Lib: remove unmaintained SSL backends

gnutls, polarssl, and cyassl SSL backends are not maintained, and likely quite
broken, remove them.

8 files changed, 20 insertions, 1151 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 51be981..f0e8c87 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -263,25 +263,8 @@ option(BUILD_API_DOCS "Build Doxygen API docs" ${DOXYGEN_FOUND})
 option(ENABLE_SSL_SUPPORT "Enable SSL support" ON)
 option(ENABLE_THREAD_SAFETY "Enable thread safety when using OpenSSL" ${Threads_FOUND})
 
-set(SSL_ENGINE "OpenSSL" CACHE STRING "SSL Backend to use, valid options: OpenSSL, cyaSSL, GnuTLS, PolarSSL")
-mark_as_advanced(SSL_ENGINE)
-
 if (ENABLE_SSL_SUPPORT)
-  if (SSL_ENGINE STREQUAL "OpenSSL")
-    find_package(OpenSSL 0.9.8 REQUIRED)
-
-  elseif (SSL_ENGINE STREQUAL "cyaSSL")
-    find_package(cyaSSL REQUIRED)
-
-  elseif (SSL_ENGINE STREQUAL "GnuTLS")
-    find_package(GnuTLS REQUIRED)
-
-  elseif (SSL_ENGINE STREQUAL "PolarSSL")
-    find_package(PolarSSL REQUIRED)
-
-  else()
-    message(FATAL_ERROR "Unsupported SSL_ENGINE ${SSL_ENGINE}, valid engines: OpenSSL, cyaSSL, GnuTLS, or PolarSSL")
-  endif()
+  find_package(OpenSSL 0.9.8 REQUIRED)
 endif()
 
 if (NOT BUILD_SHARED_LIBS AND NOT BUILD_STATIC_LIBS)
diff --git a/Makefile.am b/Makefile.am
index ee8b4a5..bd86733 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -40,15 +40,6 @@ librabbitmq_librabbitmq_la_SOURCES = \
 	librabbitmq/amqp_time.h \
 	librabbitmq/amqp_url.c
 
-
-if SSL_CYASSL
-librabbitmq_librabbitmq_la_SOURCES += librabbitmq/amqp_cyassl.c
-endif
-
-if SSL_GNUTLS
-librabbitmq_librabbitmq_la_SOURCES += librabbitmq/amqp_gnutls.c
-endif
-
 if SSL_OPENSSL
 librabbitmq_librabbitmq_la_SOURCES += \
   librabbitmq/amqp_hostcheck.c \
@@ -59,10 +50,6 @@ librabbitmq_librabbitmq_la_CFLAGS += -Wno-deprecated-declarations
 endif
 endif
 
-if SSL_POLARSSL
-librabbitmq_librabbitmq_la_SOURCES += librabbitmq/amqp_polarssl.c
-endif
-
 if OS_UNIX
 librabbitmq_librabbitmq_la_SOURCES += librabbitmq/unix/threads.h
 librabbitmq_librabbitmq_la_CFLAGS += -I$(top_srcdir)/librabbitmq/unix
diff --git a/configure.ac b/configure.ac
index 49163b7..c439dbb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -130,30 +130,19 @@ AX_HAVE_POLL([AC_DEFINE([HAVE_POLL], [], ["Have poll()"])],
 
 # Configure SSL/TLS
 AC_ARG_WITH([ssl],
-	    [AS_HELP_STRING([--with-ssl=@<:@cyassl/gnutls/no/openssl/polarssl/yes@:>@],
-			    [enable SSL/TLS support @<:@default=openssl@:>@])],
-	    [AS_CASE([$withval],
-		     [yes], [with_ssl=openssl],
-		     [*], [with_ssl=$withval])],
-	    [with_ssl=openssl])
-
-AS_IF([test "x$with_ssl" = "xcyassl"],
-      [PKG_CHECK_MODULES([SSL], [libcyassl],, [with_ssl=no])],
-      [test "x$with_ssl" = "xgnutls"],
-      [PKG_CHECK_MODULES([SSL], [gnutls],, [with_ssl=no])],
-      [test "x$with_ssl" = "xopenssl"],
+    [AS_HELP_STRING([--with-ssl=@<:@no/openssl/yes@:>@],
+                    [enable SSL/TLS support @<:@default=openssl@:>@])],
+    [AS_CASE([$withval],
+        [yes], [with_ssl=openssl],
+        [*], [with_ssl=$withval])],
+    [with_ssl=openssl])
+
+AS_IF([test "x$with_ssl" = "xopenssl"],
       [PKG_CHECK_MODULES([SSL], [openssl >= 0.9.8], [ssl_pkg_required=openssl],
                          [with_ssl=no])],
-      [test "x$with_ssl" = "xpolarssl"],
-      [AX_LIB_POLARSSL([SSL_CFLAGS=$POLARSSL_CFLAGS
-			SSL_LIBS=$POLARSSL_LIBS],
-		       [with_ssl=no])],
       [test "x$with_ssl" = "xno"],,
       [AC_MSG_ERROR([unknown SSL/TLS implementation: $with_ssl])])
-AM_CONDITIONAL([SSL_CYASSL], [test "x$with_ssl" = "xcyassl"])
-AM_CONDITIONAL([SSL_GNUTLS], [test "x$with_ssl" = "xgnutls"])
 AM_CONDITIONAL([SSL_OPENSSL], [test "x$with_ssl" = "xopenssl"])
-AM_CONDITIONAL([SSL_POLARSSL], [test "x$with_ssl" = "xpolarssl"])
 AM_CONDITIONAL([SSL], [test "x$with_ssl" != "xno"])
 AS_IF([test "x$with_ssl" != "xno"],
       [AC_DEFINE([WITH_SSL], [1], [Define to 1 if SSL/TLS is enabled.])])
diff --git a/librabbitmq/CMakeLists.txt b/librabbitmq/CMakeLists.txt
index 3c86094..103742a 100644
--- a/librabbitmq/CMakeLists.txt
+++ b/librabbitmq/CMakeLists.txt
@@ -80,38 +80,17 @@ if (ENABLE_SSL_SUPPORT)
   add_definitions(-DWITH_SSL=1)
   set(AMQP_SSL_SOCKET_H_PATH amqp_ssl_socket.h)
 
-  if (SSL_ENGINE STREQUAL "OpenSSL")
-    set(AMQP_SSL_SRCS ${AMQP_SSL_SOCKET_H_PATH}
-        amqp_openssl.c
-        amqp_hostcheck.c
-        amqp_hostcheck.h
-    )
-    include_directories(${OPENSSL_INCLUDE_DIR})
-    set(AMQP_SSL_LIBS ${OPENSSL_LIBRARIES})
-    if (APPLE)
-      # Apple has deprecated OpenSSL in 10.7+. This disables that warning.
-      set_source_files_properties(${AMQP_SSL_SRCS}
-        PROPERTIES COMPILE_FLAGS -Wno-deprecated-declarations)
-    endif()
-
-  elseif (SSL_ENGINE STREQUAL "cyaSSL")
-    set(AMQP_SSL_SRCS ${AMQP_SSL_SOCKET_H_PATH} amqp_cyassl.c)
-    include_directories(${CYASSL_INCLUDE_DIR})
-    set(AMQP_SSL_LIBS ${CYASSL_LIBRARIES})
-
-  elseif (SSL_ENGINE STREQUAL "GnuTLS")
-    set(AMQP_SSL_SRCS ${AMQP_SSL_SOCKET_H_PATH} amqp_gnutls.c)
-    include_directories(${GNUTLS_INCLUDE_DIR})
-    add_definitions(${GNUTLS_DEFINITIONS})
-    set(AMQP_SSL_LIBS ${GNUTLS_LIBRARIES})
-
-  elseif (SSL_ENGINE STREQUAL "PolarSSL")
-    set(AMQP_SSL_SRCS ${AMQP_SSL_SOCKET_H_PATH} amqp_polarssl.c)
-    include_directories(${POLARSSL_INCLUDE_DIR})
-    set(AMQP_SSL_LIBS ${POLARSSL_LIBRARIES})
-
-  else()
-    message(FATAL_ERROR "Unknown SSL_ENGINE ${SSL_ENGINE}")
+  set(AMQP_SSL_SRCS ${AMQP_SSL_SOCKET_H_PATH}
+      amqp_openssl.c
+      amqp_hostcheck.c
+      amqp_hostcheck.h
+  )
+  include_directories(${OPENSSL_INCLUDE_DIR})
+  set(AMQP_SSL_LIBS ${OPENSSL_LIBRARIES})
+  if (APPLE)
+    # Apple has deprecated OpenSSL in 10.7+. This disables that warning.
+    set_source_files_properties(${AMQP_SSL_SRCS}
+      PROPERTIES COMPILE_FLAGS -Wno-deprecated-declarations)
   endif()
 
   if (ENABLE_THREAD_SAFETY)
diff --git a/librabbitmq/amqp_cyassl.c b/librabbitmq/amqp_cyassl.c
deleted file mode 100644
index 05ce12e..0000000
--- a/librabbitmq/amqp_cyassl.c
+++ /dev/null
@@ -1,270 +0,0 @@
-/* vim:set ft=c ts=2 sw=2 sts=2 et cindent: */
-/*
- * Copyright 2012-2013 Michael Steinert
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "amqp_ssl_socket.h"
-#include "amqp_private.h"
-#include <cyassl/ssl.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifndef AMQP_USE_UNTESTED_SSL_BACKEND
-# error This SSL backend is alpha quality and likely contains errors.\
-  -DAMQP_USE_UNTESTED_SSL_BACKEND to use this backend
-#endif
-
-struct amqp_ssl_socket_t {
-  const struct amqp_socket_class_t *klass;
-  CYASSL_CTX *ctx;
-  CYASSL *ssl;
-  int sockfd;
-  char *buffer;
-  size_t length;
-  int last_error;
-};
-
-static ssize_t
-amqp_ssl_socket_send(void *base,
-                     const void *buf,
-                     size_t len,
-                     AMQP_UNUSED int flags)
-{
-  int status;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-
-  self->last_error = 0;
-  status = CyaSSL_write(self->ssl, buf, len);
-  if (status <= 0) {
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-  }
-
-  return status;
-}
-
-static ssize_t
-amqp_ssl_socket_writev(void *base,
-                       const struct iovec *iov,
-                       int iovcnt)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  ssize_t written = -1;
-  char *bufferp;
-  size_t bytes;
-  int i;
-  self->last_error = 0;
-  bytes = 0;
-  for (i = 0; i < iovcnt; ++i) {
-    bytes += iov[i].iov_len;
-  }
-  if (self->length < bytes) {
-    free(self->buffer);
-    self->buffer = malloc(bytes);
-    if (!self->buffer) {
-      self->length = 0;
-      self->last_error = AMQP_STATUS_NO_MEMORY;
-      goto exit;
-    }
-    self->length = bytes;
-  }
-  bufferp = self->buffer;
-  for (i = 0; i < iovcnt; ++i) {
-    memcpy(bufferp, iov[i].iov_base, iov[i].iov_len);
-    bufferp += iov[i].iov_len;
-  }
-  written = amqp_ssl_socket_send(self, self->buffer, bytes, 0);
-exit:
-  return written;
-}
-
-static ssize_t
-amqp_ssl_socket_recv(void *base,
-                     void *buf,
-                     size_t len,
-                     AMQP_UNUSED int flags)
-{
-  int status;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-
-  self->last_error = 0;
-  status = CyaSSL_read(self->ssl, buf, len);
-  if (status <= 0) {
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-  }
-
-  return status;
-}
-
-static int
-amqp_ssl_socket_get_sockfd(void *base)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  return self->sockfd;
-}
-
-static int
-amqp_ssl_socket_close(void *base)
-{
-  int status = -1;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  if (self->sockfd >= 0) {
-    status = amqp_os_socket_close(self->sockfd);
-  }
-  if (self) {
-    CyaSSL_free(self->ssl);
-    CyaSSL_CTX_free(self->ctx);
-    free(self->buffer);
-    free(self);
-  }
-  return status;
-}
-
-static int
-amqp_ssl_socket_error(void *base)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  return self->last_error;
-}
-
-char *
-amqp_ssl_error_string(AMQP_UNUSED int err)
-{
-  return strdup("A ssl socket error occurred.");
-}
-
-static int
-amqp_ssl_socket_open(void *base, const char *host, int port, struct timeval *timeout)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  int status;
-  self->last_error = 0;
-
-  self->ssl = CyaSSL_new(self->ctx);
-  if (NULL == self->ssl) {
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-    return -1;
-  }
-
-  self->sockfd = amqp_open_socket_noblock(host, port, timeout);
-  if (0 > self->sockfd) {
-    self->last_error = - self->sockfd;
-    return -1;
-  }
-  CyaSSL_set_fd(self->ssl, self->sockfd);
-  status = CyaSSL_connect(self->ssl);
-  if (SSL_SUCCESS != status) {
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-    return -1;
-  }
-  return 0;
-}
-
-static const struct amqp_socket_class_t amqp_ssl_socket_class = {
-  amqp_ssl_socket_writev, /* writev */
-  amqp_ssl_socket_send, /* send */
-  amqp_ssl_socket_recv, /* recv */
-  amqp_ssl_socket_open, /* open */
-  amqp_ssl_socket_close, /* close */
-  amqp_ssl_socket_error, /* error */
-  amqp_ssl_socket_get_sockfd /* get_sockfd */
-};
-
-amqp_socket_t *
-amqp_ssl_socket_new(void)
-{
-  struct amqp_ssl_socket_t *self = calloc(1, sizeof(*self));
-  if (!self) {
-    goto error;
-  }
-  CyaSSL_Init();
-  self->ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
-  if (!self->ctx) {
-    goto error;
-  }
-  self->klass = &amqp_ssl_socket_class;
-  return (amqp_socket_t *)self;
-error:
-  amqp_socket_close((amqp_socket_t *)self);
-  return NULL;
-}
-
-int
-amqp_ssl_socket_set_cacert(amqp_socket_t *base,
-                           const char *cacert)
-{
-  int status;
-  struct amqp_ssl_socket_t *self;
-  if (base->klass != &amqp_ssl_socket_class) {
-    amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
-  }
-  self = (struct amqp_ssl_socket_t *)base;
-  status = CyaSSL_CTX_load_verify_locations(self->ctx, cacert, NULL);
-  if (SSL_SUCCESS != status) {
-    return -1;
-  }
-  return 0;
-}
-
-int
-amqp_ssl_socket_set_key(amqp_socket_t *base,
-                        const char *cert,
-                        const char *key)
-{
-  int status;
-  struct amqp_ssl_socket_t *self;
-  if (base->klass != &amqp_ssl_socket_class) {
-    amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
-  }
-  self = (struct amqp_ssl_socket_t *)base;
-  status = CyaSSL_CTX_use_PrivateKey_file(self->ctx, key,
-                                          SSL_FILETYPE_PEM);
-  if (SSL_SUCCESS != status) {
-    return -1;
-  }
-  status = CyaSSL_CTX_use_certificate_chain_file(self->ctx, cert);
-  return 0;
-}
-
-int
-amqp_ssl_socket_set_key_buffer(AMQP_UNUSED amqp_socket_t *base,
-                               AMQP_UNUSED const char *cert,
-                               AMQP_UNUSED const void *key,
-                               AMQP_UNUSED size_t n)
-{
-  amqp_abort("%s is not implemented for CyaSSL", __func__);
-  return -1;
-}
-
-void
-amqp_ssl_socket_set_verify(AMQP_UNUSED amqp_socket_t *base,
-                           AMQP_UNUSED amqp_boolean_t verify)
-{
-  /* noop for CyaSSL */
-}
-
-void
-amqp_set_initialize_ssl_library(AMQP_UNUSED amqp_boolean_t do_initialize)
-{
-}
diff --git a/librabbitmq/amqp_gnutls.c b/librabbitmq/amqp_gnutls.c
deleted file mode 100644
index f18d427..0000000
--- a/librabbitmq/amqp_gnutls.c
+++ /dev/null
@@ -1,362 +0,0 @@
-/* vim:set ft=c ts=2 sw=2 sts=2 et cindent: */
-/*
- * Copyright 2012-2013 Michael Steinert
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "amqp_ssl_socket.h"
-#include "amqp_private.h"
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifndef AMQP_USE_UNTESTED_SSL_BACKEND
-# error This SSL backend is alpha quality and likely contains errors.\
-  -DAMQP_USE_UNTESTED_SSL_BACKEND to use this backend
-#endif
-
-struct amqp_ssl_socket_t {
-  const struct amqp_socket_class_t *klass;
-  gnutls_session_t session;
-  gnutls_certificate_credentials_t credentials;
-  int sockfd;
-  char *host;
-  char *buffer;
-  size_t length;
-  int last_error;
-};
-
-static ssize_t
-amqp_ssl_socket_send(void *base,
-                     const void *buf,
-                     size_t len,
-                     AMQP_UNUSED int flags)
-{
-  ssize_t status;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-
-  self->last_error = 0;
-  status = gnutls_record_send(self->session, buf, len);
-  if (status < 0) {
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-  }
-  return status;
-}
-
-static ssize_t
-amqp_ssl_socket_writev(void *base,
-                       const struct iovec *iov,
-                       int iovcnt)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  ssize_t written = -1;
-  char *bufferp;
-  size_t bytes;
-  int i;
-  self->last_error = 0;
-  bytes = 0;
-  for (i = 0; i < iovcnt; ++i) {
-    bytes += iov[i].iov_len;
-  }
-  if (self->length < bytes) {
-    free(self->buffer);
-    self->buffer = malloc(bytes);
-    if (!self->buffer) {
-      self->length = 0;
-      self->last_error = AMQP_STATUS_NO_MEMORY;
-      goto exit;
-    }
-    self->length = 0;
-  }
-  bufferp = self->buffer;
-  for (i = 0; i < iovcnt; ++i) {
-    memcpy(bufferp, iov[i].iov_base, iov[i].iov_len);
-    bufferp += iov[i].iov_len;
-  }
-  written = amqp_ssl_socket_send(self, self->buffer, bytes, 0);
-exit:
-  return written;
-}
-
-static ssize_t
-amqp_ssl_socket_recv(void *base,
-                     void *buf,
-                     size_t len,
-                     AMQP_UNUSED int flags)
-{
-  ssize_t status;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-
-  self->last_error = 0;
-  status = gnutls_record_recv(self->session, buf, len);
-  if (status < 0) {
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-  }
-
-  return status;
-}
-
-static int
-amqp_ssl_socket_open(void *base, const char *host, int port, struct timeval *timeout)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  int status;
-  self->last_error = 0;
-
-  free(self->host);
-  self->host = strdup(host);
-  if (NULL == self->host) {
-    self->last_error = AMQP_STATUS_NO_MEMORY;
-    return -1;
-  }
-
-  self->sockfd = amqp_open_socket_noblock(host, port, timeout);
-  if (0 > self->sockfd) {
-    self->last_error = -self->sockfd;
-    return -1;
-  }
-  gnutls_transport_set_ptr(self->session,
-                           (gnutls_transport_ptr_t)self->sockfd);
-  do {
-    status = gnutls_handshake(self->session);
-  } while (status < 0 && !gnutls_error_is_fatal(status));
-
-  if (gnutls_error_is_fatal(status)) {
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-  }
-
-  return status;
-}
-
-static int
-amqp_ssl_socket_close(void *base)
-{
-  int status = -1;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  if (self->sockfd >= 0) {
-    status = amqp_os_socket_close(self->sockfd);
-  }
-  if (self) {
-    gnutls_deinit(self->session);
-    gnutls_certificate_free_credentials(self->credentials);
-    free(self->host);
-    free(self->buffer);
-    free(self);
-  }
-  return status;
-}
-
-static int
-amqp_ssl_socket_error(void *base)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  return self->last_error;
-}
-
-char *
-amqp_ssl_error_string(AMQP_UNUSED int err)
-{
-  return strdup("A SSL error occurred");
-}
-
-static int
-amqp_ssl_socket_get_sockfd(void *base)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  return self->sockfd;
-}
-
-static int
-amqp_ssl_verify(gnutls_session_t session)
-{
-  int ret;
-  unsigned int status, size;
-  const gnutls_datum_t *list;
-  gnutls_x509_crt_t cert = NULL;
-  struct amqp_ssl_socket_t *self = gnutls_session_get_ptr(session);
-  ret = gnutls_certificate_verify_peers2(session, &status);
-  if (0 > ret) {
-    goto error;
-  }
-  if (status & GNUTLS_CERT_INVALID) {
-    goto error;
-  }
-  if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
-    goto error;
-  }
-  if (status & GNUTLS_CERT_REVOKED) {
-    goto error;
-  }
-  if (status & GNUTLS_CERT_EXPIRED) {
-    goto error;
-  }
-  if (status & GNUTLS_CERT_NOT_ACTIVATED) {
-    goto error;
-  }
-  if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) {
-    goto error;
-  }
-  if (gnutls_x509_crt_init(&cert) < 0) {
-    goto error;
-  }
-  list = gnutls_certificate_get_peers(session, &size);
-  if (!list) {
-    goto error;
-  }
-  ret = gnutls_x509_crt_import(cert, &list[0], GNUTLS_X509_FMT_DER);
-  if (0 > ret) {
-    goto error;
-  }
-  if (!gnutls_x509_crt_check_hostname(cert, self->host)) {
-    goto error;
-  }
-  gnutls_x509_crt_deinit(cert);
-  return 0;
-error:
-  if (cert) {
-    gnutls_x509_crt_deinit (cert);
-  }
-  return GNUTLS_E_CERTIFICATE_ERROR;
-}
-
-static const struct amqp_socket_class_t amqp_ssl_socket_class = {
-  amqp_ssl_socket_writev, /* writev */
-  amqp_ssl_socket_send, /* send */
-  amqp_ssl_socket_recv, /* recv */
-  amqp_ssl_socket_open, /* open */
-  amqp_ssl_socket_close, /* close */
-  amqp_ssl_socket_error, /* error */
-  amqp_ssl_socket_get_sockfd /* get_sockfd */
-};
-
-amqp_socket_t *
-amqp_ssl_socket_new(void)
-{
-  struct amqp_ssl_socket_t *self = calloc(1, sizeof(*self));
-  const char *error;
-  int status;
-  if (!self) {
-    goto error;
-  }
-  gnutls_global_init();
-  status = gnutls_init(&self->session, GNUTLS_CLIENT);
-  if (GNUTLS_E_SUCCESS != status) {
-    goto error;
-  }
-  status = gnutls_certificate_allocate_credentials(&self->credentials);
-  if (GNUTLS_E_SUCCESS != status) {
-    goto error;
-  }
-  gnutls_certificate_set_verify_function(self->credentials,
-                                         amqp_ssl_verify);
-  status = gnutls_credentials_set(self->session, GNUTLS_CRD_CERTIFICATE,
-                                  self->credentials);
-  if (GNUTLS_E_SUCCESS != status) {
-    goto error;
-  }
-  gnutls_session_set_ptr(self->session, self);
-  status = gnutls_priority_set_direct(self->session, "NORMAL", &error);
-  if (GNUTLS_E_SUCCESS != status) {
-    goto error;
-  }
-  self->klass = &amqp_ssl_socket_class;
-  return (amqp_socket_t *)self;
-error:
-  amqp_socket_close((amqp_socket_t *)self);
-  return NULL;
-}
-
-int
-amqp_ssl_socket_set_cacert(amqp_socket_t *base,
-                           const char *cacert)
-{
-  int status;
-  struct amqp_ssl_socket_t *self;
-  if (base->klass != &amqp_ssl_socket_class) {
-    amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
-  }
-  self = (struct amqp_ssl_socket_t *)base;
-  status = gnutls_certificate_set_x509_trust_file(self->credentials,
-           cacert,
-           GNUTLS_X509_FMT_PEM);
-  if (0 > status) {
-    return -1;
-  }
-  return 0;
-}
-
-int
-amqp_ssl_socket_set_key(amqp_socket_t *base,
-                        const char *cert,
-                        const char *key)
-{
-  int status;
-  struct amqp_ssl_socket_t *self;
-  if (base->klass != &amqp_ssl_socket_class) {
-    amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
-  }
-  self = (struct amqp_ssl_socket_t *)base;
-  status = gnutls_certificate_set_x509_key_file(self->credentials,
-           cert,
-           key,
-           GNUTLS_X509_FMT_PEM);
-  if (0 > status) {
-    return -1;
-  }
-  return 0;
-}
-
-int
-amqp_ssl_socket_set_key_buffer(AMQP_UNUSED amqp_socket_t *base,
-                               AMQP_UNUSED const char *cert,
-                               AMQP_UNUSED const void *key,
-                               AMQP_UNUSED size_t n)
-{
-  amqp_abort("%s is not implemented for GnuTLS", __func__);
-  return -1;
-}
-
-void
-amqp_ssl_socket_set_verify(amqp_socket_t *base,
-                           amqp_boolean_t verify)
-{
-  struct amqp_ssl_socket_t *self;
-  if (base->klass != &amqp_ssl_socket_class) {
-    amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
-  }
-  self = (struct amqp_ssl_socket_t *)base;
-  if (verify) {
-    gnutls_certificate_set_verify_function(self->credentials,
-                                           amqp_ssl_verify);
-  } else {
-    gnutls_certificate_set_verify_function(self->credentials,
-                                           NULL);
-  }
-}
-
-void
-amqp_set_initialize_ssl_library(AMQP_UNUSED amqp_boolean_t do_initialize)
-{
-}
diff --git a/librabbitmq/amqp_polarssl.c b/librabbitmq/amqp_polarssl.c
deleted file mode 100644
index bae3141..0000000
--- a/librabbitmq/amqp_polarssl.c
+++ /dev/null
@@ -1,362 +0,0 @@
-/* vim:set ft=c ts=2 sw=2 sts=2 et cindent: */
-/*
- * Copyright 2012-2013 Michael Steinert
- *
- * Permission is hereby granted, free of charge, to any person obtaining a
- * copy of this software and associated documentation files (the "Software"),
- * to deal in the Software without restriction, including without limitation
- * the rights to use, copy, modify, merge, publish, distribute, sublicense,
- * and/or sell copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "amqp_ssl_socket.h"
-#include "amqp_private.h"
-#include <polarssl/ctr_drbg.h>
-#include <polarssl/entropy.h>
-#include <polarssl/net.h>
-#include <polarssl/ssl.h>
-#include <polarssl/version.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifndef AMQP_USE_UNTESTED_SSL_BACKEND
-# error This SSL backend is alpha quality and likely contains errors.\
-  -DAMQP_USE_UNTESTED_SSL_BACKEND to use this backend
-#endif
-
-struct amqp_ssl_socket_t {
-  const struct amqp_socket_class_t *klass;
-  int sockfd;
-  entropy_context *entropy;
-  ctr_drbg_context *ctr_drbg;
-  x509_cert *cacert;
-  rsa_context *key;
-  x509_cert *cert;
-  ssl_context *ssl;
-  ssl_session *session;
-  char *buffer;
-  size_t length;
-  int last_error;
-};
-
-static ssize_t
-amqp_ssl_socket_send(void *base,
-                     const void *buf,
-                     size_t len,
-                     AMQP_UNUSED int flags)
-{
-  ssize_t status;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-
-  self->last_error = 0;
-  status = ssl_write(self->ssl, buf, len);
-  if (status < 0) {
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-  }
-
-  return status;
-}
-
-static ssize_t
-amqp_ssl_socket_writev(void *base,
-                       const struct iovec *iov,
-                       int iovcnt)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  ssize_t written = -1;
-  char *bufferp;
-  size_t bytes;
-  int i;
-  self->last_error = 0;
-  bytes = 0;
-  for (i = 0; i < iovcnt; ++i) {
-    bytes += iov[i].iov_len;
-  }
-  if (self->length < bytes) {
-    free(self->buffer);
-    self->buffer = malloc(bytes);
-    if (!self->buffer) {
-      self->length = 0;
-      self->last_error = AMQP_STATUS_NO_MEMORY;
-      goto exit;
-    }
-    self->length = bytes;
-  }
-  bufferp = self->buffer;
-  for (i = 0; i < iovcnt; ++i) {
-    memcpy(bufferp, iov[i].iov_base, iov[i].iov_len);
-    bufferp += iov[i].iov_len;
-  }
-  written = amqp_ssl_socket_send(self, (const unsigned char *)self->buffer,
-                      bytes, 0);
-exit:
-  return written;
-}
-
-static ssize_t
-amqp_ssl_socket_recv(void *base,
-                     void *buf,
-                     size_t len,
-                     AMQP_UNUSED int flags)
-{
-  ssize_t status;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-
-  self->last_error = 0;
-  status = ssl_read(self->ssl, buf, len);
-  if (status < 0) {
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-  }
-
-  return status;
-}
-
-static int
-amqp_ssl_socket_open(void *base, const char *host, int port, struct timeval *timeout)
-{
-  int status;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  self->last_error = 0;
-
-  if (timeout && (timeout->tv_sec != 0 || timeout->tv_usec != 0)) {
-    /* We don't support PolarSSL for now because it uses its own connect() wrapper
-     * It is not too hard to implement net_connect() with noblock support,
-     * but then we will have to maintain that piece of code and keep it synced with main PolarSSL code base
-     */
-    return AMQP_STATUS_INVALID_PARAMETER;
-  }
-
-  status = net_connect(&self->sockfd, host, port);
-  if (status) {
-    /* This isn't quite right. We should probably translate between
-     * POLARSSL_ERR_* to our internal error codes
-     */
-    self->last_error = AMQP_STATUS_SSL_ERROR;
-    return -1;
-  }
-  if (self->cacert) {
-    ssl_set_ca_chain(self->ssl, self->cacert, NULL, host);
-  }
-  ssl_set_bio(self->ssl, net_recv, &self->sockfd,
-              net_send, &self->sockfd);
-  if (self->key && self->cert) {
-    ssl_set_own_cert(self->ssl, self->cert, self->key);
-  }
-  while (0 != (status = ssl_handshake(self->ssl))) {
-    switch (status) {
-    case POLARSSL_ERR_NET_WANT_READ:
-    case POLARSSL_ERR_NET_WANT_WRITE:
-      continue;
-    default:
-      self->last_error = AMQP_STATUS_SSL_ERROR;
-      break;
-    }
-  }
-  return status;
-}
-
-static int
-amqp_ssl_socket_close(void *base)
-{
-  int status = -1;
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  if (self) {
-    free(self->entropy);
-    free(self->ctr_drbg);
-    x509_free(self->cacert);
-    free(self->cacert);
-    rsa_free(self->key);
-    free(self->key);
-    x509_free(self->cert);
-    free(self->cert);
-    ssl_free(self->ssl);
-    free(self->ssl);
-    free(self->session);
-    free(self->buffer);
-    if (self->sockfd >= 0) {
-      net_close(self->sockfd);
-      status = 0;
-    }
-    free(self);
-  }
-  return status;
-}
-
-static int
-amqp_ssl_socket_error(AMQP_UNUSED void *user_data)
-{
-  return AMQP_STATUS_SSL_ERROR;
-}
-
-char *
-amqp_ssl_error_string(AMQP_UNUSED int err)
-{
-  return strdup("A SSL socket error occurred");
-}
-
-static int
-amqp_ssl_socket_get_sockfd(void *base)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  return self->sockfd;
-}
-
-static const struct amqp_socket_class_t amqp_ssl_socket_class = {
-  amqp_ssl_socket_writev, /* writev */
-  amqp_ssl_socket_send, /* send */
-  amqp_ssl_socket_recv, /* recv */
-  amqp_ssl_socket_open, /* open */
-  amqp_ssl_socket_close, /* close */
-  amqp_ssl_socket_error, /* error */
-  amqp_ssl_socket_get_sockfd /* get_sockfd */
-};
-
-amqp_socket_t *
-amqp_ssl_socket_new(void)
-{
-  struct amqp_ssl_socket_t *self = calloc(1, sizeof(*self));
-  int status;
-  if (!self) {
-    goto error;
-  }
-  self->entropy = calloc(1, sizeof(*self->entropy));
-  if (!self->entropy) {
-    goto error;
-  }
-  self->sockfd = -1;
-  entropy_init(self->entropy);
-  self->ctr_drbg = calloc(1, sizeof(*self->ctr_drbg));
-  if (!self->ctr_drbg) {
-    goto error;
-  }
-  status = ctr_drbg_init(self->ctr_drbg, entropy_func, self->entropy,
-                         NULL, 0);
-  if (status) {
-    goto error;
-  }
-  self->ssl = calloc(1, sizeof(*self->ssl));
-  if (!self->ssl) {
-    goto error;
-  }
-  status = ssl_init(self->ssl);
-  if (status) {
-    goto error;
-  }
-  ssl_set_endpoint(self->ssl, SSL_IS_CLIENT);
-  ssl_set_rng(self->ssl, ctr_drbg_random, self->ctr_drbg);
-  ssl_set_ciphersuites(self->ssl, ssl_default_ciphersuites);
-  ssl_set_authmode(self->ssl, SSL_VERIFY_REQUIRED);
-  self->session = calloc(1, sizeof(*self->session));
-  if (!self->session) {
-    goto error;
-  }
-#if POLARSSL_VERSION_NUMBER >= 0x01020000
-  ssl_set_session(self->ssl, self->session);
-#else
-  ssl_set_session(self->ssl, 0, 0, self->session);
-#endif
-
-  self->klass = &amqp_ssl_socket_class;
-  return (amqp_socket_t *)self;
-error:
-  amqp_socket_close((amqp_socket_t *)self);
-  return NULL;
-}
-
-int
-amqp_ssl_socket_set_cacert(amqp_socket_t *base,
-                           const char *cacert)
-{
-  int status;
-  struct amqp_ssl_socket_t *self;
-  if (base->klass != &amqp_ssl_socket_class) {
-    amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
-  }
-  self = (struct amqp_ssl_socket_t *)base;
-  self->cacert = calloc(1, sizeof(*self->cacert));
-  if (!self->cacert) {
-    return -1;
-  }
-  status = x509parse_crtfile(self->cacert, cacert);
-  if (status) {
-    return -1;
-  }
-  return 0;
-}
-
-int
-amqp_ssl_socket_set_key(amqp_socket_t *base,
-                        const char *cert,
-                        const char *key)
-{
-  int status;
-  struct amqp_ssl_socket_t *self;
-  if (base->klass != &amqp_ssl_socket_class) {
-    amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
-  }
-  self = (struct amqp_ssl_socket_t *)base;
-  self->key = calloc(1, sizeof(*self->key));
-  if (!self->key) {
-    return -1;
-  }
-  status = x509parse_keyfile(self->key, key, NULL);
-  if (status) {
-    return -1;
-  }
-  self->cert = calloc(1, sizeof(*self->cert));
-  if (!self->cert) {
-    return -1;
-  }
-  status = x509parse_crtfile(self->cert, cert);
-  if (status) {
-    return -1;
-  }
-  return 0;
-}
-
-int
-amqp_ssl_socket_set_key_buffer(AMQP_UNUSED amqp_socket_t *base,
-                               AMQP_UNUSED const char *cert,
-                               AMQP_UNUSED const void *key,
-                               AMQP_UNUSED size_t n)
-{
-  amqp_abort("%s is not implemented for PolarSSL", __func__);
-  return -1;
-}
-
-void
-amqp_ssl_socket_set_verify(amqp_socket_t *base,
-                           amqp_boolean_t verify)
-{
-  struct amqp_ssl_socket_t *self;
-  if (base->klass != &amqp_ssl_socket_class) {
-    amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
-  }
-  self = (struct amqp_ssl_socket_t *)base;
-  if (verify) {
-    ssl_set_authmode(self->ssl, SSL_VERIFY_REQUIRED);
-  } else {
-    ssl_set_authmode(self->ssl, SSL_VERIFY_NONE);
-  }
-}
-
-void
-amqp_set_initialize_ssl_library(AMQP_UNUSED amqp_boolean_t do_initialize)
-{
-}
diff --git a/m4/polarssl.m4 b/m4/polarssl.m4
deleted file mode 100644
index 2c87bbd..0000000
--- a/m4/polarssl.m4
+++ /dev/null
@@ -1,75 +0,0 @@
-# polarssl.m4 - Check for PolarSSL
-#
-# Copyright 2012 Michael Steinert
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
-# SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
-# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
-# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-#serial 1
-
-# _AX_LIB_POLARSSL
-# ----------------
-# Check for the PolarSSL library and header file. If found the cache variable
-# ax_cv_have_polarssl will be set to yes.
-AC_DEFUN([_AX_LIB_POLARSSL],
-[dnl
-ax_cv_have_polarssl=no
-_ax_polarssl_h=no
-_ax_polarssl_lib=no
-AC_ARG_VAR([POLARSSL_CFLAGS],
-	   [C compiler flags for PolarSSL, overriding defaults])
-AC_ARG_VAR([POLARSSL_LIBS], [linker flags for PolarSSL, overriding defaults])
-AC_CHECK_HEADERS([polarssl/ssl.h],
-		 [_ax_polarssl_h=yes],,
-		 [$POLARSSL_CFLAGS])
-AS_IF([test "x$POLARSSL_LIBS" = "x"],
-      [AC_CHECK_LIB([polarssl], [entropy_init],
-		    [POLARSSL_LIBS=-lpolarssl
-		     _ax_polarssl_lib=yes])],
-      [_ax_polarssl_cflags=$CFLAGS
-       CFLAGS="$POLARSSL_CFLAGS $CFLAGS"
-       _ax_polarssl_ldflags=$LDFLAGS
-       LDFLAGS="$POLARSSL_LIBS $LDFLAGS"
-       AC_MSG_CHECKING([for libpolarssl])
-       AC_TRY_LINK([#include <polarssl/entropy.h>],
-		   [entropy_init(NULL)],
-		   [AC_MSG_RESULT([$POLARSSL_LIBS])
-		    _ax_polarssl_lib=yes],
-		   [AC_MSG_RESULT([no])])
-       CFLAGS=$_ax_polarssl_cflags
-       LDFLAGS=$_ax_polarssl_ldflags])
-AS_IF([test "x$_ax_polarssl_h" = "xyes" && \
-       test "x$_ax_polarssl_lib" = "xyes"],
-      [ax_cv_have_polarssl=yes])
-])dnl
-
-# AX_LIB_POLARSSL([ACTION-IF-TRUE], [ACTION-IF-FALSE])
-# ------------------------------------------------
-# Check if PolarSSL is installed. If found the variable ax_have_polarssl will
-# be set to yes.
-# ACTION-IF-TRUE: commands to execute if PolarSSL is installed
-# ACTION-IF-FALSE: commands to execute if PoloarSSL is not installed
-AC_DEFUN([AX_LIB_POLARSSL],
-[dnl
-AC_CACHE_VAL([ax_cv_have_polarssl], [_AX_LIB_POLARSSL])
-ax_have_polarssl=$ax_cv_have_polarssl
-AS_IF([test "x$ax_have_polarssl" = "xyes"],
-      [AC_DEFINE([HAVE_POLARSSL], [1], [Define to 1 if PolarSSL is available.])
-       $1], [$2])
-])dnl