void)
 				gnutls_strerror(ret));
 		else {
 			ret =
-			    gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER),
-						       NULL);
+			    gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER), NULL);
 			if (ret < 0) {
 				fprintf(stderr, "pkcs11_add_provider: %s",
 					gnutls_strerror(ret));
@@ -2020,18 +2035,19 @@ static void init_global_tls_stuff(void)
 
 	if (x509_cafile != NULL) {
 		ret = gnutls_x509_trust_list_add_trust_file(tlist,
-                                                            x509_cafile,
-                                                            NULL,
-                                                            x509ctype,
-                                                            GNUTLS_TL_USE_IN_TLS,
-                                                            0);
+							    x509_cafile,
+							    NULL,
+							    x509ctype,
+							    GNUTLS_TL_USE_IN_TLS,
+							    0);
 	} else {
 		if (insecure == 0) {
 			ret = gnutls_x509_trust_list_add_system_trust(tlist,
-                                                                      GNUTLS_TL_USE_IN_TLS,
-                                                                      0);
+								      GNUTLS_TL_USE_IN_TLS,
+								      0);
 			if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE) {
-				fprintf(stderr, "Warning: this system doesn't support a default trust store\n");
+				fprintf(stderr,
+					"Warning: this system doesn't support a default trust store\n");
 				ret = 0;
 			}
 		} else {
@@ -2039,14 +2055,16 @@ static void init_global_tls_stuff(void)
 		}
 	}
 	if (ret < 0) {
-		fprintf(stderr, "Error setting the x509 trust file: %s\n", gnutls_strerror(ret));
+		fprintf(stderr, "Error setting the x509 trust file: %s\n",
+			gnutls_strerror(ret));
 		exit(1);
 	} else {
 		log_msg(stdout, "Processed %d CA certificate(s).\n", ret);
 	}
 
 	if (ENABLED_OPT(CA_AUTO_RETRIEVE))
-		gnutls_x509_trust_list_set_getissuer_function(tlist, getissuer_callback);
+		gnutls_x509_trust_list_set_getissuer_function(tlist,
+							      getissuer_callback);
 
 	if (x509_crlfile != NULL) {
 		ret =
@@ -2055,7 +2073,8 @@ static void init_global_tls_stuff(void)
 							 x509ctype);
 		if (ret < 0) {
 			fprintf(stderr,
-				"Error setting the x509 CRL file: %s\n", gnutls_strerror(ret));
+				"Error setting the x509 CRL file: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		} else {
 			log_msg(stdout, "Processed %d CRL(s).\n", ret);
@@ -2139,14 +2158,18 @@ static int cert_verify_ocsp(gnutls_session_t session)
 
 		ret = gnutls_x509_crt_init(&cert);
 		if (ret < 0) {
-			fprintf(stderr, "Memory error: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Memory error: %s\n",
+				gnutls_strerror(ret));
 			goto cleanup;
 		}
 
 		deinit_cert = 1;
-		ret = gnutls_x509_crt_import(cert, &cert_list[it], GNUTLS_X509_FMT_DER);
+		ret =
+		    gnutls_x509_crt_import(cert, &cert_list[it],
+					   GNUTLS_X509_FMT_DER);
 		if (ret < 0) {
-			fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Decoding error: %s\n",
+				gnutls_strerror(ret));
 			goto cleanup;
 		}
 
@@ -2159,18 +2182,23 @@ static int cert_verify_ocsp(gnutls_session_t session)
 		if (ret < 0 && cert_list_size - it > 1) {
 			ret = gnutls_x509_crt_init(&issuer);
 			if (ret < 0) {
-				fprintf(stderr, "Memory error: %s\n", gnutls_strerror(ret));
+				fprintf(stderr, "Memory error: %s\n",
+					gnutls_strerror(ret));
 				goto cleanup;
 			}
 			deinit_issuer = 1;
-			ret = gnutls_x509_crt_import(issuer, &cert_list[it + 1], GNUTLS_X509_FMT_DER);
+			ret =
+			    gnutls_x509_crt_import(issuer, &cert_list[it + 1],
+						   GNUTLS_X509_FMT_DER);
 			if (ret < 0) {
-				fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret));
+				fprintf(stderr, "Decoding error: %s\n",
+					gnutls_strerror(ret));
 				goto cleanup;
 			}
 		} else if (ret < 0) {
 			if (it == 0)
-				fprintf(stderr, "Cannot find issuer: %s\n", gnutls_strerror(ret));
+				fprintf(stderr, "Cannot find issuer: %s\n",
+					gnutls_strerror(ret));
 			goto cleanup;
 		}
 
@@ -2200,7 +2228,7 @@ static int cert_verify_ocsp(gnutls_session_t session)
 		}
 	}
 
-cleanup:
+ cleanup:
 	if (deinit_issuer)
 		gnutls_x509_crt_deinit(issuer);
 	if (deinit_cert)
@@ -2208,12 +2236,13 @@ cleanup:
 
 	if (failed > 0)
 		return -1;
-	return ok >= 1 ? (int) ok : -1;
+	return ok >= 1 ? (int)ok : -1;
 }
 #endif
 
 /* returns the host part of a URL */
-static const char *host_from_url(const char *url, unsigned int *port, const char **path)
+static const char *host_from_url(const char *url, unsigned int *port,
+				 const char **path)
 {
 	static char buffer[512];
 	char *p;
@@ -2226,7 +2255,7 @@ static const char *host_from_url(const char *url, unsigned int *port, const char
 		p = strchr(buffer, '/');
 		if (p != NULL) {
 			*p = 0;
-			*path = p+1;
+			*path = p + 1;
 		}
 
 		p = strchr(buffer, ':');
@@ -2263,8 +2292,7 @@ static size_t get_data(void *buf, size_t size, size_t nmemb, void *userp)
 static int
 getissuer_callback(const gnutls_x509_trust_list_t tlist,
 		   const gnutls_x509_crt_t cert,
-		   gnutls_x509_crt_t **issuers,
-		   unsigned int *issuers_size)
+		   gnutls_x509_crt_t ** issuers, unsigned int *issuers_size)
 {
 	gnutls_datum_t ud;
 	int ret;
@@ -2287,15 +2315,14 @@ getissuer_callback(const gnutls_x509_trust_list_t tlist,
 	i = 0;
 	do {
 		ret = gnutls_x509_crt_get_authority_info_access(cert, i++,
-				GNUTLS_IA_CAISSUERS_URI,
-				&data,
-				NULL);
+								GNUTLS_IA_CAISSUERS_URI,
+								&data, NULL);
 	} while (ret == GNUTLS_E_UNKNOWN_ALGORITHM);
 
 	if (ret < 0) {
 		fprintf(stderr,
-				"*** Cannot find caIssuer URI in certificate: %s\n",
-				gnutls_strerror(ret));
+			"*** Cannot find caIssuer URI in certificate: %s\n",
+			gnutls_strerror(ret));
 		return 0;
 	}
 
@@ -2321,7 +2348,8 @@ getissuer_callback(const gnutls_x509_trust_list_t tlist,
 	snprintf(headers, sizeof(headers), HEADER_PATTERN, path, _hostname);
 	headers_size = strlen(headers);
 
-	socket_open(&hd, _hostname, _service, NULL, SOCKET_FLAG_RAW|SOCKET_FLAG_SKIP_INIT, CONNECT_MSG, NULL);
+	socket_open(&hd, _hostname, _service, NULL,
+		    SOCKET_FLAG_RAW | SOCKET_FLAG_SKIP_INIT, CONNECT_MSG, NULL);
 	socket_send(&hd, headers, headers_size);
 
 	do {
@@ -2365,7 +2393,7 @@ getissuer_callback(const gnutls_x509_trust_list_t tlist,
 
 	ret = 0;
 
-cleanup:
+ cleanup:
 	gnutls_free(data.data);
 	free(ud.data);
 	free(url);
diff --git a/src/common.c b/src/common.c
index b0952a5faf..73b6949279 100644
--- a/src/common.c
+++ b/src/common.c
@@ -23,7 +23,7 @@
 /* Work around problem reported in
    <https://permalink.gmane.org/gmane.comp.lib.gnulib.bugs/15755>.*/
 #if GETTIMEOFDAY_CLOBBERS_LOCALTIME
-#undef localtime
+# undef localtime
 #endif
 
 #include <getpass.h>
@@ -41,11 +41,11 @@
 #ifndef _WIN32
 # include <signal.h>
 #else
-#include <ws2tcpip.h>
+# include <ws2tcpip.h>
 #endif
 
 #ifdef ENABLE_PKCS11
-#include <gnutls/pkcs11.h>
+# include <gnutls/pkcs11.h>
 #endif
 
 #define SU(x) (x!=NULL?x:"Unknown")
@@ -97,7 +97,7 @@ const char *raw_to_hex(const unsigned char *raw, size_t raw_size)
 const char *raw_to_base64(const unsigned char *raw, size_t raw_size)
 {
 	static char buf[1024];
-	gnutls_datum_t data = {(unsigned char*)raw, raw_size};
+	gnutls_datum_t data = { (unsigned char *)raw, raw_size };
 	size_t buf_size;
 	int ret;
 
@@ -115,7 +115,8 @@ const char *raw_to_base64(const unsigned char *raw, size_t raw_size)
 }
 
 static void
-print_x509_info(gnutls_session_t session, FILE *out, int flag, int print_cert, int print_crt_status)
+print_x509_info(gnutls_session_t session, FILE * out, int flag, int print_cert,
+		int print_crt_status)
 {
 	gnutls_x509_crt_t crt;
 	const gnutls_datum_t *cert_list;
@@ -131,7 +132,7 @@ print_x509_info(gnutls_session_t session, FILE *out, int flag, int print_cert, i
 
 	log_msg(out, "- Certificate type: X.509\n");
 	log_msg(out, "- Got a certificate list of %d certificates.\n",
-	       cert_list_size);
+		cert_list_size);
 
 	for (j = 0; j < cert_list_size; j++) {
 		gnutls_datum_t cinfo;
@@ -166,14 +167,14 @@ print_x509_info(gnutls_session_t session, FILE *out, int flag, int print_cert, i
 
 			ret =
 			    gnutls_x509_crt_export2(crt,
-						   GNUTLS_X509_FMT_PEM, &pem);
+						    GNUTLS_X509_FMT_PEM, &pem);
 			if (ret < 0) {
 				fprintf(stderr, "Encoding error: %s\n",
 					gnutls_strerror(ret));
 				return;
 			}
 
-			log_msg(out, "\n%s\n", (char*)pem.data);
+			log_msg(out, "\n%s\n", (char *)pem.data);
 
 			gnutls_free(pem.data);
 		}
@@ -183,7 +184,8 @@ print_x509_info(gnutls_session_t session, FILE *out, int flag, int print_cert, i
 }
 
 static void
-print_rawpk_info(gnutls_session_t session, FILE *out, int flag, int print_cert, int print_crt_status)
+print_rawpk_info(gnutls_session_t session, FILE * out, int flag, int print_cert,
+		 int print_crt_status)
 {
 	gnutls_pcert_st pk_cert;
 	gnutls_pk_algorithm_t pk_algo;
@@ -199,14 +201,13 @@ print_rawpk_info(gnutls_session_t session, FILE *out, int flag, int print_cert,
 	}
 
 	log_msg(out, "- Certificate type: Raw Public Key\n");
-	log_msg(out, "- Got %d Raw public-key(s).\n",
-	       cert_list_size);
+	log_msg(out, "- Got %d Raw public-key(s).\n", cert_list_size);
 
-
-	ret = gnutls_pcert_import_rawpk_raw(&pk_cert, cert_list, GNUTLS_X509_FMT_DER, 0, 0);
+	ret =
+	    gnutls_pcert_import_rawpk_raw(&pk_cert, cert_list,
+					  GNUTLS_X509_FMT_DER, 0, 0);
 	if (ret < 0) {
-		fprintf(stderr, "Decoding error: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "Decoding error: %s\n", gnutls_strerror(ret));
 		return;
 	}
 
@@ -218,14 +219,16 @@ print_rawpk_info(gnutls_session_t session, FILE *out, int flag, int print_cert,
 	if (print_cert) {
 		gnutls_datum_t pem;
 
-		ret = gnutls_pubkey_export2(pk_cert.pubkey, GNUTLS_X509_FMT_PEM, &pem);
+		ret =
+		    gnutls_pubkey_export2(pk_cert.pubkey, GNUTLS_X509_FMT_PEM,
+					  &pem);
 		if (ret < 0) {
 			fprintf(stderr, "Encoding error: %s\n",
 				gnutls_strerror(ret));
 			goto cleanup;
 		}
 
-		log_msg(out, "\n%s\n", (char*)pem.data);
+		log_msg(out, "\n%s\n", (char *)pem.data);
 
 		gnutls_free(pem.data);
 	}
@@ -236,7 +239,8 @@ print_rawpk_info(gnutls_session_t session, FILE *out, int flag, int print_cert,
 
 /* returns false (0) if not verified, or true (1) otherwise 
  */
-int cert_verify(gnutls_session_t session, const char *hostname, const char *purpose)
+int cert_verify(gnutls_session_t session, const char *hostname,
+		const char *purpose)
 {
 	int rc;
 	unsigned int status = 0;
@@ -249,13 +253,13 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp
 
 	if (hostname) {
 		data[elements].type = GNUTLS_DT_DNS_HOSTNAME;
-		data[elements].data = (void*)hostname;
+		data[elements].data = (void *)hostname;
 		elements++;
 	}
 
 	if (purpose) {
 		data[elements].type = GNUTLS_DT_KEY_PURPOSE_OID;
-		data[elements].data = (void*)purpose;
+		data[elements].data = (void *)purpose;
 		elements++;
 	}
 
@@ -267,7 +271,7 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp
 
 	if (rc < 0) {
 		log_msg(stdout, "- Could not verify certificate (err: %s)\n",
-		       gnutls_strerror(rc));
+			gnutls_strerror(rc));
 		return 0;
 	}
 
@@ -275,8 +279,9 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp
 	rc = gnutls_certificate_verification_status_print(status, type,
 							  &out, 0);
 	if (rc < 0) {
-		log_msg(stdout, "- Could not print verification flags (err: %s)\n",
-		       gnutls_strerror(rc));
+		log_msg(stdout,
+			"- Could not print verification flags (err: %s)\n",
+			gnutls_strerror(rc));
 		return 0;
 	}
 
@@ -295,8 +300,7 @@ int cert_verify(gnutls_session_t session, const char *hostname, const char *purp
 
 /* Parse input string and set certificate compression methods */
 int compress_cert_set_methods(gnutls_session_t session,
-			      const char **strings,
-			      size_t n_strings)
+			      const char **strings, size_t n_strings)
 {
 	int ret = 0;
 	gnutls_compression_method_t *methods;
@@ -311,7 +315,8 @@ int compress_cert_set_methods(gnutls_session_t session,
 
 	methods = reallocarray(NULL, n_strings, sizeof(*methods));
 	if (!methods) {
-		fprintf(stderr, "Could not set certificate compression methods: %s\n",
+		fprintf(stderr,
+			"Could not set certificate compression methods: %s\n",
 			gnutls_strerror(ret));
 		return GNUTLS_E_MEMORY_ERROR;
 	}
@@ -325,14 +330,17 @@ int compress_cert_set_methods(gnutls_session_t session,
 		}
 	}
 
-	ret = gnutls_compress_certificate_set_methods(session, methods, n_strings);
+	ret =
+	    gnutls_compress_certificate_set_methods(session, methods,
+						    n_strings);
 	if (ret < 0) {
-		fprintf(stderr, "Could not set certificate compression methods: %s\n",
+		fprintf(stderr,
+			"Could not set certificate compression methods: %s\n",
 			gnutls_strerror(ret));
 		goto cleanup;
 	}
 
-cleanup:
+ cleanup:
 	free(methods);
 
 #pragma GCC diagnostic pop
@@ -340,8 +348,7 @@ cleanup:
 	return ret;
 }
 
-static void
-print_dh_info(gnutls_session_t session, const char *str, int print)
+static void print_dh_info(gnutls_session_t session, const char *str, int print)
 {
 #if defined(ENABLE_DHE) || defined(ENABLE_ANON)
 	unsigned group;
@@ -362,11 +369,11 @@ print_dh_info(gnutls_session_t session, const char *str, int print)
 
 	log_msg(stdout, "- %sDiffie-Hellman parameters\n", str);
 	log_msg(stdout, " - Using prime: %d bits\n",
-	       gnutls_dh_get_prime_bits(session));
+		gnutls_dh_get_prime_bits(session));
 	log_msg(stdout, " - Secret key: %d bits\n",
-	       gnutls_dh_get_secret_bits(session));
+		gnutls_dh_get_secret_bits(session));
 	log_msg(stdout, " - Peer's public key: %d bits\n",
-	       gnutls_dh_get_peers_public_bits(session));
+		gnutls_dh_get_peers_public_bits(session));
 
 	ret = gnutls_dh_get_group(session, &raw_gen, &raw_prime);
 	if (ret) {
@@ -380,22 +387,17 @@ print_dh_info(gnutls_session_t session, const char *str, int print)
 		goto out;
 	}
 
-	ret =
-	    gnutls_dh_params_import_raw(dh_params, &raw_prime,
-						&raw_gen);
+	ret = gnutls_dh_params_import_raw(dh_params, &raw_prime, &raw_gen);
 	if (ret) {
-		fprintf(stderr, "gnutls_dh_params_import_raw %d\n",
-			ret);
+		fprintf(stderr, "gnutls_dh_params_import_raw %d\n", ret);
 		goto out;
 	}
 
 	ret = gnutls_dh_params_export_pkcs3(dh_params,
 					    GNUTLS_X509_FMT_PEM,
-					    params_data,
-					    &params_data_size);
+					    params_data, &params_data_size);
 	if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) {
-		fprintf(stderr,
-			"gnutls_dh_params_export_pkcs3 %d\n", ret);
+		fprintf(stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
 		goto out;
 	}
 
@@ -407,19 +409,16 @@ print_dh_info(gnutls_session_t session, const char *str, int print)
 
 	ret = gnutls_dh_params_export_pkcs3(dh_params,
 					    GNUTLS_X509_FMT_PEM,
-					    params_data,
-					    &params_data_size);
+					    params_data, &params_data_size);
 	if (ret) {
-		fprintf(stderr,
-			"gnutls_dh_params_export_pkcs3-2 %d\n",
-			ret);
+		fprintf(stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
 		goto out;
 	}
 
 	log_msg(stdout, " - PKCS#3 format:\n\n%.*s\n",
-	       (int) params_data_size, params_data);
+		(int)params_data_size, params_data);
 
-      out:
+ out:
 	gnutls_free(params_data);
 	gnutls_free(raw_prime.data);
 	gnutls_free(raw_gen.data);
@@ -427,7 +426,8 @@ print_dh_info(gnutls_session_t session, const char *str, int print)
 #endif
 }
 
-static void print_ecdh_info(gnutls_session_t session, const char *str, int print)
+static void print_ecdh_info(gnutls_session_t session, const char *str,
+			    int print)
 {
 	int curve;
 
@@ -438,9 +438,10 @@ static void print_ecdh_info(gnutls_session_t session, const char *str, int print
 
 	curve = gnutls_ecc_curve_get(session);
 
-	log_msg(stdout, " - Using curve: %s\n", gnutls_ecc_curve_get_name(curve));
+	log_msg(stdout, " - Using curve: %s\n",
+		gnutls_ecc_curve_get_name(curve));
 	log_msg(stdout, " - Curve size: %d bits\n",
-	       gnutls_ecc_curve_get_size(curve) * 8);
+		gnutls_ecc_curve_get_size(curve) * 8);
 
 }
 
@@ -452,9 +453,9 @@ struct channel_binding_request {
 static void print_channel_bindings(gnutls_session_t session, int print)
 {
 	static const struct channel_binding_request requests[] = {
-		{ GNUTLS_CB_TLS_UNIQUE, "tls-unique" },
-		{ GNUTLS_CB_TLS_SERVER_END_POINT, "tls-server-end-point" },
-		{ GNUTLS_CB_TLS_EXPORTER, "tls-exporter" }
+		{GNUTLS_CB_TLS_UNIQUE, "tls-unique"},
+		{GNUTLS_CB_TLS_SERVER_END_POINT, "tls-server-end-point"},
+		{GNUTLS_CB_TLS_EXPORTER, "tls-exporter"}
 	};
 	size_t i;
 
@@ -468,8 +469,7 @@ static void print_channel_bindings(gnutls_session_t session, int print)
 		int rc;
 
 		rc = gnutls_session_channel_binding(session,
-						    requests[i].type,
-						    &cb);
+						    requests[i].type, &cb);
 		if (rc == GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE) {
 			log_msg(stdout, " - '%s': not available\n",
 				requests[i].name);
@@ -479,8 +479,7 @@ static void print_channel_bindings(gnutls_session_t session, int print)
 		} else {
 			size_t j;
 
-			log_msg(stdout, " - '%s': ",
-				requests[i].name);
+			log_msg(stdout, " - '%s': ", requests[i].name);
 			for (j = 0; j < cb.size; j++)
 				log_msg(stdout, "%02x", cb.data[j]);
 			log_msg(stdout, "\n");
@@ -511,7 +510,7 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 	gnutls_session_get_id(session, session_id, &session_id_size);
 	if (session_id_size > 0) {
 		log_msg(stdout, "- Session ID: %s\n",
-		       raw_to_string(session_id, session_id_size));
+			raw_to_string(session_id, session_id_size));
 	}
 
 	/* print the key exchange's algorithm name
@@ -534,8 +533,9 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 		 * side.
 		 */
 		if (gnutls_srp_server_get_username(session) != NULL)
-			log_msg(stdout, "- SRP authentication. Connected as '%s'\n",
-			       gnutls_srp_server_get_username(session));
+			log_msg(stdout,
+				"- SRP authentication. Connected as '%s'\n",
+				gnutls_srp_server_get_username(session));
 		break;
 #endif
 #ifdef ENABLE_PSK
@@ -544,12 +544,13 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 		 */
 		if (gnutls_psk_client_get_hint(session) != NULL)
 			log_msg(stdout, "- PSK authentication. PSK hint '%s'\n",
-			       gnutls_psk_client_get_hint(session));
+				gnutls_psk_client_get_hint(session));
 		/* This returns NULL in client side.
 		 */
 		if (gnutls_psk_server_get_username(session) != NULL)
-			log_msg(stdout, "- PSK authentication. Connected as '%s'\n",
-			       gnutls_psk_server_get_username(session));
+			log_msg(stdout,
+				"- PSK authentication. Connected as '%s'\n",
+				gnutls_psk_server_get_username(session));
 		if (kx == GNUTLS_KX_DHE_PSK)
 			print_dh_info(session, "Ephemeral ", verbose);
 		if (kx == GNUTLS_KX_ECDHE_PSK)
@@ -569,15 +570,17 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 			if (gnutls_server_name_get
 			    (session, dns, &dns_size, &type, 0) == 0) {
 				log_msg(stdout, "- Given server name[%d]: %s\n",
-				       type, dns);
+					type, dns);
 			}
 		}
 
-		if ((flags & P_WAIT_FOR_CERT) && gnutls_certificate_get_ours(session) == 0)
+		if ((flags & P_WAIT_FOR_CERT)
+		    && gnutls_certificate_get_ours(session) == 0)
 			log_msg(stdout, "- No certificate was sent to peer\n");
 
-		if (flags& P_PRINT_CERT)
-			print_cert_info(session, verbose, (flags&P_PRINT_CERT));
+		if (flags & P_PRINT_CERT)
+			print_cert_info(session, verbose,
+					(flags & P_PRINT_CERT));
 
 		if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
 			print_dh_info(session, "Ephemeral ", verbose);
@@ -590,11 +593,9 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 		break;
 	}
 
-
 	if (verbose) {
 		version = gnutls_protocol_get_version(session);
-		tmp =
-		    SU(gnutls_protocol_get_name(version));
+		tmp = SU(gnutls_protocol_get_name(version));
 		log_msg(stdout, "- Version: %s\n", tmp);
 
 		if (version < GNUTLS_TLS1_3) {
@@ -625,15 +626,19 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 	}
 
 	log_msg(stdout, "- Options:");
-	if (gnutls_session_ext_master_secret_status(session)!=0)
+	if (gnutls_session_ext_master_secret_status(session) != 0)
 		log_msg(stdout, " extended master secret,");
-	if (gnutls_safe_renegotiation_status(session)!=0)
+	if (gnutls_safe_renegotiation_status(session) != 0)
 		log_msg(stdout, " safe renegotiation,");
-	if (gnutls_session_etm_status(session)!=0)
+	if (gnutls_session_etm_status(session) != 0)
 		log_msg(stdout, " EtM,");
 #ifdef ENABLE_OCSP
-	if (gnutls_ocsp_status_request_is_checked(session, GNUTLS_OCSP_SR_IS_AVAIL)!=0) {
-		log_msg(stdout, " OCSP status request%s,", gnutls_ocsp_status_request_is_checked(session,0)!=0?"":"[ignored]");
+	if (gnutls_ocsp_status_request_is_checked
+	    (session, GNUTLS_OCSP_SR_IS_AVAIL) != 0) {
+		log_msg(stdout, " OCSP status request%s,",
+			gnutls_ocsp_status_request_is_checked(session,
+							      0) !=
+			0 ? "" : "[ignored]");
 	}
 #endif
 	log_msg(stdout, "\n");
@@ -642,13 +647,14 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 	rc = gnutls_srtp_get_selected_profile(session, &srtp_profile);
 	if (rc == 0)
 		log_msg(stdout, "- SRTP profile: %s\n",
-		       gnutls_srtp_get_profile_name(srtp_profile));
+			gnutls_srtp_get_profile_name(srtp_profile));
 #endif
 
 #ifdef ENABLE_ALPN
 	rc = gnutls_alpn_get_selected_protocol(session, &p);
 	if (rc == 0)
-		log_msg(stdout, "- Application protocol: %.*s\n", p.size, p.data);
+		log_msg(stdout, "- Application protocol: %.*s\n", p.size,
+			p.data);
 #endif
 
 	print_channel_bindings(session, verbose);
@@ -656,10 +662,13 @@ int print_info(gnutls_session_t session, int verbose, int flags)
 	ktls_flags = gnutls_transport_is_ktls_enabled(session);
 	if (ktls_flags != 0) {
 		log_msg(stdout, "- KTLS: %s\n",
-			(ktls_flags & GNUTLS_KTLS_DUPLEX) == GNUTLS_KTLS_DUPLEX ? "send, recv" :
-			(ktls_flags & GNUTLS_KTLS_SEND) == GNUTLS_KTLS_SEND ? "send" :
-			(ktls_flags & GNUTLS_KTLS_RECV) == GNUTLS_KTLS_RECV ? "recv" :
-			"unknown");
+			(ktls_flags & GNUTLS_KTLS_DUPLEX) ==
+			GNUTLS_KTLS_DUPLEX ? "send, recv" : (ktls_flags &
+							     GNUTLS_KTLS_SEND)
+			==
+			GNUTLS_KTLS_SEND ? "send" : (ktls_flags &
+						     GNUTLS_KTLS_RECV) ==
+			GNUTLS_KTLS_RECV ? "recv" : "unknown");
 	}
 
 	fflush(stdout);
@@ -672,7 +681,8 @@ void print_cert_info(gnutls_session_t session, int verbose, int print_cert)
 	print_cert_info2(session, verbose, stdout, print_cert);
 }
 
-void print_cert_info2(gnutls_session_t session, int verbose, FILE *out, int print_cert)
+void print_cert_info2(gnutls_session_t session, int verbose, FILE * out,
+		      int print_cert)
 {
 	int flag, print_crt_status = 0;
 
@@ -688,10 +698,12 @@ void print_cert_info2(gnutls_session_t session, int verbose, FILE *out, int prin
 
 	switch (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_PEERS)) {
 	case GNUTLS_CRT_X509:
-		print_x509_info(session, out, flag, print_cert, print_crt_status);
+		print_x509_info(session, out, flag, print_cert,
+				print_crt_status);
 		break;
 	case GNUTLS_CRT_RAWPK:
-		print_rawpk_info(session, out, flag, print_cert, print_crt_status);
+		print_rawpk_info(session, out, flag, print_cert,
+				 print_crt_status);
 		break;
 	default:
 		break;
@@ -721,15 +733,15 @@ void print_list(const char *priorities, int verbose)
 			if (ret == GNUTLS_E_INVALID_REQUEST)
 				fprintf(stderr, "Syntax error at: %s\n", err);
 			else
-				fprintf(stderr, "Error in priorities: %s\n", gnutls_strerror(ret));
+				fprintf(stderr, "Error in priorities: %s\n",
+					gnutls_strerror(ret));
 			exit(1);
 		}
 
 		for (i = 0;; i++) {
 			ret =
 			    gnutls_priority_get_cipher_suite_index(pcache,
-								   i,
-								   &idx);
+								   i, &idx);
 			if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
 				break;
 			if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
@@ -741,9 +753,9 @@ void print_list(const char *priorities, int verbose)
 
 			if (name != NULL)
 				log_msg(stdout, "%-50s\t0x%02x, 0x%02x\t%s\n",
-				       name, (unsigned char) id[0],
-				       (unsigned char) id[1],
-				       gnutls_protocol_get_name(version));
+					name, (unsigned char)id[0],
+					(unsigned char)id[1],
+					gnutls_protocol_get_name(version));
 		}
 
 		log_msg(stdout, "\n");
@@ -751,17 +763,17 @@ void print_list(const char *priorities, int verbose)
 		{
 			ret =
 			    gnutls_priority_certificate_type_list2(pcache,
-								  &list,
-								  GNUTLS_CTYPE_CLIENT);
+								   &list,
+								   GNUTLS_CTYPE_CLIENT);
 
 			log_msg(stdout, "Certificate types: ");
 			if (ret == 0)
 				log_msg(stdout, "none\n");
-			for (i = 0; i < (unsigned) ret; i++) {
+			for (i = 0; i < (unsigned)ret; i++) {
 				log_msg(stdout, "CTYPE-%s",
-				       gnutls_certificate_type_get_name
-				       (list[i]));
-				if (i + 1 != (unsigned) ret)
+					gnutls_certificate_type_get_name
+					(list[i]));
+				if (i + 1 != (unsigned)ret)
 					log_msg(stdout, ", ");
 				else
 					log_msg(stdout, "\n");
@@ -775,10 +787,10 @@ void print_list(const char *priorities, int verbose)
 			log_msg(stdout, "Protocols: ");
 			if (ret == 0)
 				log_msg(stdout, "none\n");
-			for (i = 0; i < (unsigned) ret; i++) {
+			for (i = 0; i < (unsigned)ret; i++) {
 				log_msg(stdout, "VERS-%s",
-				       gnutls_protocol_get_name(list[i]));
-				if (i + 1 != (unsigned) ret)
+					gnutls_protocol_get_name(list[i]));
+				if (i + 1 != (unsigned)ret)
 					log_msg(stdout, ", ");
 				else
 					log_msg(stdout, "\n");
@@ -791,10 +803,10 @@ void print_list(const char *priorities, int verbose)
 			log_msg(stdout, "Ciphers: ");
 			if (ret == 0)
 				log_msg(stdout, "none\n");
-			for (i = 0; i < (unsigned) ret; i++) {
+			for (i = 0; i < (unsigned)ret; i++) {
 				log_msg(stdout, "%s",
-				       gnutls_cipher_get_name(list[i]));
-				if (i + 1 != (unsigned) ret)
+					gnutls_cipher_get_name(list[i]));
+				if (i + 1 != (unsigned)ret)
 					log_msg(stdout, ", ");
 				else
 					log_msg(stdout, "\n");
@@ -807,10 +819,10 @@ void print_list(const char *priorities, int verbose)
 			log_msg(stdout, "MACs: ");
 			if (ret == 0)
 				log_msg(stdout, "none\n");
-			for (i = 0; i < (unsigned) ret; i++) {
+			for (i = 0; i < (unsigned)ret; i++) {
 				log_msg(stdout, "%s",
-				       gnutls_mac_get_name(list[i]));
-				if (i + 1 != (unsigned) ret)
+					gnutls_mac_get_name(list[i]));
+				if (i + 1 != (unsigned)ret)
 					log_msg(stdout, ", ");
 				else
 					log_msg(stdout, "\n");
@@ -823,10 +835,10 @@ void print_list(const char *priorities, int verbose)
 			log_msg(stdout, "Key Exchange Algorithms: ");
 			if (ret == 0)
 				log_msg(stdout, "none\n");
-			for (i = 0; i < (unsigned) ret; i++) {
+			for (i = 0; i < (unsigned)ret; i++) {
 				log_msg(stdout, "%s",
-				       gnutls_kx_get_name(list[i]));
-				if (i + 1 != (unsigned) ret)
+					gnutls_kx_get_name(list[i]));
+				if (i + 1 != (unsigned)ret)
 					log_msg(stdout, ", ");
 				else
 					log_msg(stdout, "\n");
@@ -834,16 +846,15 @@ void print_list(const char *priorities, int verbose)
 		}
 
 		{
-			ret =
-			    gnutls_priority_group_list(pcache, &list);
+			ret = gnutls_priority_group_list(pcache, &list);
 
 			log_msg(stdout, "Groups: ");
 			if (ret == 0)
 				log_msg(stdout, "none\n");
-			for (i = 0; i < (unsigned) ret; i++) {
+			for (i = 0; i < (unsigned)ret; i++) {
 				log_msg(stdout, "GROUP-%s",
-				       gnutls_group_get_name(list[i]));
-				if (i + 1 != (unsigned) ret)
+					gnutls_group_get_name(list[i]));
+				if (i + 1 != (unsigned)ret)
 					log_msg(stdout, ", ");
 				else
 					log_msg(stdout, "\n");
@@ -856,11 +867,11 @@ void print_list(const char *priorities, int verbose)
 			log_msg(stdout, "PK-signatures: ");
 			if (ret == 0)
 				log_msg(stdout, "none\n");
-			for (i = 0; i < (unsigned) ret; i++) {
+			for (i = 0; i < (unsigned)ret; i++) {
 				log_msg(stdout, "SIGN-%s",
-				       gnutls_sign_algorithm_get_name(list
-								      [i]));
-				if (i + 1 != (unsigned) ret)
+					gnutls_sign_algorithm_get_name(list
+								       [i]));
+				if (i + 1 != (unsigned)ret)
 					log_msg(stdout, ", ");
 				else
 					log_msg(stdout, "\n");
@@ -875,12 +886,13 @@ void print_list(const char *priorities, int verbose)
 	for (i = 0; (name = gnutls_cipher_suite_info
 		     (i, id, &kx, &cipher, &mac, &version)); i++) {
 		log_msg(stdout, "%-50s\t0x%02x, 0x%02x\t%s\n",
-		       name,
-		       (unsigned char) id[0], (unsigned char) id[1],
-		       gnutls_protocol_get_name(version));
+			name,
+			(unsigned char)id[0], (unsigned char)id[1],
+			gnutls_protocol_get_name(version));
 		if (verbose)
 			log_msg
-			    (stdout, "\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
+			    (stdout,
+			     "\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
 			     gnutls_kx_get_name(kx),
 			     gnutls_cipher_get_name(cipher),
 			     gnutls_mac_get_name(mac));
@@ -894,7 +906,7 @@ void print_list(const char *priorities, int verbose)
 		log_msg(stdout, "Certificate types: ");
 		for (; *p; p++) {
 			log_msg(stdout, "CTYPE-%s",
-			       gnutls_certificate_type_get_name(*p));
+				gnutls_certificate_type_get_name(*p));
 			if (*(p + 1))
 				log_msg(stdout, ", ");
 			else
@@ -907,7 +919,8 @@ void print_list(const char *priorities, int verbose)
 
 		log_msg(stdout, "Protocols: ");
 		for (; *p; p++) {
-			log_msg(stdout, "VERS-%s", gnutls_protocol_get_name(*p));
+			log_msg(stdout, "VERS-%s",
+				gnutls_protocol_get_name(*p));
 			if (*(p + 1))
 				log_msg(stdout, ", ");
 			else
@@ -973,7 +986,8 @@ void print_list(const char *priorities, int verbose)
 
 		log_msg(stdout, "Compression: ");
 		for (; *p; p++) {
-			log_msg(stdout, "COMP-%s", gnutls_compression_get_name(*p));
+			log_msg(stdout, "COMP-%s",
+				gnutls_compression_get_name(*p));
 			if (*(p + 1))
 				log_msg(stdout, ", ");
 			else
@@ -1013,7 +1027,7 @@ void print_list(const char *priorities, int verbose)
 		log_msg(stdout, "PK-signatures: ");
 		for (; *p; p++) {
 			log_msg(stdout, "SIGN-%s",
-			       gnutls_sign_algorithm_get_name(*p));
+				gnutls_sign_algorithm_get_name(*p));
 			if (*(p + 1))
 				log_msg(stdout, ", ");
 			else
@@ -1059,7 +1073,8 @@ print_key_material(gnutls_session_t session, const char *label, size_t size)
 	gnutls_free(hex.data);
 }
 
-int check_command(gnutls_session_t session, const char *str, unsigned no_cli_cert)
+int check_command(gnutls_session_t session, const char *str,
+		  unsigned no_cli_cert)
 {
 	size_t len = strnlen(str, 128);
 	int ret;
@@ -1070,22 +1085,21 @@ int check_command(gnutls_session_t session, const char *str, unsigned no_cli_cer
 		if (strncmp
 		    (str, "**REHANDSHAKE**",
 		     sizeof("**REHANDSHAKE**") - 1) == 0) {
-			fprintf(stderr,
-				"*** Sending rehandshake request\n");
+			fprintf(stderr, "*** Sending rehandshake request\n");
 			gnutls_rehandshake(session);
 			return 1;
 		} else if (strncmp
-		    (str, "**REAUTH**",
-		     sizeof("**REAUTH**") - 1) == 0) {
+			   (str, "**REAUTH**", sizeof("**REAUTH**") - 1) == 0) {
 			/* in case we have a re-auth cmd prepare for it */
 			if (no_cli_cert)
-				gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE);
+				gnutls_certificate_server_set_request(session,
+								      GNUTLS_CERT_REQUIRE);
 
-			fprintf(stderr,
-				"*** Sending re-auth request\n");
+			fprintf(stderr, "*** Sending re-auth request\n");
 			do {
 				ret = gnutls_reauth(session, 0);
-			} while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+			} while (ret == GNUTLS_E_AGAIN
+				 || ret == GNUTLS_E_INTERRUPTED);
 			if (ret < 0) {
 				fprintf(stderr, "reauth: %s\n",
 					gnutls_strerror(ret));
@@ -1184,7 +1198,8 @@ pin_callback(void *user, int attempt, const char *token_url,
 		env = "GNUTLS_SO_PIN";
 		desc = "security officer";
 		if (info && info->so_pin)
-			snprintf(password, sizeof(password), "%s", info->so_pin);
+			snprintf(password, sizeof(password), "%s",
+				 info->so_pin);
 	} else {
 		env = "GNUTLS_PIN";
 		desc = "user";
@@ -1207,8 +1222,7 @@ pin_callback(void *user, int attempt, const char *token_url,
 	}
 
 	if (cache > 0 && cached_url != NULL) {
-		if (token_url != NULL
-		    && strcmp(cached_url, token_url) == 0) {
+		if (token_url != NULL && strcmp(cached_url, token_url) == 0) {
 			if (strlen(cached_pin) >= pin_max) {
 				fprintf(stderr, "Too long PIN given\n");
 				exit(1);
@@ -1227,11 +1241,12 @@ pin_callback(void *user, int attempt, const char *token_url,
 
 	if (password[0] == 0) {
 		getenv_copy(password, sizeof(password), env);
-		if (password[0] == 0) /* compatibility */
+		if (password[0] == 0)	/* compatibility */
 			getenv_copy(password, sizeof(password), "GNUTLS_PIN");
 	}
 
-	if (password[0] == 0 && info != NULL && info->password != NULL && info->ask_pass == 0) {
+	if (password[0] == 0 && info != NULL && info->password != NULL
+	    && info->ask_pass == 0) {
 		if (strlen(info->password) < sizeof(password)) {
 			strcpy(password, info->password);
 		} else {
@@ -1240,22 +1255,27 @@ pin_callback(void *user, int attempt, const char *token_url,
 		}
 	}
 
-	if (password[0] == 0 && (info == NULL || info->batch == 0 || info->ask_pass != 0)) {
+	if (password[0] == 0
+	    && (info == NULL || info->batch == 0 || info->ask_pass != 0)) {
 		if (token_label && token_label[0] != 0) {
-			fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
+			fprintf(stderr, "Token '%s' with URL '%s' ",
+				token_label, token_url);
 			fprintf(stderr, "requires %s PIN\n", desc);
 			getpass_copy(password, sizeof(password), "Enter PIN: ");
 		} else {
-			getpass_copy(password, sizeof(password), "Enter password: ");
+			getpass_copy(password, sizeof(password),
+				     "Enter password: ");
 		}
 
 	} else {
 		if (flags & GNUTLS_PIN_WRONG) {
 			if (token_label && token_label[0] != 0) {
-				fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
+				fprintf(stderr, "Token '%s' with URL '%s' ",
+					token_label, token_url);
 				fprintf(stderr, "requires %s PIN\n", desc);
 			}
-			fprintf(stderr, "Cannot continue with a wrong password in the environment.\n");
+			fprintf(stderr,
+				"Cannot continue with a wrong password in the environment.\n");
 			exit(1);
 		}
 	}
@@ -1263,7 +1283,8 @@ pin_callback(void *user, int attempt, const char *token_url,
 	if (password[0] == 0 || password[0] == '\n') {
 		fprintf(stderr, "No PIN given.\n");
 		if (info != NULL && info->batch != 0) {
-			fprintf(stderr, "note: when operating in batch mode, set the GNUTLS_PIN or GNUTLS_SO_PIN environment variables\n");
+			fprintf(stderr,
+				"note: when operating in batch mode, set the GNUTLS_PIN or GNUTLS_SO_PIN environment variables\n");
 		}
 		exit(1);
 	}
@@ -1290,8 +1311,7 @@ pin_callback(void *user, int attempt, const char *token_url,
 
 #ifdef ENABLE_PKCS11
 
-static int
-token_callback(void *user, const char *label, const unsigned retry)
+static int token_callback(void *user, const char *label, const unsigned retry)
 {
 	char buf[32];
 	common_info_st *info = user;
@@ -1301,7 +1321,7 @@ token_callback(void *user, const char *label, const unsigned retry)
 		return -1;
 	}
 	log_msg(stdout, "Please insert token '%s' in slot and press enter\n",
-	       label);
+		label);
 	if (fgets(buf, sizeof(buf), stdin) == NULL) {
 		fprintf(stderr, "error reading input\n");
 		return -1;
@@ -1310,7 +1330,7 @@ token_callback(void *user, const char *label, const unsigned retry)
 	return 0;
 }
 
-void pkcs11_common(common_info_st *c)
+void pkcs11_common(common_info_st * c)
 {
 
 	gnutls_pkcs11_set_pin_function(pin_callback, c);
@@ -1335,8 +1355,7 @@ void sockets_init(void)
 #endif
 }
 
-
-int log_msg(FILE *file, const char *message, ...)
+int log_msg(FILE * file, const char *message, ...)
 {
 	va_list args;
 	int rv;
@@ -1350,7 +1369,7 @@ int log_msg(FILE *file, const char *message, ...)
 	return rv;
 }
 
-void log_set(FILE *file)
+void log_set(FILE * file)
 {
 	logfile = file;
 }
@@ -1359,7 +1378,7 @@ void log_set(FILE *file)
 #pragma GCC diagnostic ignored "-Wformat-y2k"
 /* This is very similar to ctime() but it does not force a newline.
  */
-char *simple_ctime(const time_t *t, char out[SIMPLE_CTIME_BUF_SIZE])
+char *simple_ctime(const time_t * t, char out[SIMPLE_CTIME_BUF_SIZE])
 {
 	struct tm tm;
 
@@ -1375,4 +1394,5 @@ char *simple_ctime(const time_t *t, char out[SIMPLE_CTIME_BUF_SIZE])
 	snprintf(out, SIMPLE_CTIME_BUF_SIZE, "[error]");
 	return out;
 }
+
 #pragma GCC diagnostic pop
diff --git a/src/common.h b/src/common.h
index 507d0d8337..6fac0044ec 100644
--- a/src/common.h
+++ b/src/common.h
@@ -19,57 +19,59 @@
  */
 
 #ifndef GNUTLS_SRC_COMMON_H
-#define GNUTLS_SRC_COMMON_H
-
-#define SERVER "127.0.0.1"
-
-#include <config.h>
-#include <gnutls/gnutls.h>
-#include <gnutls/pkcs11.h>
-#include <certtool-common.h>
-#include <c-ctype.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <netdb.h>
-#include <unistd.h>
-#ifndef _WIN32
-#include <netinet/in.h>
-#endif
-
-#include <signal.h>
-#ifdef _WIN32
-#include <io.h>
-#include <winbase.h>
-#include <sys/select.h>
-#include "socket.h"
-#undef OCSP_RESPONSE
-#endif
-
-#ifndef __attribute__
-#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
-#define __attribute__(Spec)	/* empty */
-#endif
-#endif
+# define GNUTLS_SRC_COMMON_H
+
+# define SERVER "127.0.0.1"
+
+# include <config.h>
+# include <gnutls/gnutls.h>
+# include <gnutls/pkcs11.h>
+# include <certtool-common.h>
+# include <c-ctype.h>
+# include <string.h>
+# include <sys/socket.h>
+# include <netdb.h>
+# include <unistd.h>
+# ifndef _WIN32
+#  include <netinet/in.h>
+# endif
+
+# include <signal.h>
+# ifdef _WIN32
+#  include <io.h>
+#  include <winbase.h>
+#  include <sys/select.h>
+#  include "socket.h"
+#  undef OCSP_RESPONSE
+# endif
+
+# ifndef __attribute__
+#  if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
+#   define __attribute__(Spec)	/* empty */
+#  endif
+# endif
 
 /* the number of elements in the priority structures.
  */
-#define PRI_MAX 16
+# define PRI_MAX 16
 
 extern const char str_unknown[];
 
-#define P_PRINT_CERT 1
-#define P_WAIT_FOR_CERT (1<<1)
+# define P_PRINT_CERT 1
+# define P_WAIT_FOR_CERT (1<<1)
 int print_info(gnutls_session_t state, int verbose, int flags);
 void print_cert_info(gnutls_session_t, int flag, int print_cert);
 void print_key_material(gnutls_session_t, const char *label, size_t size);
 
-int log_msg(FILE *file, const char *message, ...) __attribute__((format(printf, 2, 3)));
-void log_set(FILE *file);
+int log_msg(FILE * file, const char *message, ...)
+    __attribute__((format(printf, 2, 3)));
+void log_set(FILE * file);
 
-void print_cert_info2(gnutls_session_t, int flag, FILE *fp, int print_cert);
+void print_cert_info2(gnutls_session_t, int flag, FILE * fp, int print_cert);
 
 void print_list(const char *priorities, int verbose);
-int cert_verify(gnutls_session_t session, const char *hostname, const char *purpose);
+int cert_verify(gnutls_session_t session, const char *hostname,
+		const char *purpose);
 
 int compress_cert_set_methods(gnutls_session_t session, const char **strings,
 			      size_t n_strings);
@@ -77,9 +79,10 @@ int compress_cert_set_methods(gnutls_session_t session, const char **strings,
 const char *raw_to_string(const unsigned char *raw, size_t raw_size);
 const char *raw_to_hex(const unsigned char *raw, size_t raw_size);
 const char *raw_to_base64(const unsigned char *raw, size_t raw_size);
-int check_command(gnutls_session_t session, const char *str, unsigned no_cli_cert);
+int check_command(gnutls_session_t session, const char *str,
+		  unsigned no_cli_cert);
 
-#define MAX_PIN_LEN GNUTLS_PKCS11_MAX_PIN_LEN
+# define MAX_PIN_LEN GNUTLS_PKCS11_MAX_PIN_LEN
 void getenv_copy(char *str, size_t max_str_size, const char *envvar);
 void getpass_copy(char *pass, size_t max_pass_size, const char *prompt);
 
@@ -88,22 +91,23 @@ pin_callback(void *user, int attempt, const char *token_url,
 	     const char *token_label, unsigned int flags, char *pin,
 	     size_t pin_max);
 
-void pkcs11_common(common_info_st *c);
+void pkcs11_common(common_info_st * c);
 
 inline static int is_ip(const char *hostname)
 {
-int len = strlen(hostname);
+	int len = strlen(hostname);
 
 	if (strchr(hostname, ':') != 0)
 		return 1;
-	else if (len > 2 && c_isdigit(hostname[0]) && c_isdigit(hostname[len-1]))
+	else if (len > 2 && c_isdigit(hostname[0])
+		 && c_isdigit(hostname[len - 1]))
 		return 1;
 	return 0;
 }
 
 void sockets_init(void);
 
-#ifdef _WIN32
+# ifdef _WIN32
 static int system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
 {
 	fd_set rfds;
@@ -141,13 +145,14 @@ void set_read_funcs(gnutls_session_t session)
 {
 	gnutls_transport_set_push_function(session, system_write);
 	gnutls_transport_set_pull_function(session, system_read);
-	gnutls_transport_set_pull_timeout_function(session, system_recv_timeout);
+	gnutls_transport_set_pull_timeout_function(session,
+						   system_recv_timeout);
 }
-#else
-# define set_read_funcs(x)
-#endif
+# else
+#  define set_read_funcs(x)
+# endif
 
-#define SIMPLE_CTIME_BUF_SIZE 64
-char *simple_ctime(const time_t *t, char buf[SIMPLE_CTIME_BUF_SIZE]);
+# define SIMPLE_CTIME_BUF_SIZE 64
+char *simple_ctime(const time_t * t, char buf[SIMPLE_CTIME_BUF_SIZE]);
 
-#endif /* GNUTLS_SRC_COMMON_H */
+#endif				/* GNUTLS_SRC_COMMON_H */
diff --git a/src/danetool.c b/src/danetool.c
index add5d05a1f..43bce51b70 100644
--- a/src/danetool.c
+++ b/src/danetool.c
@@ -29,7 +29,7 @@
 #include <gnutls/crypto.h>
 
 #ifdef HAVE_DANE
-#include <gnutls/dane.h>
+# include <gnutls/dane.h>
 #endif
 
 #include <stdio.h>
@@ -52,8 +52,9 @@
 #include "certtool-common.h"
 #include "socket.h"
 
-static const char *obtain_cert(const char *hostname, const char *proto, const char *service,
-				const char *app_proto, unsigned quiet);
+static const char *obtain_cert(const char *hostname, const char *proto,
+			       const char *service, const char *app_proto,
+			       unsigned quiet);
 static void cmd_parser(int argc, char **argv);
 static void dane_info(const char *host, const char *proto,
 		      const char *service, unsigned int ca,
@@ -93,7 +94,6 @@ int main(int argc, char **argv)
 	return 0;
 }
 
-
 static void cmd_parser(int argc, char **argv)
 {
 	int ret, privkey_op = 0;
@@ -141,7 +141,7 @@ static void cmd_parser(int argc, char **argv)
 
 	if (HAVE_OPT(DEBUG)) {
 		gnutls_global_set_log_level(OPT_VALUE_DEBUG);
-		printf("Setting log level to %d\n", (int) OPT_VALUE_DEBUG);
+		printf("Setting log level to %d\n", (int)OPT_VALUE_DEBUG);
 	}
 
 	if ((ret = gnutls_global_init()) < 0) {
@@ -172,7 +172,9 @@ static void cmd_parser(int argc, char **argv)
 		snprintf(service, sizeof(service), "%s", OPT_ARG(PORT));
 	} else {
 		if (HAVE_OPT(STARTTLS_PROTO))
-			snprintf(service, sizeof(service), "%s", starttls_proto_to_service(OPT_ARG(STARTTLS_PROTO)));
+			snprintf(service, sizeof(service), "%s",
+				 starttls_proto_to_service(OPT_ARG
+							   (STARTTLS_PROTO)));
 	}
 
 	if (HAVE_OPT(PROTO))
@@ -233,16 +235,18 @@ static void dane_check(const char *host, const char *proto,
 		if (HAVE_OPT(STARTTLS_PROTO))
 			app_proto = OPT_ARG(STARTTLS_PROTO);
 
-		cinfo->cert = obtain_cert(host, proto, service, app_proto, HAVE_OPT(QUIET));
+		cinfo->cert =
+		    obtain_cert(host, proto, service, app_proto,
+				HAVE_OPT(QUIET));
 		del = 1;
 	}
 
 	if (!HAVE_OPT(QUIET))
-		fprintf(stderr, "Querying DNS for %s (%s:%d)...\n", host, proto, port);
+		fprintf(stderr, "Querying DNS for %s (%s:%d)...\n", host, proto,
+			port);
 	ret = dane_state_init(&s, flags);
 	if (ret < 0) {
-		fprintf(stderr, "dane_state_init: %s\n",
-			dane_strerror(ret));
+		fprintf(stderr, "dane_state_init: %s\n", dane_strerror(ret));
 		retcode = 1;
 		goto error;
 	}
@@ -259,8 +263,7 @@ static void dane_check(const char *host, const char *proto,
 
 	ret = dane_query_tlsa(s, &q, host, proto, port);
 	if (ret < 0) {
-		fprintf(stderr, "dane_query_tlsa: %s\n",
-			dane_strerror(ret));
+		fprintf(stderr, "dane_query_tlsa: %s\n", dane_strerror(ret));
 		retcode = 1;
 		goto error;
 	}
@@ -273,7 +276,7 @@ static void dane_check(const char *host, const char *proto,
 		int bogus;
 
 		ret = dane_query_to_raw_tlsa(q, &entries, &dane_data,
-			&dane_data_len, &secure, &bogus);
+					     &dane_data_len, &secure, &bogus);
 		if (ret < 0) {
 			fprintf(stderr, "dane_query_to_raw_tlsa: %s\n",
 				dane_strerror(ret));
@@ -281,9 +284,9 @@ static void dane_check(const char *host, const char *proto,
 			goto error;
 		}
 
-		for (i=0;i<entries;i++) {
+		for (i = 0; i < entries; i++) {
 			size_t str_size;
-			t.data = (void*)dane_data[i];
+			t.data = (void *)dane_data[i];
 			t.size = dane_data_len[i];
 
 			str_size = t.size * 2 + 1;
@@ -315,8 +318,7 @@ static void dane_check(const char *host, const char *proto,
 		    gnutls_x509_crt_list_import2(&clist,
 						 &clist_size,
 						 &file,
-						 cinfo->
-						 incert_format, 0);
+						 cinfo->incert_format, 0);
 		if (ret < 0) {
 			fprintf(stderr,
 				"gnutls_x509_crt_list_import2: %s\n",
@@ -326,18 +328,16 @@ static void dane_check(const char *host, const char *proto,
 		}
 
 		if (clist_size > 0) {
-			for (i = 0; i < MIN(MAX_CLIST_SIZE,clist_size); i++) {
+			for (i = 0; i < MIN(MAX_CLIST_SIZE, clist_size); i++) {
 				ret =
 				    gnutls_x509_crt_export2(clist
 							    [i],
 							    GNUTLS_X509_FMT_DER,
-							    &certs
-							    [i]);
+							    &certs[i]);
 				if (ret < 0) {
 					fprintf(stderr,
 						"gnutls_x509_crt_export2: %s\n",
-						gnutls_strerror
-						(ret));
+						gnutls_strerror(ret));
 					retcode = 1;
 					goto error;
 				}
@@ -356,7 +356,7 @@ static void dane_check(const char *host, const char *proto,
 		}
 
 		size = lbuffer_size;
-		ret = gnutls_hex_encode(&data, (void *) lbuffer, &size);
+		ret = gnutls_hex_encode(&data, (void *)lbuffer, &size);
 		if (ret < 0) {
 			fprintf(stderr, "gnutls_hex_encode: %s\n",
 				dane_strerror(ret));
@@ -373,16 +373,22 @@ static void dane_check(const char *host, const char *proto,
 
 		if (!HAVE_OPT(QUIET)) {
 			cstr = dane_cert_usage_name(usage);
-			if (cstr == NULL) cstr= "Unknown";
-			fprintf(outfile, "Certificate usage: %s (%.2x)\n", cstr, usage);
+			if (cstr == NULL)
+				cstr = "Unknown";
+			fprintf(outfile, "Certificate usage: %s (%.2x)\n", cstr,
+				usage);
 
 			cstr = dane_cert_type_name(type);
-			if (cstr == NULL) cstr= "Unknown";
-			fprintf(outfile, "Certificate type:  %s (%.2x)\n", cstr, type);
+			if (cstr == NULL)
+				cstr = "Unknown";
+			fprintf(outfile, "Certificate type:  %s (%.2x)\n", cstr,
+				type);
 
 			cstr = dane_match_type_name(match);
-			if (cstr == NULL) cstr= "Unknown";
-			fprintf(outfile, "Contents:	  %s (%.2x)\n", cstr, match);
+			if (cstr == NULL)
+				cstr = "Unknown";
+			fprintf(outfile, "Contents:	  %s (%.2x)\n", cstr,
+				match);
 			fprintf(outfile, "Data:	      %s\n", lbuffer);
 		}
 
@@ -394,8 +400,7 @@ static void dane_check(const char *host, const char *proto,
 			ret =
 			    dane_verify_crt(s, certs, clist_size,
 					    GNUTLS_CRT_X509, host,
-					    proto, port, 0, vflags,
-					    &status);
+					    proto, port, 0, vflags, &status);
 			if (ret < 0) {
 				fprintf(stderr,
 					"dane_verify_crt: %s\n",
@@ -404,10 +409,7 @@ static void dane_check(const char *host, const char *proto,
 				goto error;
 			}
 
-			ret =
-			    dane_verification_status_print(status,
-							   &out,
-							   0);
+			ret = dane_verification_status_print(status, &out, 0);
 			if (ret < 0) {
 				fprintf(stderr,
 					"dane_verification_status_print: %s\n",
@@ -417,7 +419,8 @@ static void dane_check(const char *host, const char *proto,
 			}
 
 			if (!HAVE_OPT(QUIET))
-				fprintf(outfile, "\nVerification: %s\n", out.data);
+				fprintf(outfile, "\nVerification: %s\n",
+					out.data);
 			gnutls_free(out.data);
 
 			/* if there is at least one correct accept */
@@ -437,8 +440,6 @@ static void dane_check(const char *host, const char *proto,
 		gnutls_free(clist);
 	}
 
-
-
 	dane_query_deinit(q);
 	dane_state_deinit(s);
 
@@ -572,10 +573,9 @@ static void dane_info(const char *host, const char *proto,
 	t.size = gnutls_hash_get_len(default_dig);
 
 	size = lbuffer_size;
-	ret = gnutls_hex_encode(&t, (void *) lbuffer, &size);
+	ret = gnutls_hex_encode(&t, (void *)lbuffer, &size);
 	if (ret < 0) {
-		fprintf(stderr, "hex encode error: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "hex encode error: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -584,7 +584,6 @@ static void dane_info(const char *host, const char *proto,
 
 }
 
-
 struct priv_st {
 	int fd;
 	int found;
@@ -608,8 +607,10 @@ static int cert_callback(gnutls_session_t session)
 
 	priv = gnutls_session_get_ptr(session);
 
-	for (i=0;i<cert_list_size;i++) {
-		ret = gnutls_pem_base64_encode_alloc("CERTIFICATE", &cert_list[i], &t);
+	for (i = 0; i < cert_list_size; i++) {
+		ret =
+		    gnutls_pem_base64_encode_alloc("CERTIFICATE", &cert_list[i],
+						   &t);
 		if (ret < 0) {
 			fprintf(stderr, "error[%d]: %s\n", __LINE__,
 				gnutls_strerror(ret));
@@ -637,7 +638,8 @@ gnutls_session_t init_tls_session(const char *hostname)
 	priv.found = 0;
 	priv.fd = file_fd;
 
-	ret = gnutls_init(&session, (udp?GNUTLS_DATAGRAM:0)|GNUTLS_CLIENT);
+	ret =
+	    gnutls_init(&session, (udp ? GNUTLS_DATAGRAM : 0) | GNUTLS_CLIENT);
 	if (ret < 0) {
 		fprintf(stderr, "error[%d]: %s\n", __LINE__,
 			gnutls_strerror(ret));
@@ -652,8 +654,9 @@ gnutls_session_t init_tls_session(const char *hostname)
 		app_exit(1);
 	}
 
-	if (hostname && is_ip(hostname)==0) {
-		gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
+	if (hostname && is_ip(hostname) == 0) {
+		gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname,
+				       strlen(hostname));
 	}
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
 
@@ -666,15 +669,16 @@ int do_handshake(socket_st * socket)
 
 	do {
 		ret = gnutls_handshake(socket->session);
-	} while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_WARNING_ALERT_RECEIVED);
+	} while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN
+		 || ret == GNUTLS_E_WARNING_ALERT_RECEIVED);
 	/* we don't care on the result */
 
 	return 0;
 }
 
-
-static const char *obtain_cert(const char *hostname, const char *proto, const char *service,
-				const char *app_proto, unsigned quiet)
+static const char *obtain_cert(const char *hostname, const char *proto,
+			       const char *service, const char *app_proto,
+			       unsigned quiet)
 {
 	socket_st hd;
 	const char *txt_service;
@@ -707,22 +711,22 @@ static const char *obtain_cert(const char *hostname, const char *proto, const ch
 	if (quiet)
 		str = NULL;
 
-	if (app_proto == NULL) app_proto = txt_service;
+	if (app_proto == NULL)
+		app_proto = txt_service;
 
 	if (udp)
 		socket_flags |= SOCKET_FLAG_UDP;
-	
 
 	umask(066);
 	file_fd = mkstemp(tmpfile);
 	if (file_fd == -1) {
 		int e = errno;
-		fprintf(stderr, "error[%d]: %s\n", __LINE__,
-			strerror(e));
+		fprintf(stderr, "error[%d]: %s\n", __LINE__, strerror(e));
 		app_exit(1);
 	}
 
-	socket_open(&hd, hostname, txt_service, app_proto, socket_flags|SOCKET_FLAG_STARTTLS, str, NULL);
+	socket_open(&hd, hostname, txt_service, app_proto,
+		    socket_flags | SOCKET_FLAG_STARTTLS, str, NULL);
 
 	close(file_fd);
 
diff --git a/src/inline_cmds.h b/src/inline_cmds.h
index 2705a8cc30..70d02d9499 100755
--- a/src/inline_cmds.h
+++ b/src/inline_cmds.h
@@ -18,7 +18,7 @@
  */
 
 #ifndef GNUTLS_SRC_INLINE_CMDS_H
-#define GNUTLS_SRC_INLINE_CMDS_H
+# define GNUTLS_SRC_INLINE_CMDS_H
 
 /* 
  * The inline commands is a facility that can be used optionally
@@ -48,7 +48,7 @@ typedef enum INLINE_COMMAND { INLINE_COMMAND_NONE,
 	INLINE_COMMAND_REKEY_BOTH
 } inline_command_t;
 
-#define MAX_INLINE_COMMAND_BYTES 20
+# define MAX_INLINE_COMMAND_BYTES 20
 
 typedef struct inline_cmds {
 	char *current_ptr;	/* points to the start of the current buffer being processed */
@@ -61,7 +61,6 @@ typedef struct inline_cmds {
 	char inline_cmd_buffer[MAX_INLINE_COMMAND_BYTES];
 } inline_cmds_st;
 
-
 struct inline_command_definitions {
 	int command;
 	char string[MAX_INLINE_COMMAND_BYTES];
@@ -75,6 +74,6 @@ struct inline_command_definitions inline_commands_def[] = {
 	{INLINE_COMMAND_RENEGOTIATE, "^renegotiate^\n"},
 };
 
-#define NUM_INLINE_COMMANDS ((unsigned)(sizeof(inline_commands_def)/sizeof(inline_commands_def[0])))
+# define NUM_INLINE_COMMANDS ((unsigned)(sizeof(inline_commands_def)/sizeof(inline_commands_def[0])))
 
-#endif /* GNUTLS_SRC_INLINE_CMDS_H */
+#endif				/* GNUTLS_SRC_INLINE_CMDS_H */
diff --git a/src/ocsptool-common.c b/src/ocsptool-common.c
index 4286e1484c..00ea8b6b53 100644
--- a/src/ocsptool-common.c
+++ b/src/ocsptool-common.c
@@ -47,7 +47,8 @@
 static char buffer[MAX_BUF + 1];
 
 /* returns the host part of a URL */
-static const char *host_from_url(const char *url, unsigned int *port, const char **path)
+static const char *host_from_url(const char *url, unsigned int *port,
+				 const char **path)
 {
 	static char hostname[512];
 	char *p;
@@ -60,7 +61,7 @@ static const char *host_from_url(const char *url, unsigned int *port, const char
 		p = strchr(hostname, '/');
 		if (p != NULL) {
 			*p = 0;
-			*path = p+1;
+			*path = p + 1;
 		}
 
 		p = strchr(hostname, ':');
@@ -77,7 +78,7 @@ static const char *host_from_url(const char *url, unsigned int *port, const char
 
 void
 _generate_request(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
-		  gnutls_datum_t * rdata, gnutls_datum_t *nonce)
+		  gnutls_datum_t * rdata, gnutls_datum_t * nonce)
 {
 	gnutls_ocsp_req_t req;
 	int ret;
@@ -90,8 +91,7 @@ _generate_request(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
 
 	ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1, issuer, cert);
 	if (ret < 0) {
-		fprintf(stderr, "ocsp_req_add_cert: %s",
-			gnutls_strerror(ret));
+		fprintf(stderr, "ocsp_req_add_cert: %s", gnutls_strerror(ret));
 		exit(1);
 	}
 
@@ -106,8 +106,7 @@ _generate_request(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
 
 	ret = gnutls_ocsp_req_export(req, rdata);
 	if (ret != 0) {
-		fprintf(stderr, "ocsp_req_export: %s",
-			gnutls_strerror(ret));
+		fprintf(stderr, "ocsp_req_export: %s", gnutls_strerror(ret));
 		exit(1);
 	}
 
@@ -115,8 +114,7 @@ _generate_request(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
 	return;
 }
 
-static size_t get_data(void *buf, size_t size, size_t nmemb,
-		       void *userp)
+static size_t get_data(void *buf, size_t size, size_t nmemb, void *userp)
 {
 	gnutls_datum_t *ud = userp;
 
@@ -137,12 +135,12 @@ static size_t get_data(void *buf, size_t size, size_t nmemb,
 /* Returns 0 on ok, and -1 on error */
 int send_ocsp_request(const char *server,
 		      gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
-		      gnutls_datum_t * resp_data, gnutls_datum_t *nonce)
+		      gnutls_datum_t * resp_data, gnutls_datum_t * nonce)
 {
 	gnutls_datum_t ud;
 	int ret;
 	gnutls_datum_t req;
-	char *url = (void *) server;
+	char *url = (void *)server;
 	char headers[1024];
 	char service[16];
 	unsigned char *p;
@@ -160,19 +158,21 @@ int send_ocsp_request(const char *server,
 
 		i = 0;
 		do {
-			ret = gnutls_x509_crt_get_authority_info_access(cert, i++,
-									GNUTLS_IA_OCSP_URI,
-									&data,
-									NULL);
-		} while(ret == GNUTLS_E_UNKNOWN_ALGORITHM);
+			ret =
+			    gnutls_x509_crt_get_authority_info_access(cert, i++,
+								      GNUTLS_IA_OCSP_URI,
+								      &data,
+								      NULL);
+		} while (ret == GNUTLS_E_UNKNOWN_ALGORITHM);
 
 		if (ret < 0) {
 			i = 0;
 			do {
 				ret =
 				    gnutls_x509_crt_get_authority_info_access
-				    (issuer, i++, GNUTLS_IA_OCSP_URI, &data, NULL);
-			} while(ret == GNUTLS_E_UNKNOWN_ALGORITHM);
+				    (issuer, i++, GNUTLS_IA_OCSP_URI, &data,
+				     NULL);
+			} while (ret == GNUTLS_E_UNKNOWN_ALGORITHM);
 		}
 
 		if (ret < 0) {
@@ -184,7 +184,7 @@ int send_ocsp_request(const char *server,
 
 		url = malloc(data.size + 1);
 		if (url == NULL) {
-		    return -1;
+			return -1;
 		}
 		memcpy(url, data.data, data.size);
 		url[data.size] = 0;
@@ -205,10 +205,11 @@ int send_ocsp_request(const char *server,
 	_generate_request(cert, issuer, &req, nonce);
 
 	snprintf(headers, sizeof(headers), HEADER_PATTERN, path, hostname,
-		 (unsigned int) req.size);
+		 (unsigned int)req.size);
 	headers_size = strlen(headers);
 
-	socket_open(&hd, hostname, service, NULL, SOCKET_FLAG_RAW|SOCKET_FLAG_SKIP_INIT, CONNECT_MSG, NULL);
+	socket_open(&hd, hostname, service, NULL,
+		    SOCKET_FLAG_RAW | SOCKET_FLAG_SKIP_INIT, CONNECT_MSG, NULL);
 
 	socket_send(&hd, headers, headers_size);
 	socket_send(&hd, req.data, req.size);
@@ -314,7 +315,7 @@ void print_ocsp_verify_res(unsigned int output)
 		if (comma)
 			printf(", ");
 		printf("Signer cert expired");
-		/*comma = 1;*/
+		/*comma = 1; */
 	}
 }
 
@@ -342,15 +343,13 @@ check_ocsp_response(gnutls_x509_crt_t cert,
 
 	ret = gnutls_ocsp_resp_init(&resp);
 	if (ret < 0) {
-		fprintf(stderr, "ocsp_resp_init: %s",
-			gnutls_strerror(ret));
+		fprintf(stderr, "ocsp_resp_init: %s", gnutls_strerror(ret));
 		exit(1);
 	}
 
 	ret = gnutls_ocsp_resp_import(resp, data);
 	if (ret < 0) {
-		fprintf(stderr, "importing response: %s",
-			gnutls_strerror(ret));
+		fprintf(stderr, "importing response: %s", gnutls_strerror(ret));
 		exit(1);
 	}
 
@@ -386,18 +385,17 @@ check_ocsp_response(gnutls_x509_crt_t cert,
 		goto cleanup;
 	}
 
-
 	ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL,
 					  &cert_status, &vtime, &ntime,
 					  &rtime, NULL);
 	if (ret < 0) {
-		fprintf(stderr, "reading response: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "reading response: %s\n", gnutls_strerror(ret));
 		exit(1);
 	}
 
 	if (cert_status == GNUTLS_OCSP_CERT_REVOKED) {
-		printf("*** Certificate was revoked at %s\n", simple_ctime(&rtime, timebuf1));
+		printf("*** Certificate was revoked at %s\n",
+		       simple_ctime(&rtime, timebuf1));
 		ret = 0;
 		goto cleanup;
 	}
@@ -413,8 +411,10 @@ check_ocsp_response(gnutls_x509_crt_t cert,
 	} else {
 		/* there is a newer OCSP answer, don't trust this one */
 		if (ntime < now) {
-			printf("*** The OCSP response was issued at: %s but there is a newer issue at %s\n",
-				simple_ctime(&vtime, timebuf1), simple_ctime(&ntime, timebuf2));
+			printf
+			    ("*** The OCSP response was issued at: %s but there is a newer issue at %s\n",
+			     simple_ctime(&vtime, timebuf1),
+			     simple_ctime(&ntime, timebuf2));
 			ret = -1;
 			goto cleanup;
 		}
@@ -426,7 +426,8 @@ check_ocsp_response(gnutls_x509_crt_t cert,
 		ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce);
 		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
 			if (verbose)
-				fprintf(stderr, "*** The OCSP reply did not include the requested nonce.\n");
+				fprintf(stderr,
+					"*** The OCSP reply did not include the requested nonce.\n");
 			goto finish_ok;
 		}
 
@@ -436,9 +437,10 @@ check_ocsp_response(gnutls_x509_crt_t cert,
 			exit(1);
 		}
 
-		if (rnonce.size != nonce->size || memcmp(nonce->data, rnonce.data,
-			nonce->size) != 0) {
-			fprintf(stderr, "nonce in the response doesn't match\n");
+		if (rnonce.size != nonce->size
+		    || memcmp(nonce->data, rnonce.data, nonce->size) != 0) {
+			fprintf(stderr,
+				"nonce in the response doesn't match\n");
 			exit(1);
 		}
 
diff --git a/src/ocsptool-common.h b/src/ocsptool-common.h
index 76f16b0b92..8110217408 100644
--- a/src/ocsptool-common.h
+++ b/src/ocsptool-common.h
@@ -19,9 +19,9 @@
  */
 
 #ifndef GNUTLS_SRC_OCSPTOOL_COMMON_H
-#define GNUTLS_SRC_OCSPTOOL_COMMON_H
+# define GNUTLS_SRC_OCSPTOOL_COMMON_H
 
-#include <gnutls/ocsp.h>
+# include <gnutls/ocsp.h>
 
 enum {
 	ACTION_NONE,
@@ -34,15 +34,14 @@ enum {
 extern void ocsptool_version(void);
 void
 _generate_request(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
-		  gnutls_datum_t * rdata, gnutls_datum_t* nonce);
+		  gnutls_datum_t * rdata, gnutls_datum_t * nonce);
 int send_ocsp_request(const char *server,
 		      gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
-		      gnutls_datum_t * resp_data, gnutls_datum_t* nonce);
+		      gnutls_datum_t * resp_data, gnutls_datum_t * nonce);
 void print_ocsp_verify_res(unsigned int output);
 
 int
 check_ocsp_response(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
-		    gnutls_datum_t * data, gnutls_datum_t *nonce,
-		    int verbose);
+		    gnutls_datum_t * data, gnutls_datum_t * nonce, int verbose);
 
-#endif /* GNUTLS_SRC_OCSPTOOL_COMMON_H */
+#endif				/* GNUTLS_SRC_OCSPTOOL_COMMON_H */
diff --git a/src/ocsptool.c b/src/ocsptool.c
index 8e558dfb83..86df3331a7 100644
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -31,7 +31,7 @@
 #include <gnutls/x509.h>
 #include <gnutls/crypto.h>
 
-#include <unistd.h> /* getpass */
+#include <unistd.h>		/* getpass */
 
 /* Gnulib portability files. */
 #include <read-file.h>
@@ -44,7 +44,7 @@
 
 FILE *outfile;
 static unsigned int incert_format, outcert_format;
-static const char *outfile_name = NULL; /* to delete on exit */
+static const char *outfile_name = NULL;	/* to delete on exit */
 FILE *infile;
 static unsigned int encoding;
 unsigned int verbose = 0;
@@ -99,16 +99,15 @@ static void request_info(void)
 
 	if (HAVE_OPT(LOAD_REQUEST))
 		dat.data =
-		    (void *) read_file(OPT_ARG(LOAD_REQUEST), RF_BINARY, &size);
+		    (void *)read_file(OPT_ARG(LOAD_REQUEST), RF_BINARY, &size);
 	else
-		dat.data = (void *) fread_file(infile, 0, &size);
+		dat.data = (void *)fread_file(infile, 0, &size);
 	if (dat.data == NULL) {
 		fprintf(stderr, "error reading request\n");
 		app_exit(1);
 	}
 	dat.size = size;
 
-
 	ret = gnutls_ocsp_req_import(req, &dat);
 	free(dat.data);
 	if (ret < 0) {
@@ -119,8 +118,7 @@ static void request_info(void)
 
 	ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &dat);
 	if (ret != 0) {
-		fprintf(stderr, "ocsp_req_print: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "ocsp_req_print: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -133,7 +131,8 @@ static void request_info(void)
 		}
 
 		if (outcert_format == GNUTLS_X509_FMT_PEM) {
-			fprintf(stderr, "Cannot export requests into PEM form\n");
+			fprintf(stderr,
+				"Cannot export requests into PEM form\n");
 			app_exit(1);
 		} else {
 			fwrite(rbuf.data, 1, rbuf.size, outfile);
@@ -162,8 +161,7 @@ static void _response_info(const gnutls_datum_t * data, unsigned force_print)
 
 	ret = gnutls_ocsp_resp_init(&resp);
 	if (ret < 0) {
-		fprintf(stderr, "ocsp_resp_init: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "ocsp_resp_init: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -181,15 +179,13 @@ static void _response_info(const gnutls_datum_t * data, unsigned force_print)
 
 	if (ENABLED_OPT(VERBOSE))
 		ret =
-		    gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL,
-					   &buf);
+		    gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &buf);
 	else
 		ret =
 		    gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT,
 					   &buf);
 	if (ret != 0) {
-		fprintf(stderr, "ocsp_resp_print: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "ocsp_resp_print: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -212,7 +208,8 @@ static void _response_info(const gnutls_datum_t * data, unsigned force_print)
 	}
 
 	if (force_print || !HAVE_OPT(OUTFILE)) {
-		ret = gnutls_ocsp_resp_export2(resp, &rbuf, GNUTLS_X509_FMT_PEM);
+		ret =
+		    gnutls_ocsp_resp_export2(resp, &rbuf, GNUTLS_X509_FMT_PEM);
 		if (ret < 0) {
 			fprintf(stderr, "error exporting response: %s\n",
 				gnutls_strerror(ret));
@@ -235,9 +232,9 @@ static void response_info(void)
 
 	if (HAVE_OPT(LOAD_RESPONSE))
 		dat.data =
-		    (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
+		    (void *)read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
 	else
-		dat.data = (void *) fread_file(infile, 0, &size);
+		dat.data = (void *)fread_file(infile, 0, &size);
 	if (dat.data == NULL) {
 		fprintf(stderr, "error reading response\n");
 		app_exit(1);
@@ -249,7 +246,7 @@ static void response_info(void)
 	gnutls_free(dat.data);
 }
 
-static void generate_request(gnutls_datum_t *nonce)
+static void generate_request(gnutls_datum_t * nonce)
 {
 	gnutls_datum_t dat;
 	gnutls_x509_crt_t cert, issuer;
@@ -284,9 +281,8 @@ static void generate_request(gnutls_datum_t *nonce)
 	gnutls_free(dat.data);
 }
 
-
 static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
-	gnutls_x509_crt_t signer, unsigned print_resp)
+			    gnutls_x509_crt_t signer, unsigned print_resp)
 {
 	gnutls_ocsp_resp_t resp;
 	int ret;
@@ -299,8 +295,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
 
 	ret = gnutls_ocsp_resp_init(&resp);
 	if (ret < 0) {
-		fprintf(stderr, "ocsp_resp_init: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "ocsp_resp_init: %s\n", gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -335,9 +330,10 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
 			app_exit(1);
 		}
 
-		if (rnonce.size != nonce->size || memcmp(nonce->data, rnonce.data,
-			nonce->size) != 0) {
-			fprintf(stderr, "nonce in the response doesn't match\n");
+		if (rnonce.size != nonce->size
+		    || memcmp(nonce->data, rnonce.data, nonce->size) != 0) {
+			fprintf(stderr,
+				"nonce in the response doesn't match\n");
 			app_exit(1);
 		}
 
@@ -346,7 +342,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
 
 	if (HAVE_OPT(LOAD_TRUST)) {
 		dat.data =
-		    (void *) read_file(OPT_ARG(LOAD_TRUST), RF_BINARY, &size);
+		    (void *)read_file(OPT_ARG(LOAD_TRUST), RF_BINARY, &size);
 		if (dat.data == NULL) {
 			fprintf(stderr, "error reading --load-trust: %s\n",
 				OPT_ARG(LOAD_TRUST));
@@ -363,8 +359,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
 
 		ret =
 		    gnutls_x509_crt_list_import2(&x509_ca_list, &x509_ncas,
-						 &dat, GNUTLS_X509_FMT_PEM,
-						 0);
+						 &dat, GNUTLS_X509_FMT_PEM, 0);
 		if (ret < 0 || x509_ncas < 1) {
 			fprintf(stderr, "error parsing CAs: %s\n",
 				gnutls_strerror(ret));
@@ -388,8 +383,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
 					app_exit(1);
 				}
 
-				printf("%d: %.*s\n", i, out.size,
-				       out.data);
+				printf("%d: %.*s\n", i, out.size, out.data);
 				gnutls_free(out.data);
 			}
 			printf("\n");
@@ -405,8 +399,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce,
 		}
 
 		if (HAVE_OPT(VERBOSE))
-			fprintf(stdout, "Loaded %d trust anchors\n",
-				x509_ncas);
+			fprintf(stdout, "Loaded %d trust anchors\n", x509_ncas);
 
 		ret = gnutls_ocsp_resp_verify(resp, list, &verify, vflags);
 		if (ret < 0) {
@@ -480,7 +473,7 @@ unsigned load_chain(gnutls_x509_crt_t chain[MAX_CHAIN_SIZE])
 			app_exit(1);
 		}
 
-		for (i=0;i<list_size;i++)
+		for (i = 0; i < list_size; i++)
 			chain[i] = list[i];
 		gnutls_free(list);
 		return list_size;
@@ -510,7 +503,7 @@ unsigned load_chain(gnutls_x509_crt_t chain[MAX_CHAIN_SIZE])
 	}
 }
 
-static void verify_response(gnutls_datum_t *nonce)
+static void verify_response(gnutls_datum_t * nonce)
 {
 	gnutls_datum_t dat;
 	size_t size;
@@ -522,9 +515,9 @@ static void verify_response(gnutls_datum_t *nonce)
 
 	if (HAVE_OPT(LOAD_RESPONSE))
 		dat.data =
-		    (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
+		    (void *)read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size);
 	else
-		dat.data = (void *) fread_file(infile, 0, &size);
+		dat.data = (void *)fread_file(infile, 0, &size);
 	if (dat.data == NULL) {
 		fprintf(stderr, "error reading response\n");
 		app_exit(1);
@@ -545,7 +538,7 @@ static void verify_response(gnutls_datum_t *nonce)
 
 		v = _verify_response(&dat, nonce, signer, 1);
 
-		for (i=0;i<chain_size;i++)
+		for (i = 0; i < chain_size; i++)
 			gnutls_x509_crt_deinit(chain[i]);
 	} else if (HAVE_OPT(LOAD_TRUST)) {
 		v = _verify_response(&dat, nonce, NULL, 1);
@@ -553,7 +546,8 @@ static void verify_response(gnutls_datum_t *nonce)
 		memset(&info, 0, sizeof(info));
 		info.verbose = verbose;
 		if (!HAVE_OPT(LOAD_SIGNER)) {
-			fprintf(stderr, "Missing option --load-signer or --load-chain\n");
+			fprintf(stderr,
+				"Missing option --load-signer or --load-chain\n");
 			app_exit(1);
 		}
 		info.cert = OPT_ARG(LOAD_SIGNER);
@@ -586,17 +580,19 @@ static void ask_server(const char *url)
 
 	if (chain_size > 2 && HAVE_OPT(OUTFILE)) {
 		if (outcert_format != GNUTLS_X509_FMT_PEM) {
-			fprintf(stderr, "error: You cannot combine --outfile when more than 2 certificates are found in a chain\n");
+			fprintf(stderr,
+				"error: You cannot combine --outfile when more than 2 certificates are found in a chain\n");
 			fprintf(stderr, "Did you mean to use --outpem?\n");
 			app_exit(1);
 		}
 	}
 
 	counter = chain_size;
-	while(counter > 1) {
+	while (counter > 1) {
 		if (ENABLED_OPT(NONCE)) {
 			ret =
-			    gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size);
+			    gnutls_rnd(GNUTLS_RND_NONCE, nonce.data,
+				       nonce.size);
 			if (ret < 0) {
 				fprintf(stderr, "gnutls_rnd: %s\n",
 					gnutls_strerror(ret));
@@ -608,7 +604,8 @@ static void ask_server(const char *url)
 		}
 
 		ret =
-		    send_ocsp_request(url, chain[idx], chain[idx+1], &resp_data, n);
+		    send_ocsp_request(url, chain[idx], chain[idx + 1],
+				      &resp_data, n);
 		if (ret < 0) {
 			fprintf(stderr, "Cannot send OCSP request\n");
 			app_exit(1);
@@ -623,13 +620,14 @@ static void ask_server(const char *url)
 			info.verbose = verbose;
 			info.cert = OPT_ARG(LOAD_SIGNER);
 
-			v = _verify_response(&resp_data, n, load_cert(1, &info), 0);
+			v = _verify_response(&resp_data, n, load_cert(1, &info),
+					     0);
 		} else {
 			if (!HAVE_OPT(LOAD_CHAIN))
 				fprintf(stderr,
 					"\nAssuming response's signer = issuer (use --load-signer to override).\n");
 
-			v = _verify_response(&resp_data, n, chain[idx+1], 0);
+			v = _verify_response(&resp_data, n, chain[idx + 1], 0);
 		}
 
 		total_v += v;
@@ -640,7 +638,7 @@ static void ask_server(const char *url)
 		printf("\n");
 	}
 
-	for (idx = 0;idx<chain_size;idx++) {
+	for (idx = 0; idx < chain_size; idx++) {
 		gnutls_x509_crt_deinit(chain[idx]);
 	}
 
@@ -709,7 +707,8 @@ int main(int argc, char **argv)
 		verify_response(NULL);
 	else if (HAVE_OPT(ASK)) {
 		if ((!HAVE_OPT(LOAD_CERT)) && (!HAVE_OPT(LOAD_CHAIN))) {
-			fprintf(stderr, "This option required --load-chain or --load-cert\n");
+			fprintf(stderr,
+				"This option required --load-chain or --load-cert\n");
 			app_exit(1);
 		}
 		ask_server(OPT_ARG(ASK));
diff --git a/src/p11tool.c b/src/p11tool.c
index e60f74a9f1..d91926b79e 100644
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -69,7 +69,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "|<%d>| %s", level, str);
 }
 
-
 int main(int argc, char **argv)
 {
 	cmd_parser(argc, argv);
@@ -78,10 +77,10 @@ int main(int argc, char **argv)
 }
 
 static
-unsigned opt_to_flags(common_info_st *cinfo, unsigned *key_usage)
+unsigned opt_to_flags(common_info_st * cinfo, unsigned *key_usage)
 {
 	unsigned flags = 0;
-	
+
 	*key_usage = 0;
 
 	if (HAVE_OPT(MARK_PRIVATE)) {
@@ -90,7 +89,7 @@ unsigned opt_to_flags(common_info_st *cinfo, unsigned *key_usage)
 		} else {
 			flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
 		}
-	} else { /* if not given mark as private the private objects, and public the public ones */
+	} else {		/* if not given mark as private the private objects, and public the public ones */
 		if (cinfo->privkey)
 			flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
 		else if (cinfo->pubkey || cinfo->cert)
@@ -103,12 +102,10 @@ unsigned opt_to_flags(common_info_st *cinfo, unsigned *key_usage)
 	}
 
 	if (HAVE_OPT(MARK_DISTRUSTED)) {
-		flags |=
-		    GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED;
+		flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED;
 	} else {
 		if (ENABLED_OPT(MARK_TRUSTED))
-			flags |=
-			    GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
+			flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
 	}
 
 	if (ENABLED_OPT(MARK_SIGN))
@@ -118,8 +115,7 @@ unsigned opt_to_flags(common_info_st *cinfo, unsigned *key_usage)
 		*key_usage |= GNUTLS_KEY_DECIPHER_ONLY;
 
 	if (ENABLED_OPT(MARK_CA))
-		flags |=
-		    GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;
+		flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;
 
 	if (ENABLED_OPT(MARK_WRAP))
 		flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_KEY_WRAP;
@@ -321,12 +317,14 @@ static void cmd_parser(int argc, char **argv)
 	} else if (HAVE_OPT(EXPORT)) {
 		pkcs11_export(outfile, url, flags, &cinfo);
 	} else if (HAVE_OPT(EXPORT_STAPLED)) {
-		pkcs11_export(outfile, url, flags|GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT, &cinfo);
+		pkcs11_export(outfile, url,
+			      flags |
+			      GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT,
+			      &cinfo);
 	} else if (HAVE_OPT(EXPORT_CHAIN)) {
 		pkcs11_export_chain(outfile, url, flags, &cinfo);
 	} else if (HAVE_OPT(WRITE)) {
-		pkcs11_write(outfile, url, label, id,
-			     flags, &cinfo);
+		pkcs11_write(outfile, url, label, id, flags, &cinfo);
 	} else if (HAVE_OPT(TEST_SIGN)) {
 		pkcs11_test_sign(outfile, url, flags, &cinfo);
 	} else if (HAVE_OPT(INITIALIZE)) {
@@ -343,32 +341,30 @@ static void cmd_parser(int argc, char **argv)
 			app_exit(1);
 		pkcs11_generate(outfile, url, key_type,
 				get_bits(key_type, bits, sec_param, 0),
-				label, id, detailed_url,
-				flags, &cinfo);
+				label, id, detailed_url, flags, &cinfo);
 	} else if (HAVE_OPT(GENERATE_ECC)) {
 		key_type = GNUTLS_PK_EC;
 		pkcs11_generate(outfile, url, key_type,
 				get_bits(key_type, bits, sec_param, 0),
-				label, id, detailed_url,
-				flags, &cinfo);
+				label, id, detailed_url, flags, &cinfo);
 	} else if (HAVE_OPT(GENERATE_RSA)) {
 		key_type = GNUTLS_PK_RSA;
 		pkcs11_generate(outfile, url, key_type,
 				get_bits(key_type, bits, sec_param, 0),
-				label, id, detailed_url,
-				flags, &cinfo);
+				label, id, detailed_url, flags, &cinfo);
 	} else if (HAVE_OPT(GENERATE_DSA)) {
 		key_type = GNUTLS_PK_DSA;
 		pkcs11_generate(outfile, url, key_type,
 				get_bits(key_type, bits, sec_param, 0),
-				label, id, detailed_url,
-				flags, &cinfo);
+				label, id, detailed_url, flags, &cinfo);
 	} else if (HAVE_OPT(EXPORT_PUBKEY)) {
 		pkcs11_export_pubkey(outfile, url, detailed_url, flags, &cinfo);
 	} else if (HAVE_OPT(SET_ID)) {
-		pkcs11_set_id(outfile, url, detailed_url, flags, &cinfo, OPT_ARG(SET_ID));
+		pkcs11_set_id(outfile, url, detailed_url, flags, &cinfo,
+			      OPT_ARG(SET_ID));
 	} else if (HAVE_OPT(SET_LABEL)) {
-		pkcs11_set_label(outfile, url, detailed_url, flags, &cinfo, OPT_ARG(SET_LABEL));
+		pkcs11_set_label(outfile, url, detailed_url, flags, &cinfo,
+				 OPT_ARG(SET_LABEL));
 	} else {
 		USAGE(1);
 	}
diff --git a/src/p11tool.h b/src/p11tool.h
index 073bc79ca7..27f52fe7ea 100644
--- a/src/p11tool.h
+++ b/src/p11tool.h
@@ -21,13 +21,12 @@
  */
 
 #ifndef GNUTLS_SRC_P11TOOL_H
-#define GNUTLS_SRC_P11TOOL_H
+# define GNUTLS_SRC_P11TOOL_H
 
-#include "certtool-common.h"
+# include "certtool-common.h"
 
 void pkcs11_list(FILE * outfile, const char *url, int type,
-		 unsigned int flags, unsigned int detailed,
-		 common_info_st *);
+		 unsigned int flags, unsigned int detailed, common_info_st *);
 void pkcs11_mechanism_list(FILE * outfile, const char *url,
 			   unsigned int flags, common_info_st *);
 void pkcs11_get_random(FILE * outfile, const char *url,
@@ -36,12 +35,12 @@ void pkcs11_export(FILE * outfile, const char *pkcs11_url,
 		   unsigned int flags, common_info_st *);
 void
 pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags,
-	      common_info_st * info);
+		    common_info_st * info);
 
 void pkcs11_token_list(FILE * outfile, unsigned int detailed,
 		       common_info_st *, unsigned brief);
 void pkcs11_test_sign(FILE * outfile, const char *pkcs11_url,
-		  unsigned int flags, common_info_st *);
+		      unsigned int flags, common_info_st *);
 void pkcs11_write(FILE * outfile, const char *pkcs11_url,
 		  const char *label, const char *id,
 		  unsigned int flags, common_info_st *);
@@ -49,27 +48,27 @@ void pkcs11_delete(FILE * outfile, const char *pkcs11_url,
 		   unsigned int flags, common_info_st *);
 void pkcs11_init(FILE * outfile, const char *pkcs11_url, const char *label,
 		 common_info_st *);
-void pkcs11_set_token_pin(FILE * outfile, const char *pkcs11_url, common_info_st *, unsigned so);
+void pkcs11_set_token_pin(FILE * outfile, const char *pkcs11_url,
+			  common_info_st *, unsigned so);
 void pkcs11_generate(FILE * outfile, const char *url,
 		     gnutls_pk_algorithm_t type, unsigned int bits,
 		     const char *label, const char *id, int detailed,
 		     unsigned int flags, common_info_st * info);
 void pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed,
-		     unsigned int flags, common_info_st * info);
+			  unsigned int flags, common_info_st * info);
 
 void pkcs11_set_id(FILE * outfile, const char *url, int detailed,
-		   unsigned int flags, common_info_st * info,
-		   const char *id);
+		   unsigned int flags, common_info_st * info, const char *id);
 
 void pkcs11_set_label(FILE * outfile, const char *url, int detailed,
-		   unsigned int flags, common_info_st * info,
-		   const char *label);
+		      unsigned int flags, common_info_st * info,
+		      const char *label);
 
-#define PKCS11_TYPE_CRT_ALL 1
-#define PKCS11_TYPE_TRUSTED 2
-#define PKCS11_TYPE_PK 3
-#define PKCS11_TYPE_ALL 4
-#define PKCS11_TYPE_PRIVKEY 5
-#define PKCS11_TYPE_INFO 6
+# define PKCS11_TYPE_CRT_ALL 1
+# define PKCS11_TYPE_TRUSTED 2
+# define PKCS11_TYPE_PK 3
+# define PKCS11_TYPE_ALL 4
+# define PKCS11_TYPE_PRIVKEY 5
+# define PKCS11_TYPE_INFO 6
 
-#endif /* GNUTLS_SRC_P11TOOL_H */
+#endif				/* GNUTLS_SRC_P11TOOL_H */
diff --git a/src/pkcs11.c b/src/pkcs11.c
index 0ab956f011..2016d56ec9 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -73,7 +73,6 @@ static char *_saved_url = NULL;
 		} \
 	}
 
-
 void
 pkcs11_delete(FILE * outfile, const char *url,
 	      unsigned int login_flags, common_info_st * info)
@@ -81,7 +80,8 @@ pkcs11_delete(FILE * outfile, const char *url,
 	int ret;
 	unsigned int obj_flags = 0;
 
-	if (login_flags) obj_flags = login_flags;
+	if (login_flags)
+		obj_flags = login_flags;
 
 	pkcs11_common(info);
 
@@ -110,7 +110,8 @@ pkcs11_delete(FILE * outfile, const char *url,
 }
 
 static
-const char *get_key_algo_type(gnutls_pkcs11_obj_type_t otype, const char *objurl, unsigned flags, time_t *exp)
+const char *get_key_algo_type(gnutls_pkcs11_obj_type_t otype,
+			      const char *objurl, unsigned flags, time_t * exp)
 {
 	int ret;
 	gnutls_pubkey_t pubkey = NULL;
@@ -126,96 +127,115 @@ const char *get_key_algo_type(gnutls_pkcs11_obj_type_t otype, const char *objurl
 		*exp = -1;
 
 	switch (otype) {
-		case GNUTLS_PKCS11_OBJ_X509_CRT:
-			ret = gnutls_x509_crt_init(&crt);
-			if (ret < 0)
-				goto fail;
-
-			ret = gnutls_x509_crt_import_url(crt, objurl, flags);
-			if (ret < 0)
-				goto fail;
-			ret = gnutls_x509_crt_get_pk_algorithm(crt, &bits);
-			if (ret < 0)
-				goto fail;
-			pk = ret;
-
-			p = gnutls_pk_get_name(pk);
-			if (p) {
-				if ((pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA) && bits > 0) {
-					snprintf(str, sizeof(str), "%s-%d", p, bits);
-					p = str;
-				} else if (pk == GNUTLS_PK_ECDSA && gnutls_x509_crt_get_pk_ecc_raw(crt, &curve, NULL, NULL) >= 0) {
-					snprintf(str, sizeof(str), "%s-%s", p, gnutls_ecc_curve_get_name(curve));
-					p = str;
-				}
+	case GNUTLS_PKCS11_OBJ_X509_CRT:
+		ret = gnutls_x509_crt_init(&crt);
+		if (ret < 0)
+			goto fail;
+
+		ret = gnutls_x509_crt_import_url(crt, objurl, flags);
+		if (ret < 0)
+			goto fail;
+		ret = gnutls_x509_crt_get_pk_algorithm(crt, &bits);
+		if (ret < 0)
+			goto fail;
+		pk = ret;
+
+		p = gnutls_pk_get_name(pk);
+		if (p) {
+			if ((pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
+			    && bits > 0) {
+				snprintf(str, sizeof(str), "%s-%d", p, bits);
+				p = str;
+			} else if (pk == GNUTLS_PK_ECDSA
+				   && gnutls_x509_crt_get_pk_ecc_raw(crt,
+								     &curve,
+								     NULL,
+								     NULL) >=
+				   0) {
+				snprintf(str, sizeof(str), "%s-%s", p,
+					 gnutls_ecc_curve_get_name(curve));
+				p = str;
 			}
+		}
 
-			if (exp)
-				*exp = gnutls_x509_crt_get_expiration_time(crt);
+		if (exp)
+			*exp = gnutls_x509_crt_get_expiration_time(crt);
 
-			gnutls_x509_crt_deinit(crt);
-			return p;
-		case GNUTLS_PKCS11_OBJ_PUBKEY:
-			ret = gnutls_pubkey_init(&pubkey);
-			if (ret < 0)
-				goto fail;
-
-			ret = gnutls_pubkey_import_url(pubkey, objurl, flags);
-			if (ret < 0)
-				goto fail;
-			ret = gnutls_pubkey_get_pk_algorithm(pubkey, &bits);
-			if (ret < 0)
-				goto fail;
-			pk = ret;
-
-			p = gnutls_pk_get_name(pk);
-			if (p) {
-				if ((pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA) && bits > 0) {
-					snprintf(str, sizeof(str), "%s-%d", p, bits);
-					p = str;
-				} else if (pk == GNUTLS_PK_ECDSA && gnutls_pubkey_export_ecc_raw(pubkey, &curve, NULL, NULL) >= 0) {
-					snprintf(str, sizeof(str), "%s-%s", p, gnutls_ecc_curve_get_name(curve));
-					p = str;
-				}
+		gnutls_x509_crt_deinit(crt);
+		return p;
+	case GNUTLS_PKCS11_OBJ_PUBKEY:
+		ret = gnutls_pubkey_init(&pubkey);
+		if (ret < 0)
+			goto fail;
+
+		ret = gnutls_pubkey_import_url(pubkey, objurl, flags);
+		if (ret < 0)
+			goto fail;
+		ret = gnutls_pubkey_get_pk_algorithm(pubkey, &bits);
+		if (ret < 0)
+			goto fail;
+		pk = ret;
+
+		p = gnutls_pk_get_name(pk);
+		if (p) {
+			if ((pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
+			    && bits > 0) {
+				snprintf(str, sizeof(str), "%s-%d", p, bits);
+				p = str;
+			} else if (pk == GNUTLS_PK_ECDSA
+				   && gnutls_pubkey_export_ecc_raw(pubkey,
+								   &curve, NULL,
+								   NULL) >= 0) {
+				snprintf(str, sizeof(str), "%s-%s", p,
+					 gnutls_ecc_curve_get_name(curve));
+				p = str;
 			}
+		}
 
-			gnutls_pubkey_deinit(pubkey);
-			return p;
-		case GNUTLS_PKCS11_OBJ_PRIVKEY:
-			ret = gnutls_privkey_init(&privkey);
-			if (ret < 0)
-				goto fail;
-
-			ret = gnutls_privkey_import_url(privkey, objurl, flags);
-			if (ret < 0)
-				goto fail;
-			ret = gnutls_privkey_get_pk_algorithm(privkey, &bits);
-			if (ret < 0)
-				goto fail;
-			pk = ret;
-
-			p = gnutls_pk_get_name(pk);
-			if (p) {
-				if ((pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA) && bits > 0) {
-					snprintf(str, sizeof(str), "%s-%d", p, bits);
-					p = str;
-				} else if (pk == GNUTLS_PK_ECDSA && gnutls_privkey_export_ecc_raw(privkey, &curve, NULL, NULL, NULL) >= 0) {
-					snprintf(str, sizeof(str), "%s-%s", p, gnutls_ecc_curve_get_name(curve));
-					p = str;
-				}
+		gnutls_pubkey_deinit(pubkey);
+		return p;
+	case GNUTLS_PKCS11_OBJ_PRIVKEY:
+		ret = gnutls_privkey_init(&privkey);
+		if (ret < 0)
+			goto fail;
+
+		ret = gnutls_privkey_import_url(privkey, objurl, flags);
+		if (ret < 0)
+			goto fail;
+		ret = gnutls_privkey_get_pk_algorithm(privkey, &bits);
+		if (ret < 0)
+			goto fail;
+		pk = ret;
+
+		p = gnutls_pk_get_name(pk);
+		if (p) {
+			if ((pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
+			    && bits > 0) {
+				snprintf(str, sizeof(str), "%s-%d", p, bits);
+				p = str;
+			} else if (pk == GNUTLS_PK_ECDSA
+				   && gnutls_privkey_export_ecc_raw(privkey,
+								    &curve,
+								    NULL, NULL,
+								    NULL) >=
+				   0) {
+				snprintf(str, sizeof(str), "%s-%s", p,
+					 gnutls_ecc_curve_get_name(curve));
+				p = str;
 			}
+		}
 
-			gnutls_privkey_deinit(privkey);
-			return p;
-		default:
+		gnutls_privkey_deinit(privkey);
+		return p;
+	default:
  fail:
-			if (crt)
-				gnutls_x509_crt_deinit(crt);
-			if (pubkey)
-				gnutls_pubkey_deinit(pubkey);
-			if (privkey)
-				gnutls_privkey_deinit(privkey);
-			return NULL;
+		if (crt)
+			gnutls_x509_crt_deinit(crt);
+		if (pubkey)
+			gnutls_pubkey_deinit(pubkey);
+		if (privkey)
+			gnutls_privkey_deinit(privkey);
+		return NULL;
 	}
 }
 
@@ -253,10 +273,11 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags,
 		attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY;
 	} else if (type == PKCS11_TYPE_CRT_ALL) {
 		attrs = GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL;
-		if (print_exts != 0) print_exts++;
+		if (print_exts != 0)
+			print_exts++;
 	} else if (type == PKCS11_TYPE_PRIVKEY) {
 		attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY;
-	} else { /* also PKCS11_TYPE_INFO */
+	} else {		/* also PKCS11_TYPE_INFO */
 		attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL;
 	}
 
@@ -305,7 +326,8 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags,
 		/* copy vendor query (e.g. pin-value) from the original URL */
 		vendor = strrchr(url, '?');
 		if (vendor) {
-			objurl = gnutls_malloc(strlen(output) + strlen(vendor) + 1);
+			objurl =
+			    gnutls_malloc(strlen(output) + strlen(vendor) + 1);
 			strcpy(objurl, output);
 			strcat(objurl, vendor);
 		} else {
@@ -329,7 +351,8 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags,
 		}
 
 		if (otype == GNUTLS_PKCS11_OBJ_X509_CRT && exp != -1) {
-			fprintf(outfile, "\tExpires: %s\n", simple_ctime(&exp, timebuf));
+			fprintf(outfile, "\tExpires: %s\n",
+				simple_ctime(&exp, timebuf));
 		}
 
 		gnutls_free(output);
@@ -369,8 +392,9 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags,
 			if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
 				fprintf(outfile, "\tID: (too long)\n");
 			} else {
-				fprintf(stderr, "Error in %s:%d: %s\n", __func__,
-					__LINE__, gnutls_strerror(ret));
+				fprintf(stderr, "Error in %s:%d: %s\n",
+					__func__, __LINE__,
+					gnutls_strerror(ret));
 				app_exit(1);
 			}
 		} else {
@@ -378,24 +402,36 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags,
 		}
 
 		if (otype == GNUTLS_PKCS11_OBJ_X509_CRT && print_exts > 0) {
-			ret = gnutls_pkcs11_obj_get_exts(crt_list[i], &exts, &exts_size, 0);
+			ret =
+			    gnutls_pkcs11_obj_get_exts(crt_list[i], &exts,
+						       &exts_size, 0);
 			if (ret >= 0 && exts_size > 0) {
 				gnutls_datum_t txt;
 
 				if (print_exts > 1) {
-					fprintf(outfile, "\tAttached extensions:\n");
-					ret = gnutls_x509_ext_print(exts, exts_size, 0, &txt);
+					fprintf(outfile,
+						"\tAttached extensions:\n");
+					ret =
+					    gnutls_x509_ext_print(exts,
+								  exts_size, 0,
+								  &txt);
 					if (ret >= 0) {
-						fprintf(outfile, "%s", (char*)txt.data);
+						fprintf(outfile, "%s",
+							(char *)txt.data);
 						gnutls_free(txt.data);
 					}
 				} else {
-					fprintf(outfile, "\tAttached extensions:");
-					for (j=0;j<exts_size;j++) {
-						fprintf(outfile, "%s%s", exts[j].oid, (j!=exts_size-1)?",":" ");
+					fprintf(outfile,
+						"\tAttached extensions:");
+					for (j = 0; j < exts_size; j++) {
+						fprintf(outfile, "%s%s",
+							exts[j].oid,
+							(j !=
+							 exts_size -
+							 1) ? "," : " ");
 					}
 				}
-				for (j=0;j<exts_size;j++) {
+				for (j = 0; j < exts_size; j++) {
 					gnutls_x509_ext_deinit(&exts[j]);
 				}
 				gnutls_free(exts);
@@ -416,12 +452,12 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags,
 
 void
 pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags,
-	    common_info_st * info)
+		 common_info_st * info)
 {
 	gnutls_privkey_t privkey;
 	gnutls_pubkey_t pubkey;
 	int ret;
-	gnutls_datum_t data, sig = {NULL, 0};
+	gnutls_datum_t data, sig = { NULL, 0 };
 	int pk;
 	gnutls_digest_algorithm_t hash;
 	gnutls_sign_algorithm_t sig_algo;
@@ -430,8 +466,8 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags,
 
 	FIX(url, outfile, 0, info);
 
-	data.data = (void*)TEST_DATA;
-	data.size = sizeof(TEST_DATA)-1;
+	data.data = (void *)TEST_DATA;
+	data.size = sizeof(TEST_DATA) - 1;
 
 	ret = gnutls_privkey_init(&privkey);
 	if (ret < 0) {
@@ -454,7 +490,9 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags,
 		app_exit(1);
 	}
 
-	ret = gnutls_pubkey_import_privkey(pubkey, privkey, GNUTLS_KEY_DIGITAL_SIGNATURE, flags);
+	ret =
+	    gnutls_pubkey_import_privkey(pubkey, privkey,
+					 GNUTLS_KEY_DIGITAL_SIGNATURE, flags);
 	if (ret < 0) {
 		fprintf(stderr, "Cannot import public key: %s\n",
 			gnutls_strerror(ret));
@@ -473,7 +511,8 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags,
 
 	sig_algo = gnutls_pk_to_sign(pk, hash);
 	if (sig_algo == GNUTLS_SIGN_UNKNOWN) {
-		fprintf(stderr, "No supported signature algorithm for %s and %s\n",
+		fprintf(stderr,
+			"No supported signature algorithm for %s and %s\n",
 			gnutls_pk_get_name(pk), gnutls_digest_get_name(hash));
 		app_exit(1);
 	}
@@ -482,8 +521,7 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags,
 
 	ret = gnutls_privkey_sign_data2(privkey, sig_algo, 0, &data, &sig);
 	if (ret < 0) {
-		fprintf(stderr, "Cannot sign data: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "Cannot sign data: %s\n", gnutls_strerror(ret));
 		/* in case of unsupported signature algorithm allow
 		 * calling apps to distinguish error codes (used
 		 * by testpkcs11.sh */
@@ -495,8 +533,7 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags,
 	fprintf(stderr, "ok\n");
 
 	fprintf(stderr, "Verifying against private key parameters... ");
-	ret = gnutls_pubkey_verify_data2(pubkey, sig_algo,
-					 0, &data, &sig);
+	ret = gnutls_pubkey_verify_data2(pubkey, sig_algo, 0, &data, &sig);
 	if (ret < 0) {
 		fprintf(stderr, "Cannot verify signed data: %s\n",
 			gnutls_strerror(ret));
@@ -516,7 +553,8 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags,
 
 	ret = gnutls_pubkey_import_url(pubkey, url, flags);
 	if (ret < 0) {
-		fprintf(stderr, "Cannot find a corresponding public key object in token: %s\n",
+		fprintf(stderr,
+			"Cannot find a corresponding public key object in token: %s\n",
 			gnutls_strerror(ret));
 		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
 			app_exit(0);
@@ -524,8 +562,7 @@ pkcs11_test_sign(FILE * outfile, const char *url, unsigned int flags,
 	}
 
 	fprintf(stderr, "Verifying against public key in the token... ");
-	ret = gnutls_pubkey_verify_data2(pubkey, sig_algo,
-					 0, &data, &sig);
+	ret = gnutls_pubkey_verify_data2(pubkey, sig_algo, 0, &data, &sig);
 	if (ret < 0) {
 		fprintf(stderr, "Cannot verify signed data: %s\n",
 			gnutls_strerror(ret));
@@ -570,7 +607,7 @@ pkcs11_export(FILE * outfile, const char *url, unsigned int flags,
 	ret = gnutls_pkcs11_obj_export3(obj, info->outcert_format, &t);
 	if (ret < 0) {
 		fprintf(stderr, "Error in %s:%d: %s\n", __func__,
-				__LINE__, gnutls_strerror(ret));
+			__LINE__, gnutls_strerror(ret));
 		app_exit(1);
 	}
 
@@ -588,7 +625,7 @@ pkcs11_export(FILE * outfile, const char *url, unsigned int flags,
 
 void
 pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags,
-	      common_info_st * info)
+		    common_info_st * info)
 {
 	gnutls_pkcs11_obj_t obj;
 	gnutls_x509_crt_t xcrt;
@@ -625,14 +662,14 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags,
 	ret = gnutls_x509_crt_import_pkcs11(xcrt, obj);
 	if (ret < 0) {
 		fprintf(stderr, "Error in %s:%d: %s\n", __func__,
-				__LINE__, gnutls_strerror(ret));
+			__LINE__, gnutls_strerror(ret));
 		app_exit(1);
 	}
 
 	ret = gnutls_pkcs11_obj_export3(obj, GNUTLS_X509_FMT_PEM, &t);
 	if (ret < 0) {
 		fprintf(stderr, "Error in %s:%d: %s\n", __func__,
-				__LINE__, gnutls_strerror(ret));
+			__LINE__, gnutls_strerror(ret));
 		app_exit(1);
 	}
 	fwrite(t.data, 1, t.size, outfile);
@@ -642,12 +679,14 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags,
 	gnutls_pkcs11_obj_deinit(obj);
 
 	do {
-		ret = gnutls_pkcs11_get_raw_issuer(url, xcrt, &t, GNUTLS_X509_FMT_PEM, 0);
+		ret =
+		    gnutls_pkcs11_get_raw_issuer(url, xcrt, &t,
+						 GNUTLS_X509_FMT_PEM, 0);
 		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
 			break;
 		if (ret < 0) {
 			fprintf(stderr, "Error in %s:%d: %s\n", __func__,
-					__LINE__, gnutls_strerror(ret));
+				__LINE__, gnutls_strerror(ret));
 			app_exit(1);
 		}
 
@@ -659,14 +698,14 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags,
 		ret = gnutls_x509_crt_init(&xcrt);
 		if (ret < 0) {
 			fprintf(stderr, "Error in %s:%d: %s\n", __func__,
-					__LINE__, gnutls_strerror(ret));
+				__LINE__, gnutls_strerror(ret));
 			app_exit(1);
 		}
 
 		ret = gnutls_x509_crt_import(xcrt, &t, GNUTLS_X509_FMT_PEM);
 		if (ret < 0) {
 			fprintf(stderr, "Error in %s:%d: %s\n", __func__,
-					__LINE__, gnutls_strerror(ret));
+				__LINE__, gnutls_strerror(ret));
 			app_exit(1);
 		}
 
@@ -678,7 +717,7 @@ pkcs11_export_chain(FILE * outfile, const char *url, unsigned int flags,
 			break;
 		}
 
-	} while(1);
+	} while (1);
 
 	UNFIX;
 	return;
@@ -709,7 +748,7 @@ char *get_single_token_url(common_info_st * info)
 }
 
 static
-void print_type(FILE *outfile, unsigned flags)
+void print_type(FILE * outfile, unsigned flags)
 {
 	unsigned print = 0;
 
@@ -927,13 +966,14 @@ pkcs11_token_list(FILE * outfile, unsigned int detailed,
 	return;
 }
 
-static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt, gnutls_datum_t *cid, unsigned flags)
+static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt,
+				     gnutls_datum_t * cid, unsigned flags)
 {
 	gnutls_pkcs11_obj_t *obj_list;
 	unsigned int obj_list_size = 0, i;
 	int ret;
-	gnutls_datum_t praw = {NULL, 0};
-	gnutls_datum_t praw2 = {NULL, 0};
+	gnutls_datum_t praw = { NULL, 0 };
+	gnutls_datum_t praw2 = { NULL, 0 };
 	gnutls_pubkey_t pubkey;
 	uint8_t buf[128];
 	size_t size;
@@ -948,7 +988,8 @@ static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt, gnu
 
 	ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
 	if (ret < 0) {
-		fprintf(stderr, "error: cannot import public key from certificate\n");
+		fprintf(stderr,
+			"error: cannot import public key from certificate\n");
 		gnutls_pubkey_deinit(pubkey);
 		return;
 	}
@@ -962,7 +1003,9 @@ static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt, gnu
 
 	ret =
 	    gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size,
-					       url, GNUTLS_PKCS11_OBJ_FLAG_PUBKEY|flags);
+					       url,
+					       GNUTLS_PKCS11_OBJ_FLAG_PUBKEY |
+					       flags);
 	if (ret < 0) {
 		fprintf(stderr, "Error in obj_list_import (1): %s\n",
 			gnutls_strerror(ret));
@@ -979,9 +1022,7 @@ static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt, gnu
 		if (otype != GNUTLS_PKCS11_OBJ_PUBKEY)
 			goto cont;
 
-		ret =
-		    gnutls_pkcs11_obj_export_url(obj_list[i], 0,
-						 &purl);
+		ret = gnutls_pkcs11_obj_export_url(obj_list[i], 0, &purl);
 		if (ret < 0) {
 			fprintf(stderr, "Error in %s:%d: %s\n", __func__,
 				__LINE__, gnutls_strerror(ret));
@@ -990,21 +1031,24 @@ static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt, gnu
 
 		ret = gnutls_pkcs11_obj_export2(obj_list[i], &praw2);
 		if (ret < 0) {
-			fprintf(stderr, "error: cannot export object: %s\n", purl);
+			fprintf(stderr, "error: cannot export object: %s\n",
+				purl);
 			goto cont;
 		}
 
-		if (praw2.size == praw.size && memcmp(praw2.data, praw.data, praw.size) == 0) {
+		if (praw2.size == praw.size
+		    && memcmp(praw2.data, praw.data, praw.size) == 0) {
 			/* found - now extract the CKA_ID */
 
 			size = sizeof(buf);
 			ret =
 			    gnutls_pkcs11_obj_get_info(obj_list[i],
-					       GNUTLS_PKCS11_OBJ_ID,
-					       buf, &size);
+						       GNUTLS_PKCS11_OBJ_ID,
+						       buf, &size);
 			if (ret < 0) {
-				fprintf(stderr, "Error in %s:%d: %s\n", __func__,
-					__LINE__, gnutls_strerror(ret));
+				fprintf(stderr, "Error in %s:%d: %s\n",
+					__func__, __LINE__,
+					gnutls_strerror(ret));
 				app_exit(1);
 			}
 
@@ -1030,13 +1074,14 @@ static void find_same_pubkey_with_id(const char *url, gnutls_x509_crt_t crt, gnu
 	return;
 }
 
-static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gnutls_datum_t *cid, unsigned flags)
+static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt,
+				      gnutls_datum_t * cid, unsigned flags)
 {
 	gnutls_pkcs11_obj_t *obj_list;
 	unsigned int obj_list_size = 0, i;
 	int ret;
-	gnutls_datum_t praw = {NULL, 0};
-	gnutls_datum_t praw2 = {NULL, 0};
+	gnutls_datum_t praw = { NULL, 0 };
+	gnutls_datum_t praw2 = { NULL, 0 };
 	gnutls_pubkey_t pubkey;
 	gnutls_privkey_t privkey;
 	uint8_t buf[128];
@@ -1052,7 +1097,8 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn
 
 	ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
 	if (ret < 0) {
-		fprintf(stderr, "error: cannot import public key from certificate\n");
+		fprintf(stderr,
+			"error: cannot import public key from certificate\n");
 		gnutls_pubkey_deinit(pubkey);
 		return;
 	}
@@ -1066,7 +1112,9 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn
 
 	ret =
 	    gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size,
-					       url, GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY|flags);
+					       url,
+					       GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY |
+					       flags);
 	if (ret < 0) {
 		fprintf(stderr, "Error in obj_list_import (1): %s\n",
 			gnutls_strerror(ret));
@@ -1085,9 +1133,7 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn
 		if (otype != GNUTLS_PKCS11_OBJ_PRIVKEY)
 			goto cont;
 
-		ret =
-		    gnutls_pkcs11_obj_export_url(obj_list[i], 0,
-						 &purl);
+		ret = gnutls_pkcs11_obj_export_url(obj_list[i], 0, &purl);
 		if (ret < 0) {
 			fprintf(stderr, "Error in %s:%d: %s\n", __func__,
 				__LINE__, gnutls_strerror(ret));
@@ -1102,11 +1148,13 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn
 
 		ret = gnutls_privkey_import_url(privkey, purl, 0);
 		if (ret < 0) {
-			fprintf(stderr, "error: cannot import key: %s: %s\n", purl, gnutls_strerror(ret));
+			fprintf(stderr, "error: cannot import key: %s: %s\n",
+				purl, gnutls_strerror(ret));
 			goto cont;
 		}
 
-		if (gnutls_privkey_get_pk_algorithm(privkey, NULL) != GNUTLS_PK_RSA) {
+		if (gnutls_privkey_get_pk_algorithm(privkey, NULL) !=
+		    GNUTLS_PK_RSA) {
 			/* it is not possible to obtain parameters from non-RSA private keys in PKCS#11 */
 			goto cont;
 		}
@@ -1119,28 +1167,34 @@ static void find_same_privkey_with_id(const char *url, gnutls_x509_crt_t crt, gn
 
 		ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0);
 		if (ret < 0) {
-			fprintf(stderr, "error: cannot import key parameters for '%s': %s\n", purl, gnutls_strerror(ret));
+			fprintf(stderr,
+				"error: cannot import key parameters for '%s': %s\n",
+				purl, gnutls_strerror(ret));
 			goto cont;
 		}
 
-		ret = gnutls_pubkey_export2(pubkey, GNUTLS_X509_FMT_DER, &praw2);
+		ret =
+		    gnutls_pubkey_export2(pubkey, GNUTLS_X509_FMT_DER, &praw2);
 		if (ret < 0) {
-			fprintf(stderr, "error: cannot export pubkey '%s': %s\n", purl, gnutls_strerror(ret));
+			fprintf(stderr,
+				"error: cannot export pubkey '%s': %s\n", purl,
+				gnutls_strerror(ret));
 			goto cont;
 		}
 
-
-		if (praw2.size == praw.size && memcmp(praw2.data, praw.data, praw.size) == 0) {
+		if (praw2.size == praw.size
+		    && memcmp(praw2.data, praw.data, praw.size) == 0) {
 			/* found - now extract the CKA_ID */
 
 			size = sizeof(buf);
 			ret =
 			    gnutls_pkcs11_obj_get_info(obj_list[i],
-					       GNUTLS_PKCS11_OBJ_ID,
-					       buf, &size);
+						       GNUTLS_PKCS11_OBJ_ID,
+						       buf, &size);
 			if (ret < 0) {
-				fprintf(stderr, "Error in %s:%d: %s\n", __func__,
-					__LINE__, gnutls_strerror(ret));
+				fprintf(stderr, "Error in %s:%d: %s\n",
+					__func__, __LINE__,
+					gnutls_strerror(ret));
 				app_exit(1);
 			}
 
@@ -1181,7 +1235,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label,
 	unsigned key_usage = 0;
 	unsigned char raw_id[128];
 	size_t raw_id_size;
-	gnutls_datum_t cid = {NULL, 0};
+	gnutls_datum_t cid = { NULL, 0 };
 
 	pkcs11_common(info);
 
@@ -1189,14 +1243,17 @@ pkcs11_write(FILE * outfile, const char *url, const char *label,
 
 	CHECK_LOGIN_FLAG(url, flags);
 	if (label == NULL && info->batch == 0) {
-		label = read_str("warning: The object's label was not specified.\nLabel: ");
+		label =
+		    read_str
+		    ("warning: The object's label was not specified.\nLabel: ");
 	}
 
 	if (id != NULL) {
 		raw_id_size = sizeof(raw_id);
 		ret = gnutls_hex2bin(id, strlen(id), raw_id, &raw_id_size);
 		if (ret < 0) {
-			fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Error converting hex: %s\n",
+				gnutls_strerror(ret));
 			app_exit(1);
 		}
 		cid.data = raw_id;
@@ -1219,7 +1276,9 @@ pkcs11_write(FILE * outfile, const char *url, const char *label,
 
 	xcrt = load_cert(0, info);
 	if (xcrt != NULL) {
-		if (cid.data == NULL && !(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA) && !(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED)) {
+		if (cid.data == NULL
+		    && !(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA)
+		    && !(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED)) {
 			gnutls_datum_t hex;
 			/* attempting to discover public keys matching this one,
 			 * and if yes, re-use their ID. We don't do it for CAs (trusted/distrusted
@@ -1229,38 +1288,53 @@ pkcs11_write(FILE * outfile, const char *url, const char *label,
 			find_same_pubkey_with_id(url, xcrt, &cid, 0);
 
 			if (cid.data == NULL && KEEP_LOGIN_FLAGS(flags))
-				find_same_pubkey_with_id(url, xcrt, &cid, KEEP_LOGIN_FLAGS(flags));
+				find_same_pubkey_with_id(url, xcrt, &cid,
+							 KEEP_LOGIN_FLAGS
+							 (flags));
 
 			if (cid.data) {
 				ret = gnutls_hex_encode2(&cid, &hex);
 				if (ret < 0) {
-					fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret));
+					fprintf(stderr,
+						"Error converting hex: %s\n",
+						gnutls_strerror(ret));
 					app_exit(1);
 				}
-				fprintf(stderr, "note: will re-use ID %s from corresponding public key\n", hex.data);
+				fprintf(stderr,
+					"note: will re-use ID %s from corresponding public key\n",
+					hex.data);
 				gnutls_free(hex.data);
 
-			} else { /* no luck, try to get a corresponding private key */
-				find_same_privkey_with_id(url, xcrt, &cid, KEEP_LOGIN_FLAGS(flags));
+			} else {	/* no luck, try to get a corresponding private key */
+				find_same_privkey_with_id(url, xcrt, &cid,
+							  KEEP_LOGIN_FLAGS
+							  (flags));
 				if (cid.data) {
 					ret = gnutls_hex_encode2(&cid, &hex);
 					if (ret < 0) {
-						fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret));
+						fprintf(stderr,
+							"Error converting hex: %s\n",
+							gnutls_strerror(ret));
 						app_exit(1);
 					}
-					fprintf(stderr, "note: will re-use ID %s from corresponding private key\n", hex.data);
+					fprintf(stderr,
+						"note: will re-use ID %s from corresponding private key\n",
+						hex.data);
 					gnutls_free(hex.data);
 				}
 			}
 		}
 
-		ret = gnutls_pkcs11_copy_x509_crt2(url, xcrt, label, &cid, flags);
+		ret =
+		    gnutls_pkcs11_copy_x509_crt2(url, xcrt, label, &cid, flags);
 		if (ret < 0) {
-			fprintf(stderr, "Error writing certificate: %s\n", gnutls_strerror(ret));
-			if (((flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA) ||
-			     (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)) &&
-			    (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO) == 0)
-				fprintf(stderr, "note: some tokens may require security officer login for this operation\n");
+			fprintf(stderr, "Error writing certificate: %s\n",
+				gnutls_strerror(ret));
+			if (((flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_CA)
+			     || (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED))
+			    && (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO) == 0)
+				fprintf(stderr,
+					"note: some tokens may require security officer login for this operation\n");
 			app_exit(1);
 		}
 
@@ -1272,7 +1346,9 @@ pkcs11_write(FILE * outfile, const char *url, const char *label,
 	if (xkey != NULL) {
 		ret =
 		    gnutls_pkcs11_copy_x509_privkey2(url, xkey, label,
-						     &cid, key_usage|info->key_usage,
+						     &cid,
+						     key_usage |
+						     info->key_usage,
 						     flags |
 						     GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
 		if (ret < 0) {
@@ -1287,8 +1363,7 @@ pkcs11_write(FILE * outfile, const char *url, const char *label,
 	if (xpubkey != NULL) {
 		ret =
 		    gnutls_pkcs11_copy_pubkey(url, xpubkey, label,
-						     &cid,
-						     0, flags);
+					      &cid, 0, flags);
 		if (ret < 0) {
 			fprintf(stderr, "Error in %s:%d: %s\n", __func__,
 				__LINE__, gnutls_strerror(ret));
@@ -1297,7 +1372,8 @@ pkcs11_write(FILE * outfile, const char *url, const char *label,
 		gnutls_pubkey_deinit(xpubkey);
 	}
 
-	if (xkey == NULL && xcrt == NULL && secret_key == NULL && xpubkey == NULL) {
+	if (xkey == NULL && xcrt == NULL && secret_key == NULL
+	    && xpubkey == NULL) {
 		fprintf(stderr,
 			"You must use --load-privkey, --load-certificate, --load-pubkey or --secret-key to load the file to be copied\n");
 		app_exit(1);
@@ -1315,7 +1391,7 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
 {
 	int ret;
 	gnutls_datum_t pubkey;
-	gnutls_datum_t cid = {NULL, 0};
+	gnutls_datum_t cid = { NULL, 0 };
 	unsigned char raw_id[128];
 	size_t raw_id_size;
 
@@ -1329,7 +1405,8 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
 		raw_id_size = sizeof(raw_id);
 		ret = gnutls_hex2bin(id, strlen(id), raw_id, &raw_id_size);
 		if (ret < 0) {
-			fprintf(stderr, "Error converting hex: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Error converting hex: %s\n",
+				gnutls_strerror(ret));
 			app_exit(1);
 		}
 		cid.data = raw_id;
@@ -1337,7 +1414,8 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
 	}
 
 	if (outfile == stderr || outfile == stdout) {
-		fprintf(stderr, "warning: no --outfile was specified and the generated public key will be printed on screen.\n");
+		fprintf(stderr,
+			"warning: no --outfile was specified and the generated public key will be printed on screen.\n");
 	}
 
 	if (label == NULL && info->batch == 0) {
@@ -1350,7 +1428,8 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
 	    gnutls_pkcs11_privkey_generate3(url, pk, bits, label, &cid,
 					    GNUTLS_X509_FMT_PEM, &pubkey,
 					    info->key_usage,
-					    flags|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
+					    flags |
+					    GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE);
 	if (ret < 0) {
 		fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
 			gnutls_strerror(ret));
@@ -1368,7 +1447,8 @@ pkcs11_generate(FILE * outfile, const char *url, gnutls_pk_algorithm_t pk,
 }
 
 void
-pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed, unsigned int flags, common_info_st * info)
+pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed,
+		     unsigned int flags, common_info_st * info)
 {
 	int ret;
 	gnutls_datum_t pubkey;
@@ -1381,7 +1461,8 @@ pkcs11_export_pubkey(FILE * outfile, const char *url, int detailed, unsigned int
 	CHECK_LOGIN_FLAG(url, flags);
 
 	if (outfile == stderr || outfile == stdout) {
-		fprintf(stderr, "warning: no --outfile was specified and the public key will be printed on screen.\n");
+		fprintf(stderr,
+			"warning: no --outfile was specified and the public key will be printed on screen.\n");
 		sleep(3);
 	}
 
@@ -1432,7 +1513,8 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
 	}
 
 	if (label == NULL) {
-		fprintf(stderr, "error: no label provided for token initialization!\n");
+		fprintf(stderr,
+			"error: no label provided for token initialization!\n");
 		app_exit(1);
 	}
 
@@ -1441,7 +1523,8 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
 	} else {
 		getenv_copy(so_pin, sizeof(so_pin), "GNUTLS_SO_PIN");
 		if (so_pin[0] == 0 && info->batch == 0)
-			getpass_copy(so_pin, sizeof(so_pin), "Enter Security Officer's PIN: ");
+			getpass_copy(so_pin, sizeof(so_pin),
+				     "Enter Security Officer's PIN: ");
 		if (so_pin[0] == 0)
 			app_exit(1);
 	}
@@ -1458,13 +1541,15 @@ pkcs11_init(FILE * outfile, const char *url, const char *label,
 	}
 	fprintf(stderr, "done\n");
 
-	fprintf(stderr, "\nToken was successfully initialized; use --initialize-pin and --initialize-so-pin to set or reset PINs\n");
+	fprintf(stderr,
+		"\nToken was successfully initialized; use --initialize-pin and --initialize-so-pin to set or reset PINs\n");
 
 	return;
 }
 
 void
-pkcs11_set_token_pin(FILE * outfile, const char *url, common_info_st * info, unsigned so)
+pkcs11_set_token_pin(FILE * outfile, const char *url, common_info_st * info,
+		     unsigned so)
 {
 	int ret;
 	char newpin[MAX_PIN_LEN] = "";
@@ -1484,7 +1569,8 @@ pkcs11_set_token_pin(FILE * outfile, const char *url, common_info_st * info, uns
 	if (so) {
 		getenv_copy(newpin, sizeof(newpin), "GNUTLS_NEW_SO_PIN");
 		if (newpin[0] == 0 && info->batch == 0) {
-			getpass_copy(newpin, sizeof(newpin), "Enter Administrators's new PIN: ");
+			getpass_copy(newpin, sizeof(newpin),
+				     "Enter Administrators's new PIN: ");
 		}
 	} else {
 		if (info->pin != NULL) {
@@ -1492,7 +1578,8 @@ pkcs11_set_token_pin(FILE * outfile, const char *url, common_info_st * info, uns
 		} else {
 			getenv_copy(newpin, sizeof(newpin), "GNUTLS_PIN");
 			if (newpin[0] == 0 && info->batch == 0)
-				getpass_copy(newpin, sizeof(newpin), "Enter User's new PIN: ");
+				getpass_copy(newpin, sizeof(newpin),
+					     "Enter User's new PIN: ");
 		}
 	}
 
@@ -1501,7 +1588,10 @@ pkcs11_set_token_pin(FILE * outfile, const char *url, common_info_st * info, uns
 		app_exit(1);
 	}
 
-	ret = gnutls_pkcs11_token_set_pin(url, NULL, newpin, (so!=0)?GNUTLS_PIN_SO:GNUTLS_PIN_USER);
+	ret =
+	    gnutls_pkcs11_token_set_pin(url, NULL, newpin,
+					(so !=
+					 0) ? GNUTLS_PIN_SO : GNUTLS_PIN_USER);
 	if (ret < 0) {
 		fprintf(stderr, "Error in %s:%d: %s\n", __func__, __LINE__,
 			gnutls_strerror(ret));
@@ -1529,9 +1619,7 @@ pkcs11_mechanism_list(FILE * outfile, const char *url, unsigned int flags,
 
 	idx = 0;
 	do {
-		ret =
-		    gnutls_pkcs11_token_get_mechanism(url, idx++,
-						      &mechanism);
+		ret = gnutls_pkcs11_token_get_mechanism(url, idx++, &mechanism);
 		if (ret >= 0) {
 			str = NULL;
 			if (mechanism <
@@ -1542,9 +1630,13 @@ pkcs11_mechanism_list(FILE * outfile, const char *url, unsigned int flags,
 
 			fprintf(outfile, "[0x%.4lx] %s", mechanism, str);
 
-			if (gnutls_pkcs11_token_check_mechanism(url, mechanism, &minfo, sizeof(minfo), 0) != 0) {
+			if (gnutls_pkcs11_token_check_mechanism
+			    (url, mechanism, &minfo, sizeof(minfo), 0) != 0) {
 				if (minfo.ulMaxKeySize != 0)
-					fprintf(outfile, " keysize range (%ld, %ld)", minfo.ulMinKeySize, minfo.ulMaxKeySize);
+					fprintf(outfile,
+						" keysize range (%ld, %ld)",
+						minfo.ulMinKeySize,
+						minfo.ulMaxKeySize);
 				if (minfo.flags & CKF_HW)
 					printf(" hw");
 				if (minfo.flags & CKF_ENCRYPT)
@@ -1601,7 +1693,6 @@ pkcs11_mechanism_list(FILE * outfile, const char *url, unsigned int flags,
 	}
 	while (ret >= 0);
 
-
 	return;
 }
 
@@ -1637,8 +1728,8 @@ pkcs11_get_random(FILE * outfile, const char *url, unsigned bytes,
 
 static
 void pkcs11_set_val(FILE * outfile, const char *url, int detailed,
-		   unsigned int flags, common_info_st * info,
-		   gnutls_pkcs11_obj_info_t val_type, const char *val)
+		    unsigned int flags, common_info_st * info,
+		    gnutls_pkcs11_obj_info_t val_type, const char *val)
 {
 	int ret;
 	gnutls_pkcs11_obj_t obj;
@@ -1676,15 +1767,16 @@ void pkcs11_set_val(FILE * outfile, const char *url, int detailed,
 }
 
 void pkcs11_set_id(FILE * outfile, const char *url, int detailed,
-		   unsigned int flags, common_info_st * info,
-		   const char *id)
+		   unsigned int flags, common_info_st * info, const char *id)
 {
-	pkcs11_set_val(outfile, url, detailed, flags, info, GNUTLS_PKCS11_OBJ_ID_HEX, id);
+	pkcs11_set_val(outfile, url, detailed, flags, info,
+		       GNUTLS_PKCS11_OBJ_ID_HEX, id);
 }
 
 void pkcs11_set_label(FILE * outfile, const char *url, int detailed,
-		   unsigned int flags, common_info_st * info,
-		   const char *label)
+		      unsigned int flags, common_info_st * info,
+		      const char *label)
 {
-	pkcs11_set_val(outfile, url, detailed, flags, info, GNUTLS_PKCS11_OBJ_LABEL, label);
+	pkcs11_set_val(outfile, url, detailed, flags, info,
+		       GNUTLS_PKCS11_OBJ_LABEL, label);
 }
diff --git a/src/psk.c b/src/psk.c
index 17cc076b8a..dd96036869 100644
--- a/src/psk.c
+++ b/src/psk.c
@@ -24,7 +24,7 @@
 
 #ifndef ENABLE_PSK
 
-#include <stdio.h>
+# include <stdio.h>
 
 int main(int argc, char **argv)
 {
@@ -34,43 +34,43 @@ int main(int argc, char **argv)
 
 #else
 
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <gnutls/gnutls.h>
-#include "psktool-options.h"
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <errno.h>
+# include <gnutls/gnutls.h>
+# include "psktool-options.h"
 
-#include <gnutls/crypto.h>	/* for random */
+# include <gnutls/crypto.h>	/* for random */
 
-#include <stdbool.h>
-#include <sys/types.h>
-#include <sys/stat.h>
+# include <stdbool.h>
+# include <sys/types.h>
+# include <sys/stat.h>
 
-#ifndef _WIN32
-#include <pwd.h>
-#include <unistd.h>
-#else
-#include <windows.h>
-#endif
+# ifndef _WIN32
+#  include <pwd.h>
+#  include <unistd.h>
+# else
+#  include <windows.h>
+# endif
 
 /* Gnulib portability files. */
-#include <minmax.h>
-#include "close-stream.h"
-#include "getpass.h"
-#include "xsize.h"
+# include <minmax.h>
+# include "close-stream.h"
+# include "getpass.h"
+# include "xsize.h"
 
 static int write_key(const char *username,
 		     const unsigned char *key, size_t key_size,
 		     const char *passwd_file);
 
-#define MAX_KEY_SIZE 512
+# define MAX_KEY_SIZE 512
 int main(int argc, char **argv)
 {
 	int ret;
-#ifndef _WIN32
+# ifndef _WIN32
 	struct passwd *pwd;
-#endif
+# endif
 	unsigned char key[MAX_KEY_SIZE];
 	size_t key_size;
 	const char *passwd, *username;
@@ -91,7 +91,7 @@ int main(int argc, char **argv)
 		passwd = OPT_ARG(PSKFILE);
 
 	if (!HAVE_OPT(USERNAME)) {
-#ifndef _WIN32
+# ifndef _WIN32
 		pwd = getpwuid(getuid());
 
 		if (pwd == NULL) {
@@ -100,10 +100,10 @@ int main(int argc, char **argv)
 		}
 
 		username = pwd->pw_name;
-#else
+# else
 		fprintf(stderr, "Please specify a user\n");
 		return -1;
-#endif
+# endif
 	} else
 		username = OPT_ARG(USERNAME);
 
@@ -119,7 +119,7 @@ int main(int argc, char **argv)
 
 	printf("Generating a random key for user '%s'\n", username);
 
-	ret = gnutls_rnd(GNUTLS_RND_RANDOM, (char *) key, key_size);
+	ret = gnutls_rnd(GNUTLS_RND_RANDOM, (char *)key, key_size);
 	if (ret < 0) {
 		fprintf(stderr, "Not enough randomness\n");
 		exit(1);
@@ -201,8 +201,7 @@ write_key(const char *username, const unsigned char *key, size_t key_size,
 
 	fp = fopen(passwd_file, "w");
 	if (fp == NULL) {
-		fprintf(stderr, "Cannot open '%s' for write\n",
-			passwd_file);
+		fprintf(stderr, "Cannot open '%s' for write\n", passwd_file);
 		(void)remove(tmpname);
 		return -1;
 	}
@@ -276,9 +275,8 @@ write_key(const char *username, const unsigned char *key, size_t key_size,
 		if (pp == NULL)
 			continue;
 
-		if (strncmp(p, (const char *) _username.data,
-			    MAX(_username.size,
-				(unsigned int) (pp - p))) == 0) {
+		if (strncmp(p, (const char *)_username.data,
+			    MAX(_username.size, (unsigned int)(pp - p))) == 0) {
 			put = true;
 			fprintf(fp, "%s:%s\n", _username.data, _key.data);
 		} else {
diff --git a/src/serv.c b/src/serv.c
index d798356bbd..640ed2ab57 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -134,16 +134,14 @@ const int ssl_session_cache = 2048;
 
 static void wrap_db_init(void);
 static void wrap_db_deinit(void);
-static int wrap_db_store(void *dbf, gnutls_datum_t key,
-			 gnutls_datum_t data);
+static int wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data);
 static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key);
 static int wrap_db_delete(void *dbf, gnutls_datum_t key);
-static int anti_replay_db_add(void *dbf, time_t exp, const gnutls_datum_t *key,
-			      const gnutls_datum_t *data);
+static int anti_replay_db_add(void *dbf, time_t exp, const gnutls_datum_t * key,
+			      const gnutls_datum_t * data);
 
 static void cmd_parser(int argc, char **argv);
 
-
 #define HTTP_STATE_REQUEST	1
 #define HTTP_STATE_RESPONSE	2
 #define HTTP_STATE_CLOSING	3
@@ -174,7 +172,7 @@ static const char *safe_strerror(int value)
 
 static void listener_free(const void *elt)
 {
-	listener_item *j = (listener_item *)elt;
+	listener_item *j = (listener_item *) elt;
 
 	free(j->http_request);
 	free(j->http_response);
@@ -187,7 +185,6 @@ static void listener_free(const void *elt)
 	}
 }
 
-
 /* we use primes up to 1024 in this server.
  * otherwise we should add them here.
  */
@@ -197,9 +194,8 @@ gnutls_rsa_params_t rsa_params = NULL;
 
 static int generate_dh_primes(void)
 {
-	int prime_bits =
-	    gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
-					GNUTLS_SEC_PARAM_MEDIUM);
+	int prime_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH,
+						     GNUTLS_SEC_PARAM_MEDIUM);
 
 	if (gnutls_dh_params_init(&dh_params) < 0) {
 		fprintf(stderr, "Error in dh parameter initialization\n");
@@ -248,7 +244,7 @@ static void read_dh_params(void)
 	tmpdata[size] = 0;
 	fclose(fp);
 
-	params.data = (unsigned char *) tmpdata;
+	params.data = (unsigned char *)tmpdata;
 	params.size = size;
 
 	size =
@@ -288,19 +284,24 @@ static gl_list_t listener_list;
 
 static int cert_verify_callback(gnutls_session_t session)
 {
-listener_item * j = gnutls_session_get_ptr(session);
-unsigned int size;
-int ret;
+	listener_item *j = gnutls_session_get_ptr(session);
+	unsigned int size;
+	int ret;
 
 	if (gnutls_auth_get_type(session) == GNUTLS_CRD_CERTIFICATE) {
-		if (!require_cert && gnutls_certificate_get_peers(session, &size) == NULL)
+		if (!require_cert
+		    && gnutls_certificate_get_peers(session, &size) == NULL)
 			return 0;
 
 		if (ENABLED_OPT(VERIFY_CLIENT_CERT)) {
 			if (cert_verify(session, NULL, NULL) == 0) {
 				do {
-					ret = gnutls_alert_send(session, GNUTLS_AL_FATAL, GNUTLS_A_ACCESS_DENIED);
-				} while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN);
+					ret =
+					    gnutls_alert_send(session,
+							      GNUTLS_AL_FATAL,
+							      GNUTLS_A_ACCESS_DENIED);
+				} while (ret == GNUTLS_E_INTERRUPTED
+					 || ret == GNUTLS_E_AGAIN);
 
 				j->http_state = HTTP_STATE_CLOSING;
 				return -1;
@@ -315,8 +316,7 @@ int ret;
 /* callback used to verify if the host name advertised in client hello matches
  * the one configured in server
  */
-static int
-post_client_hello(gnutls_session_t session)
+static int post_client_hello(gnutls_session_t session)
 {
 	int ret;
 	/* DNS names (only type supported) may be at most 256 byte long */
@@ -329,7 +329,7 @@ post_client_hello(gnutls_session_t session)
 	if (name == NULL)
 		return GNUTLS_E_MEMORY_ERROR;
 
-	for (i=0; ; ) {
+	for (i = 0;;) {
 		ret = gnutls_server_name_get(session, name, &len, &type, i);
 		if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
 			char *new_name;
@@ -339,7 +339,7 @@ post_client_hello(gnutls_session_t session)
 				goto end;
 			}
 			name = new_name;
-			continue; /* retry call with same index */
+			continue;	/* retry call with same index */
 		}
 
 		/* check if it is the last entry in list */
@@ -362,7 +362,8 @@ post_client_hello(gnutls_session_t session)
 	};
 	/* when there is no extension, we can't send the extension specific alert */
 	if (i == 0) {
-		fprintf(stderr, "Warning: client did not include SNI extension, using default host\n");
+		fprintf(stderr,
+			"Warning: client did not include SNI extension, using default host\n");
 		ret = GNUTLS_E_SUCCESS;
 		goto end;
 	}
@@ -384,7 +385,7 @@ post_client_hello(gnutls_session_t session)
 	} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
 
 	/* continue handshake, fall through */
-end:
+ end:
 	free(name);
 	return ret;
 }
@@ -400,7 +401,8 @@ gnutls_session_t initialize_session(int dtls)
 	gnutls_datum_t alpn[MAX_ALPN_PROTOCOLS];
 #endif
 	unsigned alpn_size;
-	unsigned flags = GNUTLS_SERVER | GNUTLS_POST_HANDSHAKE_AUTH | GNUTLS_ENABLE_RAWPK;
+	unsigned flags =
+	    GNUTLS_SERVER | GNUTLS_POST_HANDSHAKE_AUTH | GNUTLS_ENABLE_RAWPK;
 
 	if (dtls)
 		flags |= GNUTLS_DATAGRAM;
@@ -414,8 +416,7 @@ gnutls_session_t initialize_session(int dtls)
 	 */
 	gnutls_handshake_set_private_extensions(session, 1);
 
-	gnutls_handshake_set_timeout(session,
-				     GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
+	gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
 
 	if (nodb == 0) {
 		gnutls_db_set_retrieve_function(session, wrap_db_fetch);
@@ -431,9 +432,13 @@ gnutls_session_t initialize_session(int dtls)
 	if (earlydata) {
 		gnutls_anti_replay_enable(session, anti_replay);
 		if (HAVE_OPT(MAXEARLYDATA)) {
-			ret = gnutls_record_set_max_early_data_size(session, OPT_VALUE_MAXEARLYDATA);
+			ret =
+			    gnutls_record_set_max_early_data_size(session,
+								  OPT_VALUE_MAXEARLYDATA);
 			if (ret < 0) {
-				fprintf(stderr, "Could not set max early data size: %s\n", gnutls_strerror(ret));
+				fprintf(stderr,
+					"Could not set max early data size: %s\n",
+					gnutls_strerror(ret));
 				exit(1);
 			}
 		}
@@ -446,7 +451,8 @@ gnutls_session_t initialize_session(int dtls)
 	if (priorities == NULL) {
 		ret = gnutls_set_default_priority(session);
 		if (ret < 0) {
-			fprintf(stderr, "Could not set default policy: %s\n", gnutls_strerror(ret));
+			fprintf(stderr, "Could not set default policy: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -463,15 +469,19 @@ gnutls_session_t initialize_session(int dtls)
 		exit(1);
 	}
 #else
-	alpn_size = MIN(MAX_ALPN_PROTOCOLS,alpn_protos_size);
-	for (i=0;i<alpn_size;i++) {
-		alpn[i].data = (void*)alpn_protos[i];
+	alpn_size = MIN(MAX_ALPN_PROTOCOLS, alpn_protos_size);
+	for (i = 0; i < alpn_size; i++) {
+		alpn[i].data = (void *)alpn_protos[i];
 		alpn[i].size = strlen(alpn_protos[i]);
 	}
 
-	ret = gnutls_alpn_set_protocols(session, alpn, alpn_size, HAVE_OPT(ALPN_FATAL)?GNUTLS_ALPN_MANDATORY:0);
+	ret =
+	    gnutls_alpn_set_protocols(session, alpn, alpn_size,
+				      HAVE_OPT(ALPN_FATAL) ?
+				      GNUTLS_ALPN_MANDATORY : 0);
 	if (ret < 0) {
-		fprintf(stderr, "Error setting ALPN protocols: %s\n", gnutls_strerror(ret));
+		fprintf(stderr, "Error setting ALPN protocols: %s\n",
+			gnutls_strerror(ret));
 		exit(1);
 	}
 #endif
@@ -488,7 +498,7 @@ gnutls_session_t initialize_session(int dtls)
 
 	if (cert_cred != NULL) {
 		gnutls_certificate_set_verify_function(cert_cred,
-					       cert_verify_callback);
+						       cert_verify_callback);
 
 		gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
 				       cert_cred);
@@ -540,14 +550,15 @@ gnutls_session_t initialize_session(int dtls)
 		else if (ret != 0)
 			fprintf(stderr, "Error in profiles: %s\n",
 				gnutls_strerror(ret));
-		else fprintf(stderr,"DTLS profile set to %s\n",
-			     OPT_ARG(SRTP_PROFILES));
+		else
+			fprintf(stderr, "DTLS profile set to %s\n",
+				OPT_ARG(SRTP_PROFILES));
 
-		if (ret != 0) exit(1);
+		if (ret != 0)
+			exit(1);
 	}
 #endif
 
-
 	return session;
 }
 
@@ -591,7 +602,8 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length,
 		return http_buffer;
 	}
 
-	if (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT) == GNUTLS_CRT_X509) {
+	if (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT) ==
+	    GNUTLS_CRT_X509) {
 		const gnutls_datum_t *cert_list;
 		unsigned int cert_list_size = 0;
 
@@ -612,7 +624,7 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length,
 				const char post[] = "</PRE><P><PRE>";
 				char *crtinfo_new;
 				size_t ncrtinfo_new;
-				
+
 				ncrtinfo_new = xsum3(ncrtinfo, info.size,
 						     sizeof(post));
 				if (size_overflow_p(ncrtinfo_new)) {
@@ -628,8 +640,7 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length,
 				memcpy(crtinfo + ncrtinfo, info.data,
 				       info.size);
 				ncrtinfo += info.size;
-				memcpy(crtinfo + ncrtinfo, post,
-				       strlen(post));
+				memcpy(crtinfo + ncrtinfo, post, strlen(post));
 				ncrtinfo += strlen(post);
 				crtinfo[ncrtinfo] = '\0';
 				gnutls_free(info.data);
@@ -694,12 +705,10 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length,
 	}
 #endif
 
-
 	/* print session information */
 	strcat(http_buffer, "<P>\n");
 
-	tmp =
-	    gnutls_protocol_get_name(version);
+	tmp = gnutls_protocol_get_name(version);
 	if (tmp == NULL)
 		tmp = str_unknown;
 	snprintf(tmp_buffer, tmp_buffer_size,
@@ -709,16 +718,18 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length,
 	desc = gnutls_session_get_desc(session);
 	if (desc) {
 		snprintf(tmp_buffer, tmp_buffer_size,
-			"<TR><TD>Description:</TD><TD>%s</TD></TR>\n",
-			desc);
+			 "<TR><TD>Description:</TD><TD>%s</TD></TR>\n", desc);
 		gnutls_free(desc);
 	}
 
 	if (gnutls_auth_get_type(session) == GNUTLS_CRD_CERTIFICATE &&
-	    gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT) != GNUTLS_CRT_X509) {
+	    gnutls_certificate_type_get2(session,
+					 GNUTLS_CTYPE_CLIENT) !=
+	    GNUTLS_CRT_X509) {
 		tmp =
 		    gnutls_certificate_type_get_name
-		    (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_CLIENT));
+		    (gnutls_certificate_type_get2
+		     (session, GNUTLS_CTYPE_CLIENT));
 		if (tmp == NULL)
 			tmp = str_unknown;
 		snprintf(tmp_buffer, tmp_buffer_size,
@@ -749,7 +760,9 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length,
 		}
 #endif
 
-		tmp = gnutls_compression_get_name(gnutls_compression_get(session));
+		tmp =
+		    gnutls_compression_get_name(gnutls_compression_get
+						(session));
 		if (tmp == NULL)
 			tmp = str_unknown;
 		snprintf(tmp_buffer, tmp_buffer_size,
@@ -761,8 +774,7 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length,
 		if (tmp == NULL)
 			tmp = str_unknown;
 		snprintf(tmp_buffer, tmp_buffer_size,
-			 "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR>\n",
-			 tmp);
+			 "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR>\n", tmp);
 	}
 
 	tmp = gnutls_cipher_get_name(gnutls_cipher_get(session));
@@ -777,8 +789,7 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length,
 	snprintf(tmp_buffer, tmp_buffer_size,
 		 "<TR><TD>MAC</TD><TD>%s</TD></TR>\n", tmp);
 
-	snprintf(tmp_buffer, tmp_buffer_size,
-		 "</TABLE></P>\n");
+	snprintf(tmp_buffer, tmp_buffer_size, "</TABLE></P>\n");
 
 	if (crtinfo) {
 		snprintf(tmp_buffer, tmp_buffer_size,
@@ -821,9 +832,7 @@ static char *peer_print_data(gnutls_session_t session, int *ret_length)
 	ret = asprintf(&http_buffer,
 		       "HTTP/1.0 200 OK\r\n"
 		       "Content-Type: application/octet-stream\r\n"
-		       "Content-Length: %u\r\n"
-		       "\r\n",
-		       data.size);
+		       "Content-Length: %u\r\n" "\r\n", data.size);
 	if (ret < 0)
 		return NULL;
 	len = ret;
@@ -861,8 +870,7 @@ const char *human_addr(const struct sockaddr *sa, socklen_t salen,
 	buf += l;
 	buflen -= l;
 
-	if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) !=
-	    0) {	
+	if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) != 0) {
 		return "(error)";
 	}
 
@@ -877,8 +885,7 @@ const char *human_addr(const struct sockaddr *sa, socklen_t salen,
 	buf += 6;
 	buflen -= 6;
 
-	if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) !=
-	    0) {
+	if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) != 0) {
 		snprintf(buf, buflen, "%s", " unknown");
 	}
 
@@ -945,8 +952,7 @@ int listen_socket(const char *name, int listen_port, int socktype)
 	hints.ai_flags = AI_PASSIVE;
 
 	if ((s = getaddrinfo(NULL, portname, &hints, &res)) != 0) {
-		fprintf(stderr, "getaddrinfo() failed: %s\n",
-			gai_strerror(s));
+		fprintf(stderr, "getaddrinfo() failed: %s\n", gai_strerror(s));
 		return -1;
 	}
 
@@ -968,26 +974,25 @@ int listen_socket(const char *name, int listen_port, int socktype)
 		}
 
 		if ((news = socket(ptr->ai_family, ptr->ai_socktype,
-				ptr->ai_protocol)) < 0) {
+				   ptr->ai_protocol)) < 0) {
 			perror("socket() failed");
 			continue;
 		}
-		s = news; /* to not overwrite existing s from previous loops */
+		s = news;	/* to not overwrite existing s from previous loops */
 #if defined(HAVE_IPV6) && !defined(_WIN32)
 		if (ptr->ai_family == AF_INET6) {
 			yes = 1;
 			/* avoid listen on ipv6 addresses failing
 			 * because already listening on ipv4 addresses: */
 			(void)setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-				   (const void *) &yes, sizeof(yes));
+					 (const void *)&yes, sizeof(yes));
 		}
 #endif
 
 		if (socktype == SOCK_STREAM) {
 			yes = 1;
 			if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-				       (const void *) &yes,
-				       sizeof(yes)) < 0) {
+				       (const void *)&yes, sizeof(yes)) < 0) {
 				perror("setsockopt() failed");
 				close(s);
 				continue;
@@ -996,14 +1001,12 @@ int listen_socket(const char *name, int listen_port, int socktype)
 #if defined(IP_DONTFRAG)
 			yes = 1;
 			if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG,
-				       (const void *) &yes,
-				       sizeof(yes)) < 0)
+				       (const void *)&yes, sizeof(yes)) < 0)
 				perror("setsockopt(IP_DF) failed");
 #elif defined(IP_MTU_DISCOVER)
 			yes = IP_PMTUDISC_DO;
 			if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
-				       (const void *) &yes,
-				       sizeof(yes)) < 0)
+				       (const void *)&yes, sizeof(yes)) < 0)
 				perror("setsockopt(IP_DF) failed");
 #endif
 		}
@@ -1046,8 +1049,7 @@ static void strip(char *data)
 	int len = strlen(data);
 
 	for (i = 0; i < len; i++) {
-		if (data[i] == '\r' && data[i + 1] == '\n'
-		    && data[i + 2] == 0) {
+		if (data[i] == '\r' && data[i + 1] == '\n' && data[i + 2] == 0) {
 			data[i] = '\n';
 			data[i + 1] = 0;
 			break;
@@ -1079,7 +1081,8 @@ get_response(gnutls_session_t session, char *request,
 
 	if (http != 0) {
 		if (http_data_file == NULL)
-			*response = peer_print_info(session, response_length, h);
+			*response =
+			    peer_print_info(session, response_length, h);
 		else
 			*response = peer_print_data(session, response_length);
 	} else {
@@ -1107,15 +1110,17 @@ get_response(gnutls_session_t session, char *request,
 		} else {
 			*response = NULL;
 			do {
-				ret = gnutls_alert_send_appropriate(session, ret);
-			} while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+				ret =
+				    gnutls_alert_send_appropriate(session, ret);
+			} while (ret == GNUTLS_E_AGAIN
+				 || ret == GNUTLS_E_INTERRUPTED);
 			return 0;
 		}
 	}
 
 	return 1;
 
-      unimplemented:
+ unimplemented:
 	*response = strdup(HTTP_UNIMPLEMENTED);
 	if (*response == NULL)
 		return 0;
@@ -1123,7 +1128,7 @@ get_response(gnutls_session_t session, char *request,
 	return 1;
 }
 
-static void terminate(int sig) __attribute__ ((__noreturn__));
+static void terminate(int sig) __attribute__((__noreturn__));
 
 static void terminate(int sig)
 {
@@ -1142,7 +1147,6 @@ static void terminate(int sig)
 	_exit(1);
 }
 
-
 static void check_alert(gnutls_session_t session, int ret)
 {
 	if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED
@@ -1188,8 +1192,7 @@ int main(int argc, char **argv)
 	sockets_init();
 
 	listener_list = gl_list_create_empty(GL_LINKED_LIST,
-					     NULL, NULL, listener_free,
-					     true);
+					     NULL, NULL, listener_free, true);
 
 	if (nodb == 0)
 		wrap_db_init();
@@ -1221,8 +1224,7 @@ int main(int argc, char **argv)
 				gnutls_strerror(ret));
 		else {
 			ret =
-			    gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER),
-						       NULL);
+			    gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER), NULL);
 			if (ret < 0) {
 				fprintf(stderr, "pkcs11_add_provider: %s",
 					gnutls_strerror(ret));
@@ -1254,8 +1256,7 @@ int main(int argc, char **argv)
 	if (x509_cafile != NULL) {
 		if ((ret = gnutls_certificate_set_x509_trust_file
 		     (cert_cred, x509_cafile, x509ctype)) < 0) {
-			fprintf(stderr, "Error reading '%s'\n",
-				x509_cafile);
+			fprintf(stderr, "Error reading '%s'\n", x509_cafile);
 			GERR(ret);
 			exit(1);
 		} else {
@@ -1265,8 +1266,7 @@ int main(int argc, char **argv)
 	if (x509_crlfile != NULL) {
 		if ((ret = gnutls_certificate_set_x509_crl_file
 		     (cert_cred, x509_crlfile, x509ctype)) < 0) {
-			fprintf(stderr, "Error reading '%s'\n",
-				x509_crlfile);
+			fprintf(stderr, "Error reading '%s'\n", x509_crlfile);
 			GERR(ret);
 			exit(1);
 		} else {
@@ -1277,31 +1277,35 @@ int main(int argc, char **argv)
 	if (x509_certfile_size > 0 && x509_keyfile_size > 0) {
 		for (i = 0; i < x509_certfile_size; i++) {
 			ret = gnutls_certificate_set_x509_key_file
-			    (cert_cred, x509_certfile[i], x509_keyfile[i], x509ctype);
+			    (cert_cred, x509_certfile[i], x509_keyfile[i],
+			     x509ctype);
 			if (ret < 0) {
 				fprintf(stderr,
-						"Error reading '%s' or '%s'\n",
-						x509_certfile[i], x509_keyfile[i]);
+					"Error reading '%s' or '%s'\n",
+					x509_certfile[i], x509_keyfile[i]);
 				GERR(ret);
 				exit(1);
 			} else
 				cert_set = 1;
 		}
 	}
-	
+
 	/* Raw public-key credentials */
 	if (rawpk_file_size > 0 && rawpk_keyfile_size > 0) {
 		for (i = 0; i < rawpk_keyfile_size; i++) {
-			ret = gnutls_certificate_set_rawpk_key_file(cert_cred, rawpk_file[i],
-			                                            rawpk_keyfile[i],
-			                                            x509ctype,
-			                                            NULL, 0, NULL, 0,
-			                                            0, 0);
+			ret =
+			    gnutls_certificate_set_rawpk_key_file(cert_cred,
+								  rawpk_file[i],
+								  rawpk_keyfile
+								  [i],
+								  x509ctype,
+								  NULL, 0, NULL,
+								  0, 0, 0);
 			if (ret < 0) {
-				fprintf(stderr,	"Error reading '%s' or '%s'\n",
-				        rawpk_file[i], rawpk_keyfile[i]);
-					GERR(ret);
-					exit(1);
+				fprintf(stderr, "Error reading '%s' or '%s'\n",
+					rawpk_file[i], rawpk_keyfile[i]);
+				GERR(ret);
+				exit(1);
 			} else {
 				cert_set = 1;
 			}
@@ -1312,25 +1316,24 @@ int main(int argc, char **argv)
 		fprintf(stderr,
 			"Warning: no private key and certificate pairs were set.\n");
 	}
-
 #ifndef ENABLE_OCSP
 	if (HAVE_OPT(IGNORE_OCSP_RESPONSE_ERRORS) || ocsp_responses_size != 0) {
 		fprintf(stderr, "OCSP is not supported!\n");
-			exit(1);
+		exit(1);
 	}
 #else
 	/* OCSP status-request TLS extension */
 	if (HAVE_OPT(IGNORE_OCSP_RESPONSE_ERRORS))
-		gnutls_certificate_set_flags(cert_cred, GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK);
+		gnutls_certificate_set_flags(cert_cred,
+					     GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK);
 
-	for (i = 0; i < ocsp_responses_size; i++ ) {
+	for (i = 0; i < ocsp_responses_size; i++) {
 		ret = gnutls_certificate_set_ocsp_status_request_file
 		    (cert_cred, ocsp_responses[i], 0);
 		if (ret < 0) {
 			fprintf(stderr,
 				"Cannot set OCSP status request file: %s: %s\n",
-				ocsp_responses[i],
-				gnutls_strerror(ret));
+				ocsp_responses[i], gnutls_strerror(ret));
 			exit(1);
 		}
 	}
@@ -1338,9 +1341,13 @@ int main(int argc, char **argv)
 
 	if (use_static_dh_params) {
 #if defined(ENABLE_DHE) || defined(ENABLE_ANON)
-		ret = gnutls_certificate_set_known_dh_params(cert_cred, GNUTLS_SEC_PARAM_MEDIUM);
+		ret =
+		    gnutls_certificate_set_known_dh_params(cert_cred,
+							   GNUTLS_SEC_PARAM_MEDIUM);
 		if (ret < 0) {
-			fprintf(stderr, "Error while setting DH parameters: %s\n", gnutls_strerror(ret));
+			fprintf(stderr,
+				"Error while setting DH parameters: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 #else
@@ -1365,8 +1372,7 @@ int main(int argc, char **argv)
 		    < 0) {
 			/* only exit is this function is not disabled 
 			 */
-			fprintf(stderr,
-				"Error while setting SRP parameters\n");
+			fprintf(stderr, "Error while setting SRP parameters\n");
 			GERR(ret);
 		}
 	}
@@ -1380,12 +1386,10 @@ int main(int argc, char **argv)
 
 		if ((ret =
 		     gnutls_psk_set_server_credentials_file(psk_cred,
-							    psk_passwd)) <
-		    0) {
+							    psk_passwd)) < 0) {
 			/* only exit is this function is not disabled 
 			 */
-			fprintf(stderr,
-				"Error while setting PSK parameters\n");
+			fprintf(stderr, "Error while setting PSK parameters\n");
 			GERR(ret);
 		}
 
@@ -1401,9 +1405,13 @@ int main(int argc, char **argv)
 		}
 
 		if (use_static_dh_params) {
-			ret = gnutls_psk_set_server_known_dh_params(psk_cred, GNUTLS_SEC_PARAM_MEDIUM);
+			ret =
+			    gnutls_psk_set_server_known_dh_params(psk_cred,
+								  GNUTLS_SEC_PARAM_MEDIUM);
 			if (ret < 0) {
-				fprintf(stderr, "Error while setting DH parameters: %s\n", gnutls_strerror(ret));
+				fprintf(stderr,
+					"Error while setting DH parameters: %s\n",
+					gnutls_strerror(ret));
 				exit(1);
 			}
 		} else {
@@ -1417,9 +1425,13 @@ int main(int argc, char **argv)
 	gnutls_anon_allocate_server_credentials(&dh_cred);
 
 	if (use_static_dh_params) {
-		ret = gnutls_anon_set_server_known_dh_params(dh_cred, GNUTLS_SEC_PARAM_MEDIUM);
+		ret =
+		    gnutls_anon_set_server_known_dh_params(dh_cred,
+							   GNUTLS_SEC_PARAM_MEDIUM);
 		if (ret < 0) {
-			fprintf(stderr, "Error while setting DH parameters: %s\n", gnutls_strerror(ret));
+			fprintf(stderr,
+				"Error while setting DH parameters: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
 	} else {
@@ -1433,10 +1445,13 @@ int main(int argc, char **argv)
 	if (earlydata) {
 		ret = gnutls_anti_replay_init(&anti_replay);
 		if (ret < 0) {
-			fprintf(stderr, "Error while initializing anti-replay: %s\n", gnutls_strerror(ret));
+			fprintf(stderr,
+				"Error while initializing anti-replay: %s\n",
+				gnutls_strerror(ret));
 			exit(1);
 		}
-		gnutls_anti_replay_set_add_function(anti_replay, anti_replay_db_add);
+		gnutls_anti_replay_set_add_function(anti_replay,
+						    anti_replay_db_add);
 		gnutls_anti_replay_set_ptr(anti_replay, NULL);
 	}
 
@@ -1458,7 +1473,7 @@ int main(int argc, char **argv)
 	return 0;
 }
 
-static void retry_handshake(listener_item *j)
+static void retry_handshake(listener_item * j)
 {
 	int r, ret;
 
@@ -1476,17 +1491,16 @@ static void retry_handshake(listener_item *j)
 		} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
 		j->close_ok = 0;
 	} else if (r == 0) {
-		if (gnutls_session_is_resumed(j->tls_session) != 0 && verbose != 0)
+		if (gnutls_session_is_resumed(j->tls_session) != 0
+		    && verbose != 0)
 			printf("*** This is a resumed session\n");
 
 		if (verbose != 0) {
 #if 0
 			printf("- connection from %s\n",
-			     human_addr((struct sockaddr *)
-				&client_address,
-				calen,
-				topbuf,
-				sizeof(topbuf)));
+			       human_addr((struct sockaddr *)
+					  &client_address,
+					  calen, topbuf, sizeof(topbuf)));
 #endif
 
 			print_info(j->tls_session, verbose, verbose);
@@ -1504,7 +1518,7 @@ static void retry_handshake(listener_item *j)
 	}
 }
 
-static void try_rehandshake(listener_item *j)
+static void try_rehandshake(listener_item * j)
 {
 	int r, ret;
 	fprintf(stderr, "*** Received hello message\n");
@@ -1517,7 +1531,8 @@ static void try_rehandshake(listener_item *j)
 		do {
 			ret = gnutls_alert_send_appropriate(j->tls_session, r);
 		} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
-		fprintf(stderr, "Error in rehandshake: %s\n", gnutls_strerror(r));
+		fprintf(stderr, "Error in rehandshake: %s\n",
+			gnutls_strerror(r));
 		j->http_state = HTTP_STATE_CLOSING;
 	} else {
 		j->close_ok = 1;
@@ -1558,20 +1573,20 @@ static void tcp_server(const char *name, int port)
 /* flag which connections we are reading or writing to within the fd sets */
 		iter = gl_list_iterator(listener_list);
 		while (gl_list_iterator_next(&iter, &elt, &node)) {
-			listener_item *j = (listener_item *)elt;
+			listener_item *j = (listener_item *) elt;
 
 #ifndef _WIN32
 			val = fcntl(j->fd, F_GETFL, 0);
 			if ((val == -1)
-			    || (fcntl(j->fd, F_SETFL, val | O_NONBLOCK) <
-				0)) {
+			    || (fcntl(j->fd, F_SETFL, val | O_NONBLOCK) < 0)) {
 				perror("fcntl()");
 				exit(1);
 			}
 #endif
 			if (j->start != 0 && now - j->start > 30) {
 				if (verbose != 0) {
-					fprintf(stderr, "Scheduling inactive connection for close\n");
+					fprintf(stderr,
+						"Scheduling inactive connection for close\n");
 				}
 				j->http_state = HTTP_STATE_CLOSING;
 			}
@@ -1606,16 +1621,14 @@ static void tcp_server(const char *name, int port)
 /* read or write to each connection as indicated by select()'s return argument */
 		iter = gl_list_iterator(listener_list);
 		while (gl_list_iterator_next(&iter, &elt, &node)) {
-			listener_item *j = (listener_item *)elt;
+			listener_item *j = (listener_item *) elt;
 
 			/* a new connection has arrived */
 			if (FD_ISSET(j->fd, &rd) && j->listen_socket) {
 				calen = sizeof(client_address);
 				memset(&client_address, 0, calen);
-				accept_fd =
-				    accept(j->fd,
-					   (struct sockaddr *)
-					   &client_address, &calen);
+				accept_fd = accept(j->fd, (struct sockaddr *)
+						   &client_address, &calen);
 
 				if (accept_fd < 0) {
 					perror("accept()");
@@ -1628,14 +1641,14 @@ static void tcp_server(const char *name, int port)
 					/* new list entry for the connection */
 					jj = xzalloc(sizeof(*jj));
 					gl_list_add_last(accepted_list, jj);
-					jj->http_request =
-					    (char *) strdup("");
+					jj->http_request = (char *)strdup("");
 					jj->http_state = HTTP_STATE_REQUEST;
 					jj->fd = accept_fd;
 					jj->start = tt;
 
 					jj->tls_session = initialize_session(0);
-					gnutls_session_set_ptr(jj->tls_session, jj);
+					gnutls_session_set_ptr(jj->tls_session,
+							       jj);
 					gnutls_transport_set_int
 					    (jj->tls_session, accept_fd);
 					set_read_funcs(jj->tls_session);
@@ -1643,27 +1656,26 @@ static void tcp_server(const char *name, int port)
 					jj->close_ok = 0;
 
 					if (verbose != 0) {
-						ctt = simple_ctime(&tt, timebuf);
+						ctt =
+						    simple_ctime(&tt, timebuf);
 						ctt[strlen(ctt) - 1] = 0;
 
 						printf
 						    ("\n* Accepted connection from %s on %s\n",
 						     human_addr((struct
-								 sockaddr
-								 *)
+								 sockaddr *)
 								&client_address,
 								calen,
 								topbuf,
 								sizeof
-								(topbuf)),
-						     ctt);
+								(topbuf)), ctt);
 					}
 				}
 			}
 
 			if (FD_ISSET(j->fd, &rd) && !j->listen_socket) {
 /* read partial GET request */
-				char buf[16*1024];
+				char buf[16 * 1024];
 				int r;
 
 				if (j->handshake_ok == 0) {
@@ -1673,12 +1685,10 @@ static void tcp_server(const char *name, int port)
 				if (j->handshake_ok == 1) {
 					int earlydata_read = 0;
 					if (earlydata && !j->earlydata_eof) {
-						r = gnutls_record_recv_early_data(j->
-										  tls_session,
-										  buf,
-										  MIN(sizeof(buf),
-										      SMALL_READ_TEST));
-						if (r == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+						r = gnutls_record_recv_early_data(j->tls_session, buf, MIN(sizeof(buf), SMALL_READ_TEST));
+						if (r ==
+						    GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+						{
 							j->earlydata_eof = 1;
 						}
 						if (r == 0) {
@@ -1686,52 +1696,62 @@ static void tcp_server(const char *name, int port)
 						}
 					}
 					if (!earlydata_read) {
-						r = gnutls_record_recv(j->
-								       tls_session,
-								       buf,
-								       MIN(sizeof(buf),
-									   SMALL_READ_TEST));
+						r = gnutls_record_recv
+						    (j->tls_session, buf,
+						     MIN(sizeof(buf),
+							 SMALL_READ_TEST));
 					}
-					if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) {
+					if (r == GNUTLS_E_INTERRUPTED
+					    || r == GNUTLS_E_AGAIN) {
 						/* do nothing */
 					} else if (r <= 0) {
-						if (r == GNUTLS_E_HEARTBEAT_PING_RECEIVED) {
-							gnutls_heartbeat_pong(j->tls_session, 0);
-						} else if (r == GNUTLS_E_REHANDSHAKE) {
+						if (r ==
+						    GNUTLS_E_HEARTBEAT_PING_RECEIVED)
+						{
+							gnutls_heartbeat_pong
+							    (j->tls_session, 0);
+						} else if (r ==
+							   GNUTLS_E_REHANDSHAKE)
+						{
 							try_rehandshake(j);
 						} else {
-							j->http_state = HTTP_STATE_CLOSING;
+							j->http_state =
+							    HTTP_STATE_CLOSING;
 							if (r < 0) {
 								int ret;
-								check_alert(j->tls_session, r);
+								check_alert
+								    (j->tls_session,
+								     r);
 								fprintf(stderr,
-								     "Error while receiving data\n");
+									"Error while receiving data\n");
 								do {
-									ret = gnutls_alert_send_appropriate(j->tls_session, r);
-								} while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
+									ret =
+									    gnutls_alert_send_appropriate
+									    (j->tls_session,
+									     r);
+								} while (ret ==
+									 GNUTLS_E_AGAIN
+									 || ret
+									 ==
+									 GNUTLS_E_INTERRUPTED);
 								GERR(r);
 								j->close_ok = 0;
 							}
 						}
 					} else {
 						j->http_request =
-						    realloc(j->
-							    http_request,
-							    j->
-							    request_length
+						    realloc(j->http_request,
+							    j->request_length
 							    + r + 1);
-						if (j->http_request !=
-						    NULL) {
-							memcpy(j->
-							       http_request
+						if (j->http_request != NULL) {
+							memcpy(j->http_request
 							       +
 							       j->
 							       request_length,
 							       buf, r);
-							j->request_length
-							    += r;
-							j->http_request[j->
-									request_length]
+							j->request_length += r;
+							j->http_request
+							    [j->request_length]
 							    = '\0';
 						} else {
 							j->http_state =
@@ -1741,31 +1761,27 @@ static void tcp_server(const char *name, int port)
 /* check if we have a full HTTP header */
 
 					j->http_response = NULL;
-					if (j->http_state == HTTP_STATE_REQUEST && j->http_request != NULL) {
+					if (j->http_state == HTTP_STATE_REQUEST
+					    && j->http_request != NULL) {
 						if ((http == 0
-						     && strchr(j->
-							       http_request,
+						     && strchr(j->http_request,
 							       '\n'))
-						    || strstr(j->
-							      http_request,
+						    || strstr(j->http_request,
 							      "\r\n\r\n")
-						    || strstr(j->
-							      http_request,
+						    || strstr(j->http_request,
 							      "\n\n")) {
-							if (get_response(j->
-								         tls_session,
-								         j->
-								         http_request,
-								         &j->
-								         http_response,
-								         &j->
-								         response_length)) {
+							if (get_response
+							    (j->tls_session,
+							     j->http_request,
+							     &j->http_response,
+							     &j->
+							     response_length)) {
 								j->http_state =
 								    HTTP_STATE_RESPONSE;
-								j->response_written
-								    = 0;
+								j->response_written = 0;
 							} else {
-								j->http_state = HTTP_STATE_CLOSING;
+								j->http_state =
+								    HTTP_STATE_CLOSING;
 							}
 						}
 					}
@@ -1780,43 +1796,51 @@ static void tcp_server(const char *name, int port)
 					retry_handshake(j);
 				}
 
-				if (j->handshake_ok == 1 && j->http_response == NULL) {
+				if (j->handshake_ok == 1
+				    && j->http_response == NULL) {
 					j->http_state = HTTP_STATE_CLOSING;
-				} else if (j->handshake_ok == 1 && j->http_response != NULL) {
+				} else if (j->handshake_ok == 1
+					   && j->http_response != NULL) {
 					r = gnutls_record_send(j->tls_session,
 							       j->http_response
 							       +
 							       j->response_written,
-							       MIN(j->response_length
-								   -
-								   j->response_written,
-								   SMALL_READ_TEST));
-					if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) {
+							       MIN
+							       (j->response_length
+								-
+								j->response_written,
+								SMALL_READ_TEST));
+					if (r == GNUTLS_E_INTERRUPTED
+					    || r == GNUTLS_E_AGAIN) {
 						/* do nothing */
 					} else if (r <= 0) {
-						j->http_state = HTTP_STATE_CLOSING;
+						j->http_state =
+						    HTTP_STATE_CLOSING;
 						if (r < 0) {
 							fprintf(stderr,
 								"Error while sending data\n");
 							GERR(r);
 						}
-						check_alert(j->tls_session,
-							    r);
+						check_alert(j->tls_session, r);
 					} else {
 						j->response_written += r;
 /* check if we have written a complete response */
 						if (j->response_written ==
 						    j->response_length) {
 							if (http != 0)
-								j->http_state = HTTP_STATE_CLOSING;
+								j->http_state =
+								    HTTP_STATE_CLOSING;
 							else {
-								j->http_state = HTTP_STATE_REQUEST;
+								j->http_state =
+								    HTTP_STATE_REQUEST;
 								free(j->
 								     http_response);
-								j->http_response = NULL;
+								j->http_response
+								    = NULL;
 								j->response_length = 0;
 								j->request_length = 0;
-								j->http_request[0] = 0;
+								j->http_request
+								    [0] = 0;
 							}
 						}
 					}
@@ -1849,7 +1873,6 @@ static void tcp_server(const char *name, int port)
 		gl_list_free(accepted_list);
 	}
 
-
 	gnutls_certificate_free_credentials(cert_cred);
 
 #ifdef ENABLE_SRP
@@ -1937,16 +1960,17 @@ static void cmd_parser(int argc, char **argv)
 	}
 
 	if (x509_certfile_size != x509_keyfile_size) {
-		fprintf(stderr, "The certificate number provided (%u) doesn't match the keys (%u)\n",
+		fprintf(stderr,
+			"The certificate number provided (%u) doesn't match the keys (%u)\n",
 			x509_certfile_size, x509_keyfile_size);
-			exit(1);
+		exit(1);
 	}
 
 	if (HAVE_OPT(X509CAFILE))
 		x509_cafile = OPT_ARG(X509CAFILE);
 	if (HAVE_OPT(X509CRLFILE))
 		x509_crlfile = OPT_ARG(X509CRLFILE);
-		
+
 	if (HAVE_OPT(RAWPKKEYFILE)) {
 		rawpk_keyfile = STACKLST_OPT(RAWPKKEYFILE);
 		rawpk_keyfile_size = STACKCT_OPT(RAWPKKEYFILE);
@@ -1958,9 +1982,10 @@ static void cmd_parser(int argc, char **argv)
 	}
 
 	if (rawpk_file_size != rawpk_keyfile_size) {
-		fprintf(stderr, "The number of raw public-keys provided (%u) doesn't match the number of corresponding private keys (%u)\n",
+		fprintf(stderr,
+			"The number of raw public-keys provided (%u) doesn't match the number of corresponding private keys (%u)\n",
 			rawpk_file_size, rawpk_keyfile_size);
-			exit(1);
+		exit(1);
 	}
 
 	if (HAVE_OPT(SRPPASSWD))
@@ -2016,8 +2041,7 @@ static void wrap_db_deinit(void)
 	free(cache_db);
 }
 
-static int
-wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data)
+static int wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data)
 {
 	int i;
 	time_t now = time(0);
@@ -2034,15 +2058,15 @@ wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data)
 		for (i = 0; i < cache_db_ptr; i++)
 			if (cache_db[i].session_id_size == 0 ||
 			    !(now <
-			      gnutls_db_check_entry_expire_time(&cache_db[i].
+			      gnutls_db_check_entry_expire_time(&cache_db
+								[i].
 								session_data)))
 				break;
 
 		if (i == cache_db_ptr) {
 			/* try to allocate additional slots */
 			if (cache_db_ptr == ssl_session_cache) {
-				fprintf(stderr,
-					"Error: too many sessions\n");
+				fprintf(stderr, "Error: too many sessions\n");
 				return GNUTLS_E_DB_ERROR;
 			}
 			cache_db_alloc = cache_db_alloc * 2 + 1;
@@ -2062,8 +2086,7 @@ wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data)
 	/* resize the data slot if needed */
 	if (cache_db[i].session_data.size < data.size) {
 		cache_db[i].session_data.data =
-			realloc(cache_db[i].session_data.data,
-				data.size);
+		    realloc(cache_db[i].session_data.data, data.size);
 		if (!cache_db[i].session_data.data)
 			return GNUTLS_E_MEMORY_ERROR;
 	}
@@ -2083,8 +2106,9 @@ static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key)
 		if (key.size == cache_db[i].session_id_size &&
 		    memcmp(key.data, cache_db[i].session_id,
 			   key.size) == 0 &&
-		    now < gnutls_db_check_entry_expire_time(&cache_db[i].
-							    session_data)) {
+		    now <
+		    gnutls_db_check_entry_expire_time(&cache_db
+						      [i].session_data)) {
 			res.size = cache_db[i].session_data.size;
 
 			res.data = malloc(res.size);
@@ -2106,8 +2130,7 @@ static int wrap_db_delete(void *dbf, gnutls_datum_t key)
 
 	for (i = 0; i < cache_db_ptr; i++) {
 		if (key.size == cache_db[i].session_id_size &&
-		    memcmp(key.data, cache_db[i].session_id,
-			   key.size) == 0) {
+		    memcmp(key.data, cache_db[i].session_id, key.size) == 0) {
 
 			cache_db[i].session_id_size = 0;
 			free(cache_db[i].session_data.data);
@@ -2122,7 +2145,8 @@ static int wrap_db_delete(void *dbf, gnutls_datum_t key)
 }
 
 static int
-anti_replay_db_add(void *dbf, time_t exp, const gnutls_datum_t *key, const gnutls_datum_t *data)
+anti_replay_db_add(void *dbf, time_t exp, const gnutls_datum_t * key,
+		   const gnutls_datum_t * data)
 {
 	time_t now = time(0);
 	int i;
@@ -2131,8 +2155,9 @@ anti_replay_db_add(void *dbf, time_t exp, const gnutls_datum_t *key, const gnutl
 		if (key->size == cache_db[i].session_id_size &&
 		    memcmp(key->data, cache_db[i].session_id,
 			   key->size) == 0 &&
-		    now < gnutls_db_check_entry_expire_time(&cache_db[i].
-							    session_data))
+		    now <
+		    gnutls_db_check_entry_expire_time(&cache_db
+						      [i].session_data))
 			return GNUTLS_E_DB_ENTRY_EXISTS;
 	}
 
diff --git a/src/socket.c b/src/socket.c
index 36ac292700..3a6993553e 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -21,9 +21,9 @@
 #include <config.h>
 
 #if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
+# include <sys/socket.h>
 #elif HAVE_WS2TCPIP_H
-#include <ws2tcpip.h>
+# include <ws2tcpip.h>
 #endif
 #include <netdb.h>
 #include <string.h>
@@ -49,8 +49,7 @@
 /* Functions to manipulate sockets
  */
 
-ssize_t
-socket_recv(const socket_st * socket, void *buffer, int buffer_size)
+ssize_t socket_recv(const socket_st * socket, void *buffer, int buffer_size)
 {
 	int ret;
 
@@ -75,7 +74,8 @@ socket_recv(const socket_st * socket, void *buffer, int buffer_size)
 }
 
 ssize_t
-socket_recv_timeout(const socket_st * socket, void *buffer, int buffer_size, unsigned ms)
+socket_recv_timeout(const socket_st * socket, void *buffer, int buffer_size,
+		    unsigned ms)
 {
 	int ret;
 
@@ -95,7 +95,6 @@ socket_send(const socket_st * socket, const void *buffer, int buffer_size)
 	return socket_send_range(socket, buffer, buffer_size, NULL);
 }
 
-
 ssize_t
 socket_send_range(const socket_st * socket, const void *buffer,
 		  int buffer_size, gnutls_range_st * range)
@@ -107,18 +106,15 @@ socket_send_range(const socket_st * socket, const void *buffer,
 			if (range == NULL)
 				ret =
 				    gnutls_record_send(socket->session,
-						       buffer,
-						       buffer_size);
+						       buffer, buffer_size);
 			else
 				ret =
-				    gnutls_record_send_range(socket->
-							     session,
+				    gnutls_record_send_range(socket->session,
 							     buffer,
 							     buffer_size,
 							     range);
 		}
-		while (ret == GNUTLS_E_AGAIN
-		       || ret == GNUTLS_E_INTERRUPTED);
+		while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
 	else
 		do {
 			ret = send(socket->fd, buffer, buffer_size, 0);
@@ -166,10 +162,11 @@ ssize_t wait_for_text(socket_st * socket, const char *txt, unsigned txt_size)
 		abort();
 
 	if (socket->verbose && txt != NULL)
-		fprintf(stderr, "starttls: waiting for: \"%.*s\"\n", txt_size, txt);
+		fprintf(stderr, "starttls: waiting for: \"%.*s\"\n", txt_size,
+			txt);
 
 	pbuf = buf;
-	left = sizeof(buf)-1;
+	left = sizeof(buf) - 1;
 	got = 0;
 
 	do {
@@ -181,7 +178,8 @@ ssize_t wait_for_text(socket_st * socket, const char *txt, unsigned txt_size)
 		if (ret > 0)
 			ret = recv(socket->fd, pbuf, left, 0);
 		if (ret == -1) {
-			fprintf(stderr, "error receiving '%s': %s\n", txt, strerror(errno));
+			fprintf(stderr, "error receiving '%s': %s\n", txt,
+				strerror(errno));
 			exit(2);
 		} else if (ret == 0) {
 			fprintf(stderr, "error receiving '%s': Timeout\n", txt);
@@ -199,33 +197,33 @@ ssize_t wait_for_text(socket_st * socket, const char *txt, unsigned txt_size)
 		left -= ret;
 		got += ret;
 
-
 		/* check for text after a newline in buffer */
 		if (got > txt_size) {
 			p = memmem(buf, got, txt, txt_size);
 			if (p != NULL && p != buf) {
 				p--;
-				if (*p == '\n' || *p == '\r' || (*txt == '<' && *p == '>')) // XMPP is not line oriented, uses XML format
+				if (*p == '\n' || *p == '\r' || (*txt == '<' && *p == '>'))	// XMPP is not line oriented, uses XML format
 					break;
 			}
 		}
-	} while(got < txt_size || strncmp(buf, txt, txt_size) != 0);
+	} while (got < txt_size || strncmp(buf, txt, txt_size) != 0);
 
 	return got;
 }
 
-static void
-socket_starttls(socket_st * socket)
+static void socket_starttls(socket_st * socket)
 {
 	char buf[512];
 
 	if (socket->secure)
 		return;
 
-	if (socket->app_proto == NULL || strcasecmp(socket->app_proto, "https") == 0)
+	if (socket->app_proto == NULL
+	    || strcasecmp(socket->app_proto, "https") == 0)
 		return;
 
-	if (strcasecmp(socket->app_proto, "smtp") == 0 || strcasecmp(socket->app_proto, "submission") == 0) {
+	if (strcasecmp(socket->app_proto, "smtp") == 0
+	    || strcasecmp(socket->app_proto, "submission") == 0) {
 		if (socket->verbose)
 			log_msg(stdout, "Negotiating SMTP STARTTLS\n");
 
@@ -235,7 +233,8 @@ socket_starttls(socket_st * socket)
 		wait_for_text(socket, "250 ", 4);
 		send_line(socket, "STARTTLS\r\n");
 		wait_for_text(socket, "220 ", 4);
-	} else if (strcasecmp(socket->app_proto, "imap") == 0 || strcasecmp(socket->app_proto, "imap2") == 0) {
+	} else if (strcasecmp(socket->app_proto, "imap") == 0
+		   || strcasecmp(socket->app_proto, "imap2") == 0) {
 		if (socket->verbose)
 			log_msg(stdout, "Negotiating IMAP STARTTLS\n");
 
@@ -247,18 +246,22 @@ socket_starttls(socket_st * socket)
 		if (socket->verbose)
 			log_msg(stdout, "Negotiating XMPP STARTTLS\n");
 
-		snprintf(buf, sizeof(buf), "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='%s' version='1.0'>\n", socket->hostname);
+		snprintf(buf, sizeof(buf),
+			 "<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' to='%s' version='1.0'>\n",
+			 socket->hostname);
 		send_line(socket, buf);
 		wait_for_text(socket, "<?", 2);
-		send_line(socket, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
+		send_line(socket,
+			  "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
 		wait_for_text(socket, "<proceed", 8);
 	} else if (strcasecmp(socket->app_proto, "ldap") == 0) {
 		if (socket->verbose)
 			log_msg(stdout, "Negotiating LDAP STARTTLS\n");
 #define LDAP_STR "\x30\x1d\x02\x01\x01\x77\x18\x80\x16\x31\x2e\x33\x2e\x36\x2e\x31\x2e\x34\x2e\x31\x2e\x31\x34\x36\x36\x2e\x32\x30\x30\x33\x37"
-		send(socket->fd, LDAP_STR, sizeof(LDAP_STR)-1, 0);
+		send(socket->fd, LDAP_STR, sizeof(LDAP_STR) - 1, 0);
 		wait_for_text(socket, NULL, 0);
-	} else if (strcasecmp(socket->app_proto, "ftp") == 0 || strcasecmp(socket->app_proto, "ftps") == 0) {
+	} else if (strcasecmp(socket->app_proto, "ftp") == 0
+		   || strcasecmp(socket->app_proto, "ftps") == 0) {
 		if (socket->verbose)
 			log_msg(stdout, "Negotiating FTP STARTTLS\n");
 
@@ -297,18 +300,20 @@ socket_starttls(socket_st * socket)
 		wait_for_text(socket, "OK ", 3);
 		send_line(socket, "STARTTLS\r\n");
 		wait_for_text(socket, "OK ", 3);
-	} else if (strcasecmp(socket->app_proto, "postgres") == 0 || strcasecmp(socket->app_proto, "postgresql") == 0) {
+	} else if (strcasecmp(socket->app_proto, "postgres") == 0
+		   || strcasecmp(socket->app_proto, "postgresql") == 0) {
 		if (socket->verbose)
 			log_msg(stdout, "Negotiating PostgreSQL STARTTLS\n");
 
 #define POSTGRES_STR "\x00\x00\x00\x08\x04\xD2\x16\x2F"
-		send(socket->fd, POSTGRES_STR, sizeof(POSTGRES_STR)-1, 0);
+		send(socket->fd, POSTGRES_STR, sizeof(POSTGRES_STR) - 1, 0);
 		wait_for_text(socket, NULL, 0);
 	} else {
 		if (!c_isdigit(socket->app_proto[0])) {
 			static int warned = 0;
 			if (warned == 0) {
-				fprintf(stderr, "unknown protocol '%s'\n", socket->app_proto);
+				fprintf(stderr, "unknown protocol '%s'\n",
+					socket->app_proto);
 				warned = 1;
 			}
 		}
@@ -321,8 +326,7 @@ socket_starttls(socket_st * socket)
 	if (strcasecmp(app_proto, "xmpp") == 0) \
 		app_proto = "xmpp-server"; \
 
-int
-starttls_proto_to_port(const char *app_proto)
+int starttls_proto_to_port(const char *app_proto)
 {
 	struct servent *s;
 
@@ -360,7 +364,8 @@ void socket_bye(socket_st * socket, unsigned polite)
 	if (socket->secure && socket->session) {
 		if (polite) {
 			do
-				ret = gnutls_bye(socket->session, GNUTLS_SHUT_WR);
+				ret =
+				    gnutls_bye(socket->session, GNUTLS_SHUT_WR);
 			while (ret == GNUTLS_E_INTERRUPTED
 			       || ret == GNUTLS_E_AGAIN);
 			if (socket->verbose && ret < 0)
@@ -412,16 +417,15 @@ void canonicalize_host(char *hostname, char *service, unsigned service_size)
 		*p = 0;
 
 		if (service && service_size)
-			snprintf(service, service_size, "%s", p+1);
+			snprintf(service, service_size, "%s", p + 1);
 	} else
 		p = hostname + strlen(hostname);
 
 	if (p > hostname && p[-1] == '.')
-		p[-1] = 0; // remove trailing dot on FQDN
+		p[-1] = 0;	// remove trailing dot on FQDN
 }
 
-static ssize_t
-wrap_pull(gnutls_transport_ptr_t ptr, void *data, size_t len)
+static ssize_t wrap_pull(gnutls_transport_ptr_t ptr, void *data, size_t len)
 {
 	socket_st *hd = ptr;
 	ssize_t r;
@@ -447,18 +451,19 @@ wrap_push(gnutls_transport_ptr_t ptr, const void *data, size_t len)
 
 /* inline is used to avoid a gcc warning if used in mini-eagain */
 inline static int wrap_pull_timeout_func(gnutls_transport_ptr_t ptr,
-					   unsigned int ms)
+					 unsigned int ms)
 {
 	socket_st *hd = ptr;
 
-	return gnutls_system_recv_timeout((gnutls_transport_ptr_t)(long)hd->fd, ms);
+	return gnutls_system_recv_timeout((gnutls_transport_ptr_t) (long)hd->fd,
+					  ms);
 }
 
-
 void
 socket_open2(socket_st * hd, const char *hostname, const char *service,
-	    const char *app_proto, int flags, const char *msg, gnutls_datum_t *rdata, gnutls_datum_t *edata,
-	    FILE *server_trace, FILE *client_trace)
+	     const char *app_proto, int flags, const char *msg,
+	     gnutls_datum_t * rdata, gnutls_datum_t * edata,
+	     FILE * server_trace, FILE * client_trace)
 {
 	struct addrinfo hints, *res, *ptr;
 	int sd, err = 0;
@@ -487,12 +492,13 @@ socket_open2(socket_st * hd, const char *hostname, const char *service,
 
 	ret = gnutls_idna_map(hostname, strlen(hostname), &idna, 0);
 	if (ret < 0) {
-		fprintf(stderr, "Cannot convert %s to IDNA: %s\n", hostname, gnutls_strerror(ret));
+		fprintf(stderr, "Cannot convert %s to IDNA: %s\n", hostname,
+			gnutls_strerror(ret));
 		exit(1);
 	}
 
 	hd->hostname = strdup(hostname);
-	a_hostname = (char*)idna.data;
+	a_hostname = (char *)idna.data;
 
 	if (msg != NULL)
 		log_msg(stdout, "Resolving '%s:%s'...\n", a_hostname, service);
@@ -508,8 +514,7 @@ socket_open2(socket_st * hd, const char *hostname, const char *service,
 
 	sd = -1;
 	for (ptr = res; ptr != NULL; ptr = ptr->ai_next) {
-		sd = socket(ptr->ai_family, ptr->ai_socktype,
-			    ptr->ai_protocol);
+		sd = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol);
 		if (sd == -1)
 			continue;
 
@@ -527,31 +532,34 @@ socket_open2(socket_st * hd, const char *hostname, const char *service,
 #if defined(IP_DONTFRAG)
 			int yes = 1;
 			if (setsockopt(sd, IPPROTO_IP, IP_DONTFRAG,
-				       (const void *) &yes,
-				       sizeof(yes)) < 0)
+				       (const void *)&yes, sizeof(yes)) < 0)
 				perror("setsockopt(IP_DF) failed");
 #elif defined(IP_MTU_DISCOVER)
 			int yes = IP_PMTUDISC_DO;
 			if (setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER,
-				       (const void *) &yes,
-				       sizeof(yes)) < 0)
+				       (const void *)&yes, sizeof(yes)) < 0)
 				perror("setsockopt(IP_DF) failed");
 #endif
 		}
 
 		if (fastopen && ptr->ai_socktype == SOCK_STREAM
-		    && (ptr->ai_family == AF_INET || ptr->ai_family == AF_INET6)) {
-			memcpy(&hd->connect_addr, ptr->ai_addr, ptr->ai_addrlen);
+		    && (ptr->ai_family == AF_INET
+			|| ptr->ai_family == AF_INET6)) {
+			memcpy(&hd->connect_addr, ptr->ai_addr,
+			       ptr->ai_addrlen);
 			hd->connect_addrlen = ptr->ai_addrlen;
 
 			if (msg)
-				log_msg(stdout, "%s '%s:%s' (TFO)...\n", msg, buffer, portname);
+				log_msg(stdout, "%s '%s:%s' (TFO)...\n", msg,
+					buffer, portname);
 
 		} else {
 			if (msg)
-				log_msg(stdout, "%s '%s:%s'...\n", msg, buffer, portname);
+				log_msg(stdout, "%s '%s:%s'...\n", msg, buffer,
+					portname);
 
-			if ((err = connect(sd, ptr->ai_addr, ptr->ai_addrlen)) < 0) {
+			if ((err =
+			     connect(sd, ptr->ai_addr, ptr->ai_addrlen)) < 0) {
 				close(sd);
 				continue;
 			}
@@ -575,40 +583,53 @@ socket_open2(socket_st * hd, const char *hostname, const char *service,
 
 		if (hd->session) {
 			if (hd->edata.data) {
-				ret = gnutls_record_send_early_data(hd->session, hd->edata.data, hd->edata.size);
+				ret =
+				    gnutls_record_send_early_data(hd->session,
+								  hd->
+								  edata.data,
+								  hd->
+								  edata.size);
 				if (ret < 0) {
-					fprintf(stderr, "error sending early data\n");
+					fprintf(stderr,
+						"error sending early data\n");
 					close(sd);
 					exit(1);
 				}
 			}
 			if (hd->rdata.data) {
-				gnutls_session_set_data(hd->session, hd->rdata.data, hd->rdata.size);
+				gnutls_session_set_data(hd->session,
+							hd->rdata.data,
+							hd->rdata.size);
 			}
 
 			if (client_trace || server_trace) {
 				hd->server_trace = server_trace;
 				hd->client_trace = client_trace;
-				gnutls_transport_set_push_function(hd->session, wrap_push);
-				gnutls_transport_set_pull_function(hd->session, wrap_pull);
-				gnutls_transport_set_pull_timeout_function(hd->session, wrap_pull_timeout_func);
+				gnutls_transport_set_push_function(hd->session,
+								   wrap_push);
+				gnutls_transport_set_pull_function(hd->session,
+								   wrap_pull);
+				gnutls_transport_set_pull_timeout_function
+				    (hd->session, wrap_pull_timeout_func);
 				gnutls_transport_set_ptr(hd->session, hd);
 			} else {
 				gnutls_transport_set_int(hd->session, hd->fd);
 			}
 		}
 
-		if (!(flags & SOCKET_FLAG_RAW) && !(flags & SOCKET_FLAG_SKIP_INIT)) {
+		if (!(flags & SOCKET_FLAG_RAW)
+		    && !(flags & SOCKET_FLAG_SKIP_INIT)) {
 			err = do_handshake(hd);
-			if (err == GNUTLS_E_PUSH_ERROR) { /* failed connecting */
+			if (err == GNUTLS_E_PUSH_ERROR) {	/* failed connecting */
 				gnutls_deinit(hd->session);
 				hd->session = NULL;
 				close(sd);
 				continue;
-			}
-			else if (err < 0) {
+			} else if (err < 0) {
 				if (!(flags & SOCKET_FLAG_DONT_PRINT_ERRORS))
-					fprintf(stderr, "*** handshake has failed: %s\n", gnutls_strerror(err));
+					fprintf(stderr,
+						"*** handshake has failed: %s\n",
+						gnutls_strerror(err));
 				close(sd);
 				exit(1);
 			}
@@ -620,7 +641,7 @@ socket_open2(socket_st * hd, const char *hostname, const char *service,
 	if (err != 0) {
 		int e = errno;
 		fprintf(stderr, "Could not connect to %s:%s: %s\n",
-				buffer, portname, strerror(e));
+			buffer, portname, strerror(e));
 		exit(1);
 	}
 
@@ -667,7 +688,8 @@ const char *port_to_service(const char *sport, const char *proto)
 	sr = getservbyport(port, proto);
 	if (sr == NULL) {
 		fprintf(stderr,
-			"Warning: getservbyport(%s) failed. Using port number as service.\n", sport);
+			"Warning: getservbyport(%s) failed. Using port number as service.\n",
+			sport);
 		return sport;
 	}
 
@@ -685,7 +707,9 @@ int service_to_port(const char *service, const char *proto)
 
 	sr = getservbyname(service, proto);
 	if (sr == NULL) {
-		fprintf(stderr, "Warning: getservbyname() failed for '%s/%s'.\n", service, proto);
+		fprintf(stderr,
+			"Warning: getservbyname() failed for '%s/%s'.\n",
+			service, proto);
 		exit(1);
 	}
 
diff --git a/src/socket.h b/src/socket.h
index b70e188f73..89edf66e89 100644
--- a/src/socket.h
+++ b/src/socket.h
@@ -1,17 +1,16 @@
 #ifndef GNUTLS_SRC_SOCKET_H
-#define GNUTLS_SRC_SOCKET_H
+# define GNUTLS_SRC_SOCKET_H
 
-#include <gnutls/gnutls.h>
-#include <gnutls/socket.h>
-
-#define SOCKET_FLAG_UDP 1
-#define SOCKET_FLAG_FASTOPEN (1<<1)
-#define SOCKET_FLAG_STARTTLS (1<<2)
-#define SOCKET_FLAG_RAW (1<<3) /* unencrypted */
-#define SOCKET_FLAG_VERBOSE (1<<4)
-#define SOCKET_FLAG_SKIP_INIT (1<<5)
-#define SOCKET_FLAG_DONT_PRINT_ERRORS (1<<6)
+# include <gnutls/gnutls.h>
+# include <gnutls/socket.h>
 
+# define SOCKET_FLAG_UDP 1
+# define SOCKET_FLAG_FASTOPEN (1<<1)
+# define SOCKET_FLAG_STARTTLS (1<<2)
+# define SOCKET_FLAG_RAW (1<<3)	/* unencrypted */
+# define SOCKET_FLAG_VERBOSE (1<<4)
+# define SOCKET_FLAG_SKIP_INIT (1<<5)
+# define SOCKET_FLAG_DONT_PRINT_ERRORS (1<<6)
 
 typedef struct {
 	int fd;
@@ -42,23 +41,23 @@ typedef struct {
 extern gnutls_session_t init_tls_session(const char *host);
 int do_handshake(socket_st * socket);
 
-ssize_t socket_recv(const socket_st * socket, void *buffer,
-		    int buffer_size);
+ssize_t socket_recv(const socket_st * socket, void *buffer, int buffer_size);
 ssize_t socket_recv_timeout(const socket_st * socket, void *buffer,
-		    int buffer_size, unsigned ms);
+			    int buffer_size, unsigned ms);
 ssize_t socket_send(const socket_st * socket, const void *buffer,
 		    int buffer_size);
 ssize_t socket_send_range(const socket_st * socket, const void *buffer,
 			  int buffer_size, gnutls_range_st * range);
 void
 socket_open2(socket_st * hd, const char *hostname, const char *service,
-	    const char *app_proto, int flags, const char *msg, gnutls_datum_t *rdata, gnutls_datum_t *edata,
-	    FILE *server_trace, FILE *client_trace);
+	     const char *app_proto, int flags, const char *msg,
+	     gnutls_datum_t * rdata, gnutls_datum_t * edata,
+	     FILE * server_trace, FILE * client_trace);
 
-#define socket_open(hd, host, service, app_proto, flags, msg, rdata) \
+# define socket_open(hd, host, service, app_proto, flags, msg, rdata) \
 	socket_open2(hd, host, service, app_proto, flags, msg, rdata, NULL, NULL, NULL)
 
-#define socket_open3(hd, host, service, app_proto, flags, msg, rdata, edata)	\
+# define socket_open3(hd, host, service, app_proto, flags, msg, rdata, edata)	\
 	socket_open2(hd, host, service, app_proto, flags, msg, rdata, edata, NULL, NULL)
 
 void socket_bye(socket_st * socket, unsigned polite);
@@ -70,6 +69,6 @@ const char *starttls_proto_to_service(const char *app_proto);
 
 void canonicalize_host(char *hostname, char *service, unsigned service_size);
 
-#define CONNECT_MSG "Connecting to"
+# define CONNECT_MSG "Connecting to"
 
-#endif /* GNUTLS_SRC_SOCKET_H */
+#endif				/* GNUTLS_SRC_SOCKET_H */
diff --git a/src/srptool.c b/src/srptool.c
index a050de09db..5688929ff2 100644
--- a/src/srptool.c
+++ b/src/srptool.c
@@ -30,10 +30,10 @@
 #include <sys/stat.h>
 
 #ifndef _WIN32
-#include <pwd.h>
-#include <unistd.h>
+# include <pwd.h>
+# include <unistd.h>
 #else
-#include <windows.h>
+# include <windows.h>
 #endif
 
 /* Gnulib portability files. */
@@ -48,8 +48,7 @@
 
 int crypt_int(const char *username, const char *passwd, int salt,
 	      const char *tpasswd_conf, const char *tpasswd, int uindex);
-static int read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n,
-			    char *str);
+static int read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n, char *str);
 static int _verify_passwd_int(const char *username, const char *passwd,
 			      char *verifier, const char *salt,
 			      const gnutls_datum_t * g,
@@ -175,7 +174,7 @@ _verify_passwd_int(const char *username, const char *passwd,
 		*pos = 0;
 
 	/* convert salt to binary. */
-	tmp.data = (void *) _salt;
+	tmp.data = (void *)_salt;
 	tmp.size = strlen(_salt);
 
 	if (gnutls_srp_base64_decode_alloc(&tmp, &raw_salt) < 0) {
@@ -295,8 +294,7 @@ verify_passwd(const char *conffile, const char *tpasswd,
 
 	iindex = find_strchr(username, tpasswd);
 	if (iindex == -1) {
-		fprintf(stderr, "Cannot find '%s' in %s\n", username,
-			tpasswd);
+		fprintf(stderr, "Cannot find '%s' in %s\n", username, tpasswd);
 		return -1;
 	}
 
@@ -412,12 +410,12 @@ int main(int argc, char **argv)
 	if (HAVE_OPT(PASSWD))
 		fpasswd = OPT_ARG(PASSWD);
 	else
-		fpasswd = (char *) KPASSWD;
+		fpasswd = (char *)KPASSWD;
 
 	if (HAVE_OPT(PASSWD_CONF))
 		fpasswd_conf = OPT_ARG(PASSWD_CONF);
 	else
-		fpasswd_conf = (char *) KPASSWD_CONF;
+		fpasswd_conf = (char *)KPASSWD_CONF;
 
 	if (HAVE_OPT(USERNAME))
 		username = OPT_ARG(USERNAME);
@@ -445,13 +443,11 @@ int main(int argc, char **argv)
 		return -1;
 	}
 
-/* not ready yet */
+	/* not ready yet */
 	if (HAVE_OPT(VERIFY)) {
-		return verify_passwd(fpasswd_conf, fpasswd,
-				     username, passwd);
+		return verify_passwd(fpasswd_conf, fpasswd, username, passwd);
 	}
 
-
 	return crypt_int(username, passwd, salt_size,
 			 fpasswd_conf, fpasswd, OPT_VALUE_INDEX);
 
@@ -466,7 +462,7 @@ static char *_srp_crypt(const char *username, const char *passwd,
 	gnutls_datum_t dat_salt, txt_salt;
 	gnutls_datum_t verifier, txt_verifier;
 
-	if ((unsigned) salt_size > sizeof(salt))
+	if ((unsigned)salt_size > sizeof(salt))
 		return NULL;
 
 	/* generate the salt
@@ -507,7 +503,6 @@ static char *_srp_crypt(const char *username, const char *passwd,
 
 }
 
-
 int
 crypt_int(const char *username, const char *passwd, int salt_size,
 	  const char *tpasswd_conf, const char *tpasswd, int uindex)
@@ -539,8 +534,7 @@ crypt_int(const char *username, const char *passwd, int salt_size,
 	line[sizeof(line) - 1] = 0;
 
 	if ((iindex = read_conf_values(&g, &n, line)) < 0) {
-		fprintf(stderr, "Cannot parse conf file '%s'\n",
-			tpasswd_conf);
+		fprintf(stderr, "Cannot parse conf file '%s'\n", tpasswd_conf);
 		return -1;
 	}
 
@@ -555,8 +549,7 @@ crypt_int(const char *username, const char *passwd, int salt_size,
 		int put;
 
 		if (strlen(tpasswd) + 5 > sizeof(tmpname)) {
-			fprintf(stderr, "file '%s' is tooooo long\n",
-				tpasswd);
+			fprintf(stderr, "file '%s' is tooooo long\n", tpasswd);
 			return -1;
 		}
 
@@ -583,8 +576,7 @@ crypt_int(const char *username, const char *passwd, int salt_size,
 
 		fp2 = fopen(tmpname, "r");
 		if (fp2 == NULL) {
-			fprintf(stderr, "Cannot open '%s' for read\n",
-				tmpname);
+			fprintf(stderr, "Cannot open '%s' for read\n", tmpname);
 			(void)remove(tmpname);
 			fclose(fp);
 			return -1;
@@ -602,10 +594,9 @@ crypt_int(const char *username, const char *passwd, int salt_size,
 
 			if (strncmp(p, username,
 				    MAX(strlen(username),
-					(unsigned int) (pp - p))) == 0) {
+					(unsigned int)(pp - p))) == 0) {
 				put = 1;
-				fprintf(fp, "%s:%s:%u\n", username, cr,
-					iindex);
+				fprintf(fp, "%s:%s:%u\n", username, cr, iindex);
 			} else {
 				fputs(line, fp);
 			}
@@ -623,17 +614,13 @@ crypt_int(const char *username, const char *passwd, int salt_size,
 
 	}
 
-
 	return 0;
 }
 
-
-
 /* this function parses tpasswd.conf file. Format is:
  * int(index):base64(n):base64(g)
  */
-static int
-read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n, char *str)
+static int read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n, char *str)
 {
 	char *p;
 	int len;
@@ -655,7 +642,7 @@ read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n, char *str)
 	if (p[len - 1] == '\n')
 		len--;
 
-	dat.data = (void *) p;
+	dat.data = (void *)p;
 	dat.size = len;
 	ret = gnutls_srp_base64_decode_alloc(&dat, g);
 
@@ -673,7 +660,7 @@ read_conf_values(gnutls_datum_t * g, gnutls_datum_t * n, char *str)
 	*p = '\0';
 	p++;
 
-	dat.data = (void *) p;
+	dat.data = (void *)p;
 	dat.size = strlen(p);
 
 	ret = gnutls_srp_base64_decode_alloc(&dat, n);
diff --git a/src/systemkey.c b/src/systemkey.c
index 11fe3cd8f4..8489879a22 100644
--- a/src/systemkey.c
+++ b/src/systemkey.c
@@ -72,7 +72,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "|<%d>| %s", level, str);
 }
 
-
 int main(int argc, char **argv)
 {
 	cmd_parser(argc, argv);
@@ -91,7 +90,7 @@ static void cmd_parser(int argc, char **argv)
 
 	if (HAVE_OPT(DEBUG)) {
 		gnutls_global_set_log_level(OPT_VALUE_DEBUG);
-		printf("Setting log level to %d\n", (int) OPT_VALUE_DEBUG);
+		printf("Setting log level to %d\n", (int)OPT_VALUE_DEBUG);
 	}
 
 	if (HAVE_OPT(OUTDER)) {
@@ -124,6 +123,7 @@ static void cmd_parser(int argc, char **argv)
 
 	gnutls_global_deinit();
 }
+
 static void systemkey_delete(const char *url, FILE * out)
 {
 	int ret;
@@ -145,15 +145,20 @@ static void systemkey_list(FILE * out)
 	char *cert_url, *key_url, *label;
 
 	do {
-		ret = gnutls_system_key_iter_get_info(&iter, GNUTLS_CRT_X509, &cert_url, &key_url, &label, NULL, 0);
+		ret =
+		    gnutls_system_key_iter_get_info(&iter, GNUTLS_CRT_X509,
+						    &cert_url, &key_url, &label,
+						    NULL, 0);
 		if (ret >= 0) {
-			fprintf(out, "Label:\t%s\nCert:\t%s\nKey:\t%s\n\n", label, cert_url, key_url);
+			fprintf(out, "Label:\t%s\nCert:\t%s\nKey:\t%s\n\n",
+				label, cert_url, key_url);
 		}
-	} while(ret >= 0);
+	} while (ret >= 0);
 
 	if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
 		if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE) {
-			fprintf(stderr, "Native key store is not supported, or not present on this system\n");
+			fprintf(stderr,
+				"Native key store is not supported, or not present on this system\n");
 		} else {
 			fprintf(stderr, "Error: %s\n", gnutls_strerror(ret));
 		}
diff --git a/src/tests.c b/src/tests.c
index 8526b69437..4275016186 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -23,10 +23,10 @@
 #include <gnutls/x509.h>
 
 #ifndef _WIN32
-#include <unistd.h>
-#include <signal.h>
+# include <unistd.h>
+# include <signal.h>
 #else
-#include <errno.h>
+# include <errno.h>
 #endif
 
 #include <stdio.h>
@@ -40,9 +40,8 @@ void _gnutls_record_set_default_version(gnutls_session_t session,
 					unsigned char minor);
 
 void _gnutls_hello_set_default_version(gnutls_session_t session,
-					unsigned char major,
-					unsigned char minor);
-
+				       unsigned char major,
+				       unsigned char minor);
 
 extern gnutls_srp_client_credentials_t srp_cred;
 extern gnutls_anon_client_credentials_t anon_cred;
@@ -108,22 +107,20 @@ static int test_do_handshake(gnutls_session_t session)
 	return TEST_SUCCEED;
 }
 
-char protocol_str[] =
-    "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
-char protocol_all_str[] =
-    "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
+char protocol_str[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
+char protocol_all_str[] = "+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0";
 char prio_str[768] = "";
 
 #ifdef ENABLE_GOST
-#define GOST_CIPHERS ":+GOST28147-TC26Z-CNT"
-#define GOST_MACS ":+GOST28147-TC26Z-IMIT"
-#define GOST_KX ":+VKO-GOST-12"
-#define GOST_REST ":+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:+GROUP-GOST-ALL"
+# define GOST_CIPHERS ":+GOST28147-TC26Z-CNT"
+# define GOST_MACS ":+GOST28147-TC26Z-IMIT"
+# define GOST_KX ":+VKO-GOST-12"
+# define GOST_REST ":+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:+GROUP-GOST-ALL"
 #else
-#define GOST_CIPHERS
-#define GOST_MACS
-#define GOST_KX
-#define GOST_REST
+# define GOST_CIPHERS
+# define GOST_MACS
+# define GOST_KX
+# define GOST_REST
 #endif
 
 #define ALL_CIPHERS "+CIPHER-ALL:+ARCFOUR-128:+3DES-CBC" GOST_CIPHERS
@@ -145,7 +142,8 @@ char rest[384] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL" GOST_REST;
 	}
 
 static inline int
-__gnutls_priority_set_direct(gnutls_session_t session, const char *str, int line)
+__gnutls_priority_set_direct(gnutls_session_t session, const char *str,
+			     int line)
 {
 	const char *err;
 	int ret = gnutls_priority_set_direct(session, str, &err);
@@ -156,8 +154,7 @@ __gnutls_priority_set_direct(gnutls_session_t session, const char *str, int line
 			return TEST_IGNORE;
 
 		fprintf(stderr, "Error at %d with string %s\n", line, str);
-		fprintf(stderr, "Error at %s: %s\n", err,
-			gnutls_strerror(ret));
+		fprintf(stderr, "Error at %s: %s\n", err, gnutls_strerror(ret));
 		exit(1);
 	}
 
@@ -192,8 +189,9 @@ test_code_t test_server(gnutls_session_t session)
 	ext_text = "unknown";
 	p = strstr(buf, "Server:");
 	if (p != NULL) {
-		p+=7;
-		if (*p == ' ') p++;
+		p += 7;
+		if (*p == ' ')
+			p++;
 		ext_text = p;
 		while (*p != 0 && *p != '\r' && *p != '\n') {
 			p++;
@@ -244,7 +242,8 @@ test_code_t test_rfc7919(gnutls_session_t session)
 
 	ret = test_do_handshake(session);
 
-	if (ret != TEST_FAILED && (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_RFC7919))
+	if (ret != TEST_FAILED
+	    && (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_RFC7919))
 		return TEST_SUCCEED;
 	else
 		return TEST_FAILED;
@@ -285,8 +284,7 @@ test_code_t test_vko_gost_12(gnutls_session_t session)
 
 	sprintf(prio_str, INIT_STR
 		ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
-		":+VKO-GOST-12:%s", protocol_all_str,
-		rest);
+		":+VKO-GOST-12:%s", protocol_all_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -309,8 +307,7 @@ test_code_t test_rsa(gnutls_session_t session)
 
 	sprintf(prio_str, INIT_STR
 		ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
-		":+RSA:%s", protocol_all_str,
-		rest);
+		":+RSA:%s", protocol_all_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -324,7 +321,8 @@ test_code_t test_rsa(gnutls_session_t session)
 }
 
 static
-test_code_t test_ecdhe_curve(gnutls_session_t session, const char *curve, unsigned id)
+test_code_t test_ecdhe_curve(gnutls_session_t session, const char *curve,
+			     unsigned id)
 {
 	int ret;
 
@@ -335,7 +333,8 @@ test_code_t test_ecdhe_curve(gnutls_session_t session, const char *curve, unsign
 	 * because list of curves may be also used by the server to select a cert. */
 	sprintf(prio_str, INIT_STR
 		ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
-		":+ECDHE-RSA:+ECDHE-ECDSA:%s:%s", protocol_all_str, curve, rest);
+		":+ECDHE-RSA:+ECDHE-ECDSA:%s:%s", protocol_all_str, curve,
+		rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -353,22 +352,26 @@ test_code_t test_ecdhe_curve(gnutls_session_t session, const char *curve, unsign
 
 test_code_t test_ecdhe_secp256r1(gnutls_session_t session)
 {
-	return test_ecdhe_curve(session, "+CURVE-SECP256R1", GNUTLS_ECC_CURVE_SECP256R1);
+	return test_ecdhe_curve(session, "+CURVE-SECP256R1",
+				GNUTLS_ECC_CURVE_SECP256R1);
 }
 
 test_code_t test_ecdhe_secp384r1(gnutls_session_t session)
 {
-	return test_ecdhe_curve(session, "+CURVE-SECP384R1", GNUTLS_ECC_CURVE_SECP384R1);
+	return test_ecdhe_curve(session, "+CURVE-SECP384R1",
+				GNUTLS_ECC_CURVE_SECP384R1);
 }
 
 test_code_t test_ecdhe_secp521r1(gnutls_session_t session)
 {
-	return test_ecdhe_curve(session, "+CURVE-SECP521R1", GNUTLS_ECC_CURVE_SECP521R1);
+	return test_ecdhe_curve(session, "+CURVE-SECP521R1",
+				GNUTLS_ECC_CURVE_SECP521R1);
 }
 
 test_code_t test_ecdhe_x25519(gnutls_session_t session)
 {
-	return test_ecdhe_curve(session, "+CURVE-X25519", GNUTLS_ECC_CURVE_X25519);
+	return test_ecdhe_curve(session, "+CURVE-X25519",
+				GNUTLS_ECC_CURVE_X25519);
 }
 
 test_code_t test_rfc7507(gnutls_session_t session)
@@ -389,7 +392,7 @@ test_code_t test_rfc7507(gnutls_session_t session)
 
 	sprintf(prio_str, INIT_STR
 		ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
-		":"ALL_KX":%s", pstr, rest);
+		":" ALL_KX ":%s", pstr, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -404,7 +407,6 @@ test_code_t test_rfc7507(gnutls_session_t session)
 	return TEST_FAILED;
 }
 
-
 test_code_t test_safe_renegotiation(gnutls_session_t session)
 {
 	int ret;
@@ -435,7 +437,7 @@ test_code_t test_ocsp_status(gnutls_session_t session)
 
 	sprintf(prio_str, INIT_STR
 		ALL_CIPHERS ":" ALL_COMP ":%s:" ALL_MACS
-		":" ALL_KX":%s", protocol_str, rest);
+		":" ALL_KX ":%s", protocol_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_ocsp_status_request_enable_client(session, NULL, 0, NULL);
@@ -451,7 +453,6 @@ test_code_t test_ocsp_status(gnutls_session_t session)
 	if (ret == 0)
 		return TEST_SUCCEED;
 
-
 	return TEST_FAILED;
 }
 
@@ -578,14 +579,15 @@ test_code_t test_dhe_group(gnutls_session_t session)
 		if (pubkey2.data && pubkey2.size == pubkey.size &&
 		    memcmp(pubkey.data, pubkey2.data, pubkey.size) == 0) {
 			fprintf
-			    (fp, " (public key seems to be static among sessions)\n");
+			    (fp,
+			     " (public key seems to be static among sessions)\n");
 		}
 
 		{
 			/* save the PKCS #3 params */
 			gnutls_dh_params_t dhp;
 			gnutls_datum_t p3;
-			
+
 			ret2 = gnutls_dh_params_init(&dhp);
 			if (ret2 < 0) {
 				fclose(fp);
@@ -599,7 +601,10 @@ test_code_t test_dhe_group(gnutls_session_t session)
 				return TEST_FAILED;
 			}
 
-			ret2 = gnutls_dh_params_export2_pkcs3(dhp, GNUTLS_X509_FMT_PEM, &p3);
+			ret2 =
+			    gnutls_dh_params_export2_pkcs3(dhp,
+							   GNUTLS_X509_FMT_PEM,
+							   &p3);
 			if (ret2 < 0) {
 				gnutls_dh_params_deinit(dhp);
 				fclose(fp);
@@ -708,13 +713,13 @@ test_code_t test_bye(gnutls_session_t session)
 		return TEST_FAILED;
 
 #ifndef _WIN32
-	(void) sigaction (SIGALRM, NULL, &sa);
+	(void)sigaction(SIGALRM, NULL, &sa);
 	sa.sa_flags &= ~SA_RESTART;
 	sigaction(SIGALRM, &sa, &old_sa);
 	alarm(secs);
 #else
-	setsockopt((int) gnutls_transport_get_ptr(session), SOL_SOCKET,
-		   SO_RCVTIMEO, (char *) &secs, sizeof(int));
+	setsockopt((int)gnutls_transport_get_ptr(session), SOL_SOCKET,
+		   SO_RCVTIMEO, (char *)&secs, sizeof(int));
 #endif
 
 	do {
@@ -738,8 +743,6 @@ test_code_t test_bye(gnutls_session_t session)
 	return TEST_FAILED;
 }
 
-
-
 test_code_t test_aes(gnutls_session_t session)
 {
 	int ret;
@@ -761,8 +764,7 @@ test_code_t test_aes_gcm(gnutls_session_t session)
 
 	sprintf(prio_str, INIT_STR
 		"+AES-128-GCM:+AES-256-GCM:" ALL_COMP
-		":%s:" ALL_MACS ":" ALL_KX ":%s",
-		protocol_all_str, rest);
+		":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_all_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -777,8 +779,7 @@ test_code_t test_aes_ccm(gnutls_session_t session)
 
 	sprintf(prio_str, INIT_STR
 		"+AES-128-CCM:+AES-256-CCM:" ALL_COMP
-		":%s:" ALL_MACS ":" ALL_KX ":%s",
-		protocol_all_str, rest);
+		":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_all_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -793,8 +794,7 @@ test_code_t test_aes_ccm_8(gnutls_session_t session)
 
 	sprintf(prio_str, INIT_STR
 		"+AES-128-CCM-8:+AES-256-CCM-8:" ALL_COMP
-		":%s:" ALL_MACS ":" ALL_KX ":%s",
-		protocol_all_str, rest);
+		":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_all_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -815,7 +815,6 @@ test_code_t test_camellia_cbc(gnutls_session_t session)
 		":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
-
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
 
 	ret = test_do_handshake(session);
@@ -846,8 +845,7 @@ test_code_t test_unknown_ciphersuites(gnutls_session_t session)
 
 	sprintf(prio_str,
 		INIT_STR ALL_CIPHERS ":" ALL_COMP
-		":%s:" ALL_MACS ":" ALL_KX ":%s",
-		protocol_str, rest);
+		":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -865,8 +863,7 @@ test_code_t test_md5(gnutls_session_t session)
 
 	sprintf(prio_str,
 		INIT_STR ALL_CIPHERS ":" ALL_COMP
-		":%s:+MD5:" ALL_KX ":%s", protocol_str,
-		rest);
+		":%s:+MD5:" ALL_KX ":%s", protocol_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -880,9 +877,8 @@ test_code_t test_sha(gnutls_session_t session)
 	int ret;
 
 	sprintf(prio_str,
-		INIT_STR  ALL_CIPHERS ":" ALL_COMP
-		":%s:+SHA1:" ALL_KX ":%s", protocol_str,
-		rest);
+		INIT_STR ALL_CIPHERS ":" ALL_COMP
+		":%s:+SHA1:" ALL_KX ":%s", protocol_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
 
@@ -896,8 +892,7 @@ test_code_t test_sha256(gnutls_session_t session)
 
 	sprintf(prio_str,
 		INIT_STR ALL_CIPHERS ":" ALL_COMP
-		":%s:+SHA256:" ALL_KX ":%s",
-		protocol_all_str, rest);
+		":%s:+SHA256:" ALL_KX ":%s", protocol_all_str, rest);
 	_gnutls_priority_set_direct(session, prio_str);
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
 
@@ -998,7 +993,8 @@ test_code_t test_tls1(gnutls_session_t session)
 
 	sprintf(prio_str,
 		INIT_STR ALL_CIPHERS ":" ALL_COMP
-		":+VERS-TLS1.0:%%SSL3_RECORD_VERSION:" ALL_MACS ":" ALL_KX ":%s", rest);
+		":+VERS-TLS1.0:%%SSL3_RECORD_VERSION:" ALL_MACS ":" ALL_KX
+		":%s", rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -1020,7 +1016,8 @@ test_code_t test_tls1_nossl3(gnutls_session_t session)
 
 	sprintf(prio_str,
 		INIT_STR ALL_CIPHERS ":" ALL_COMP
-		":+VERS-TLS1.0:%%LATEST_RECORD_VERSION:" ALL_MACS ":" ALL_KX ":%s", rest);
+		":+VERS-TLS1.0:%%LATEST_RECORD_VERSION:" ALL_MACS ":" ALL_KX
+		":%s", rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -1041,7 +1038,8 @@ test_code_t test_record_padding(gnutls_session_t session)
 
 	sprintf(prio_str,
 		INIT_STR BLOCK_CIPHERS ":" ALL_COMP
-		":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:-VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%s", rest);
+		":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:-VERS-SSL3.0:" ALL_MACS
+		":" ALL_KX ":%s", rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -1051,7 +1049,8 @@ test_code_t test_record_padding(gnutls_session_t session)
 	} else {
 		sprintf(prio_str,
 			INIT_STR BLOCK_CIPHERS ":" ALL_COMP
-			":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:-VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%%COMPAT:%s", rest);
+			":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:-VERS-SSL3.0:"
+			ALL_MACS ":" ALL_KX ":%%COMPAT:%s", rest);
 		_gnutls_priority_set_direct(session, prio_str);
 
 		gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -1060,7 +1059,7 @@ test_code_t test_record_padding(gnutls_session_t session)
 			tls1_ok = 1;
 			strcat(rest, ":%COMPAT");
 		} else
-			ret = TEST_IGNORE2; /* neither succeeded */
+			ret = TEST_IGNORE2;	/* neither succeeded */
 	}
 
 	return ret;
@@ -1089,7 +1088,8 @@ test_code_t test_no_extensions(gnutls_session_t session)
 	} else {
 		sprintf(prio_str,
 			INIT_STR BLOCK_CIPHERS ":" ALL_COMP
-			":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:-VERS-SSL3.0:" ALL_MACS ":" ALL_KX ":%%NO_EXTENSIONS:%s", rest);
+			":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:-VERS-SSL3.0:"
+			ALL_MACS ":" ALL_KX ":%%NO_EXTENSIONS:%s", rest);
 		_gnutls_priority_set_direct(session, prio_str);
 
 		gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -1098,7 +1098,7 @@ test_code_t test_no_extensions(gnutls_session_t session)
 			tls_ext_ok = 0;
 			strcat(rest, ":%NO_EXTENSIONS");
 		} else
-			ret = TEST_IGNORE2; /* neither succeeded */
+			ret = TEST_IGNORE2;	/* neither succeeded */
 	}
 
 	return ret;
@@ -1205,8 +1205,8 @@ test_code_t test_tls1_6_fallback(gnutls_session_t session)
 	 * message we do not properly set in this test */
 	sprintf(prio_str,
 		INIT_STR ALL_CIPHERS ":" ALL_COMP
-		":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":"
-		ALL_KX ":-RSA:%s", rest);
+		":+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS
+		":" ALL_KX ":-RSA:%s", rest);
 	_gnutls_priority_set_direct(session, prio_str);
 
 	gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
@@ -1216,7 +1216,8 @@ test_code_t test_tls1_6_fallback(gnutls_session_t session)
 	if (ret != TEST_SUCCEED)
 		return TEST_FAILED;
 
-	ext_text = gnutls_protocol_get_name(gnutls_protocol_get_version(session));
+	ext_text =
+	    gnutls_protocol_get_name(gnutls_protocol_get_version(session));
 	return TEST_SUCCEED;
 }
 
@@ -1264,7 +1265,8 @@ test_code_t test_tls_disable1(gnutls_session_t session)
 	ret = test_do_handshake(session);
 	if (ret == TEST_FAILED) {
 		/* disable TLS 1.1 */
-		snprintf(protocol_str, sizeof(protocol_str), "+VERS-TLS1.0:+VERS-SSL3.0");
+		snprintf(protocol_str, sizeof(protocol_str),
+			 "+VERS-TLS1.0:+VERS-SSL3.0");
 	}
 	return ret;
 }
@@ -1286,12 +1288,12 @@ test_code_t test_tls_disable2(gnutls_session_t session)
 	ret = test_do_handshake(session);
 	if (ret == TEST_FAILED) {
 		/* disable TLS 1.2 */
-		snprintf(protocol_str, sizeof(protocol_str), "+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0");
+		snprintf(protocol_str, sizeof(protocol_str),
+			 "+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0");
 	}
 	return ret;
 }
 
-
 test_code_t test_rsa_pms(gnutls_session_t session)
 {
 	int ret;
@@ -1356,7 +1358,8 @@ test_code_t test_heartbeat_extension(gnutls_session_t session)
 	gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND);
 	test_do_handshake(session);
 
-	switch (gnutls_heartbeat_allowed(session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND)) {
+	switch (gnutls_heartbeat_allowed
+		(session, GNUTLS_HB_LOCAL_ALLOWED_TO_SEND)) {
 	case 0:
 		return TEST_FAILED;
 	default:
@@ -1403,8 +1406,7 @@ test_code_t test_version_rollback(gnutls_session_t session)
 	if (ret != TEST_SUCCEED)
 		return ret;
 
-	if (tls1_ok != 0
-	    && gnutls_protocol_get_version(session) == GNUTLS_SSL3)
+	if (tls1_ok != 0 && gnutls_protocol_get_version(session) == GNUTLS_SSL3)
 		return TEST_FAILED;
 
 	return TEST_SUCCEED;
@@ -1590,16 +1592,18 @@ test_code_t test_chain_order(gnutls_session_t session)
 	p = 0;
 	p_size = 0;
 	pos = NULL;
-	for (i=0;i<cert_list_size;i++) {
+	for (i = 0; i < cert_list_size; i++) {
 		char *new_p;
 		t.data = NULL;
-		ret = gnutls_pem_base64_encode_alloc("CERTIFICATE", &cert_list[i], &t);
+		ret =
+		    gnutls_pem_base64_encode_alloc("CERTIFICATE", &cert_list[i],
+						   &t);
 		if (ret < 0) {
 			free(p);
 			return TEST_FAILED;
 		}
 
-		new_p = realloc(p, p_size+t.size+1);
+		new_p = realloc(p, p_size + t.size + 1);
 		if (!new_p) {
 			free(p);
 			return TEST_FAILED;
@@ -1618,15 +1622,18 @@ test_code_t test_chain_order(gnutls_session_t session)
 	}
 
 	t.size = p_size;
-	t.data = (void*)p;
+	t.data = (void *)p;
 
 	p_size = 0;
-	ret = gnutls_x509_crt_list_import2(&certs, &p_size, &t, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED);
+	ret =
+	    gnutls_x509_crt_list_import2(&certs, &p_size, &t,
+					 GNUTLS_X509_FMT_PEM,
+					 GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED);
 	if (ret < 0) {
 		return TEST_FAILED;
 	}
 
-	for (i=0;i<p_size;i++) {
+	for (i = 0; i < p_size; i++) {
 		gnutls_x509_crt_deinit(certs[i]);
 	}
 	gnutls_free(certs);
@@ -1662,7 +1669,8 @@ cert_callback(gnutls_session_t session,
 		fprintf(fp, "- Server's trusted authorities:\n");
 	else
 		fprintf
-		    (fp, "- Server did not send us any trusted authorities names.\n");
+		    (fp,
+		     "- Server did not send us any trusted authorities names.\n");
 
 	/* print the names (if any) */
 	for (i = 0; i < nreqs; i++) {
@@ -1711,8 +1719,7 @@ test_code_t test_server_cas(gnutls_session_t session)
 	return TEST_SUCCEED;
 }
 
-static test_code_t
-test_do_handshake_and_send_record(gnutls_session_t session)
+static test_code_t test_do_handshake_and_send_record(gnutls_session_t session)
 {
 	int ret;
 	/* This will be padded to 512 bytes. */
diff --git a/src/tests.h b/src/tests.h
index d9721a70e2..f5fd646311 100644
--- a/src/tests.h
+++ b/src/tests.h
@@ -19,10 +19,10 @@
  */
 
 #ifndef GNUTLS_SRC_TESTS_H
-#define GNUTLS_SRC_TESTS_H
+# define GNUTLS_SRC_TESTS_H
 
 typedef enum {
-	TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE/*keep socket*/, TEST_IGNORE2/*destroy socket*/
+	TEST_SUCCEED, TEST_FAILED, TEST_UNSURE, TEST_IGNORE /*keep socket */ , TEST_IGNORE2	/*destroy socket */
 } test_code_t;
 
 test_code_t test_chain_order(gnutls_session_t session);
@@ -89,10 +89,10 @@ test_code_t test_aes_ccm(gnutls_session_t session);
 test_code_t test_aes_ccm_8(gnutls_session_t session);
 test_code_t test_sha256(gnutls_session_t session);
 
-#ifdef ENABLE_GOST
+# ifdef ENABLE_GOST
 test_code_t test_vko_gost_12(gnutls_session_t session);
 test_code_t test_gost_cnt(gnutls_session_t session);
 test_code_t test_gost_imit(gnutls_session_t session);
-#endif
+# endif
 
-#endif /* GNUTLS_SRC_TESTS_H */
+#endif				/* GNUTLS_SRC_TESTS_H */
diff --git a/src/tpmtool.c b/src/tpmtool.c
index 1b230c2ffa..33c2e0cf1f 100644
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -82,7 +82,6 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "|<%d>| %s", level, str);
 }
 
-
 int main(int argc, char **argv)
 {
 	cmd_parser(argc, argv);
@@ -163,11 +162,11 @@ static void cmd_parser(int argc, char **argv)
 	if (HAVE_OPT(BITS))
 		bits = OPT_VALUE_BITS;
 
-
 	if (HAVE_OPT(GENERATE_RSA)) {
 		key_type = GNUTLS_PK_RSA;
 		bits = get_bits(key_type, bits, sec_param, 0);
-		tpm_generate(outfile, key_type, bits, genflags, HAVE_OPT(SRK_WELL_KNOWN));
+		tpm_generate(outfile, key_type, bits, genflags,
+			     HAVE_OPT(SRK_WELL_KNOWN));
 	} else if (HAVE_OPT(PUBKEY)) {
 		tpm_pubkey(OPT_ARG(PUBKEY), outfile, HAVE_OPT(SRK_WELL_KNOWN));
 	} else if (HAVE_OPT(DELETE)) {
@@ -187,19 +186,18 @@ static void cmd_parser(int argc, char **argv)
 
 #define TEST_DATA "Test data to sign"
 
-static void
-tpm_test_sign(const char *url, FILE * out)
+static void tpm_test_sign(const char *url, FILE * out)
 {
 	gnutls_privkey_t privkey;
 	gnutls_pubkey_t pubkey;
 	int ret;
-	gnutls_datum_t data, sig = {NULL, 0};
+	gnutls_datum_t data, sig = { NULL, 0 };
 	int pk;
 
 	pkcs11_common(NULL);
 
-	data.data = (void*)TEST_DATA;
-	data.size = sizeof(TEST_DATA)-1;
+	data.data = (void *)TEST_DATA;
+	data.size = sizeof(TEST_DATA) - 1;
 
 	ret = gnutls_privkey_init(&privkey);
 	if (ret < 0) {
@@ -229,18 +227,20 @@ tpm_test_sign(const char *url, FILE * out)
 		exit(1);
 	}
 
-	ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &data, &sig);
+	ret =
+	    gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &data, &sig);
 	if (ret < 0) {
-		fprintf(stderr, "Cannot sign data: %s\n",
-			gnutls_strerror(ret));
+		fprintf(stderr, "Cannot sign data: %s\n", gnutls_strerror(ret));
 		exit(1);
 	}
 
 	pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL);
 
 	fprintf(stderr, "Verifying against private key parameters... ");
-	ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA1),
-		0, &data, &sig);
+	ret =
+	    gnutls_pubkey_verify_data2(pubkey,
+				       gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA1),
+				       0, &data, &sig);
 	if (ret < 0) {
 		fprintf(stderr, "Cannot verify signed data: %s\n",
 			gnutls_strerror(ret));
@@ -288,7 +288,6 @@ static void tpm_generate(FILE * out, unsigned int key_type,
 		exit(1);
 	}
 
-
 	fwrite(privkey.data, 1, privkey.size, out);
 	fputs("\n", out);
 
@@ -296,8 +295,7 @@ static void tpm_generate(FILE * out, unsigned int key_type,
 	gnutls_free(pubkey.data);
 }
 
-static void tpm_delete(const char *url, FILE * out,
-		       unsigned int srk_well_known)
+static void tpm_delete(const char *url, FILE * out, unsigned int srk_well_known)
 {
 	int ret;
 	char *srk_pass = NULL;
@@ -373,7 +371,8 @@ static void tpm_pubkey(const char *url, FILE * out, unsigned int srk_well_known)
 		exit(1);
 	}
 
-	print_pubkey_info(pubkey, out, GNUTLS_CRT_PRINT_FULL, GNUTLS_X509_FMT_PEM, 1);
+	print_pubkey_info(pubkey, out, GNUTLS_CRT_PRINT_FULL,
+			  GNUTLS_X509_FMT_PEM, 1);
 
 	gnutls_pubkey_deinit(pubkey);
 }
diff --git a/src/udp-serv.c b/src/udp-serv.c
index ca19cbebaa..7ffbf8aad1 100644
--- a/src/udp-serv.c
+++ b/src/udp-serv.c
@@ -21,13 +21,13 @@
 
 #include <stdio.h>
 #if HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
+# include <sys/socket.h>
 #elif HAVE_WS2TCPIP_H
-#include <ws2tcpip.h>
+# include <ws2tcpip.h>
 #endif
 #include <arpa/inet.h>
 #ifndef _WIN32
-#include <netinet/in.h>
+# include <netinet/in.h>
 #endif
 #include <sys/select.h>
 #include <stdlib.h>
@@ -50,8 +50,7 @@ typedef struct {
 static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms);
 static ssize_t push_func(gnutls_transport_ptr_t p, const void *data,
 			 size_t size);
-static ssize_t pull_func(gnutls_transport_ptr_t p, void *data,
-			 size_t size);
+static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, size_t size);
 
 #define MAX_BUFFER 255		/* Longest string to echo */
 
@@ -96,14 +95,14 @@ void udp_server(const char *name, int port, int mtu)
 
 		cli_addr_size = sizeof(cli_addr);
 		ret =
-		    recvfrom(sock, buffer, sizeof(buffer)-1, MSG_PEEK,
-			     (struct sockaddr *) &cli_addr,
-			     &cli_addr_size);
+		    recvfrom(sock, buffer, sizeof(buffer) - 1, MSG_PEEK,
+			     (struct sockaddr *)&cli_addr, &cli_addr_size);
 
 		/* only accept a valid client hello */
 		if (ret > HANDSHAKE_TYPE_POS &&
 		    buffer[RECORD_CONTENT_POS] == HANDSHAKE_CONTENT_TYPE &&
-		    buffer[HANDSHAKE_TYPE_POS] == GNUTLS_HANDSHAKE_CLIENT_HELLO) {
+		    buffer[HANDSHAKE_TYPE_POS] ==
+		    GNUTLS_HANDSHAKE_CLIENT_HELLO) {
 			if (!HAVE_OPT(NOCOOKIE)) {
 				memset(&prestate, 0, sizeof(prestate));
 				ret =
@@ -117,7 +116,7 @@ void udp_server(const char *name, int port, int mtu)
 
 					memset(&s, 0, sizeof(s));
 					s.fd = sock;
-					s.cli_addr = (void *) &cli_addr;
+					s.cli_addr = (void *)&cli_addr;
 					s.cli_addr_size = cli_addr_size;
 
 					printf
@@ -125,17 +124,18 @@ void udp_server(const char *name, int port, int mtu)
 					     human_addr((struct sockaddr *)
 							&cli_addr,
 							cli_addr_size, buffer,
-							sizeof(buffer)-1));
+							sizeof(buffer) - 1));
 					gnutls_dtls_cookie_send(&cookie_key,
 								&cli_addr,
 								cli_addr_size,
 								&prestate,
 								(gnutls_transport_ptr_t)
-								&s, push_func);
+								& s, push_func);
 
 					/* discard peeked data */
-					recvfrom(sock, buffer, sizeof(buffer)-1, 0,
-						 (struct sockaddr *) &cli_addr,
+					recvfrom(sock, buffer,
+						 sizeof(buffer) - 1, 0,
+						 (struct sockaddr *)&cli_addr,
 						 &cli_addr_size);
 					continue;
 				}
@@ -143,7 +143,7 @@ void udp_server(const char *name, int port, int mtu)
 			printf("Accepted connection from %s\n",
 			       human_addr((struct sockaddr *)
 					  &cli_addr, sizeof(cli_addr),
-					  buffer, sizeof(buffer)-1));
+					  buffer, sizeof(buffer) - 1));
 		} else
 			continue;
 
@@ -168,8 +168,7 @@ void udp_server(const char *name, int port, int mtu)
 		do {
 			ret = gnutls_handshake(session);
 		}
-		while (ret == GNUTLS_E_AGAIN
-		       || ret == GNUTLS_E_INTERRUPTED);
+		while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
 
 		if (ret < 0) {
 			fprintf(stderr, "Error in handshake(): %s\n",
@@ -182,10 +181,9 @@ void udp_server(const char *name, int port, int mtu)
 			do {
 				ret =
 				    gnutls_record_recv_seq(session, buffer,
-							   sizeof(buffer)-1,
+							   sizeof(buffer) - 1,
 							   sequence);
-				if (ret ==
-				    GNUTLS_E_HEARTBEAT_PING_RECEIVED)
+				if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED)
 					gnutls_heartbeat_pong(session, 0);
 			}
 			while (ret == GNUTLS_E_INTERRUPTED
@@ -193,8 +191,7 @@ void udp_server(const char *name, int port, int mtu)
 			       || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED);
 
 			if (ret == GNUTLS_E_REHANDSHAKE) {
-				fprintf(stderr,
-					"*** Received hello message\n");
+				fprintf(stderr, "*** Received hello message\n");
 				do {
 					ret = gnutls_handshake(session);
 				}
@@ -221,11 +218,10 @@ void udp_server(const char *name, int port, int mtu)
 			     sequence[3], sequence[4], sequence[5],
 			     sequence[6], sequence[7], buffer);
 
-			if (check_command(session, buffer, disable_client_cert) == 0) {
+			if (check_command(session, buffer, disable_client_cert)
+			    == 0) {
 				/* reply back */
-				ret =
-				    gnutls_record_send(session, buffer,
-						       ret);
+				ret = gnutls_record_send(session, buffer, ret);
 				if (ret < 0) {
 					fprintf(stderr,
 						"Error in send(): %s\n",
@@ -267,11 +263,10 @@ static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms)
 	cli_addr_size = sizeof(cli_addr);
 	ret =
 	    recvfrom(priv->fd, &c, 1, MSG_PEEK,
-		     (struct sockaddr *) &cli_addr, &cli_addr_size);
+		     (struct sockaddr *)&cli_addr, &cli_addr_size);
 	if (ret > 0) {
 		if (cli_addr_size == priv->cli_addr_size
-		    && memcmp(&cli_addr, priv->cli_addr,
-			      sizeof(cli_addr)) == 0)
+		    && memcmp(&cli_addr, priv->cli_addr, sizeof(cli_addr)) == 0)
 			return 1;
 	}
 
@@ -283,8 +278,8 @@ static ssize_t push_func(gnutls_transport_ptr_t p, const void *data,
 {
 	priv_data_st *priv = p;
 
-	return sendto(priv->fd, data, size, 0, (struct sockaddr*)priv->cli_addr,
-		      priv->cli_addr_size);
+	return sendto(priv->fd, data, size, 0,
+		      (struct sockaddr *)priv->cli_addr, priv->cli_addr_size);
 }
 
 static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, size_t size)
@@ -298,7 +293,7 @@ static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, size_t size)
 	cli_addr_size = sizeof(cli_addr);
 	ret =
 	    recvfrom(priv->fd, data, size, 0,
-		     (struct sockaddr *) &cli_addr, &cli_addr_size);
+		     (struct sockaddr *)&cli_addr, &cli_addr_size);
 	if (ret == -1)
 		return ret;
 
@@ -306,10 +301,11 @@ static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, size_t size)
 	    && memcmp(&cli_addr, priv->cli_addr, sizeof(cli_addr)) == 0)
 		return ret;
 
-	printf("Denied connection from %s\n",
-	       human_addr((struct sockaddr *)
-			  &cli_addr, sizeof(cli_addr), buffer,
-			  sizeof(buffer)));
+	printf("Denied connection from %s\n", human_addr((struct sockaddr *)
+							 &cli_addr,
+							 sizeof(cli_addr),
+							 buffer,
+							 sizeof(buffer)));
 
 	gnutls_transport_set_errno(priv->session, EAGAIN);
 	return -1;
diff --git a/src/udp-serv.h b/src/udp-serv.h
index 08c88de254..b32f9dd664 100644
--- a/src/udp-serv.h
+++ b/src/udp-serv.h
@@ -18,9 +18,9 @@
  */
 
 #ifndef GNUTLS_SRC_UDP_SERV_H
-#define GNUTLS_SRC_UDP_SERV_H
+# define GNUTLS_SRC_UDP_SERV_H
 
-#include <gnutls/dtls.h>
+# include <gnutls/dtls.h>
 
 void udp_server(const char *name, int port, int mtu);
 gnutls_session_t initialize_session(int dtls);
@@ -29,4 +29,4 @@ const char *human_addr(const struct sockaddr *sa, socklen_t salen,
 int wait_for_connection(void);
 int listen_socket(const char *name, int listen_port, int socktype);
 
-#endif /* GNUTLS_SRC_UDP_SERV_H */
+#endif				/* GNUTLS_SRC_UDP_SERV_H */
-- 
cgit v1.2.1