new IceSSL plugin

204 files changed, 6587 insertions, 12628 deletions

diff --git a/cpp/certs/c_dh1024.pem b/cpp/certs/c_dh1024.pem
deleted file mode 100644
index 9040126d3c8..00000000000
--- a/cpp/certs/c_dh1024.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIGHAoGBAKwzQH5D8agIc7RlE+4MUJXYxRUn5DStgC1oXzX7i7Dpg775VJLcJc4c
-bPv8xrx9ku242TlOIonh+qiI5FxnNuvhyL3Ua5+tZjUJi3SiDjzjctnm3nzgfUND
-y6ElC+UUolRPu35l0nKPJlqB8AP+93laARCYgmKbci6WNNT9piDTAgEC
------END DH PARAMETERS-----
diff --git a/cpp/certs/c_dsa1024_priv.pem b/cpp/certs/c_dsa1024_priv.pem
new file mode 100644
index 00000000000..33c4fd54f76
--- /dev/null
+++ b/cpp/certs/c_dsa1024_priv.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCFx+ubexC16oqLgWDq4P1ZEgREY3eHyJWXdYTjvvoGT75iPM2h
+0Y37+6lRfKHsdjuV5vYfVXfJMC+AfeXq4L6nIMQ6QOz7tFXDDZypjqOdhMF0K2CX
+i65W9Y7WeAHnQ6a3ds1HccU3z1XAhcW/dl7OqlJZYwcJG9DAsmrnZAkVRwIVANwB
+VGsDi2UDNjBsVpTNJM/m5vyhAoGABTN/TDGopoRxrzBBHlKPpZ+B3wfEZ6GaEIQp
+ib03wm57/BQgQ/0r9w5AVqWw1QsyXaHicKYOyPNJR8AdRvo7su4Q+BzlKpn30t+K
+3IH86jHKhvadYaY0hOmg/XqusY0hhGCXx0t/A7GkBVTZeh6NxmuNOrvkBNZoJsXt
+s/DqfKQCgYB7DyOJStMG8OaFg7xY64BgIoLBlgxugiQtsD4rP/nWN98IMWxhCFh+
+usmoTq05IphGeh8isU393r8Z+h2b4rOruw8hAJBqbU711kLwukIAxKGNLFGPmqw1
+OONxKZt9CxUtrW+pVZnh7YPuw01MtFbMpkDiGBENM9AHaMtumnjIPQIVAMiZZNmf
+KRD9lzWqQv+kUKLyhsZb
+-----END DSA PRIVATE KEY-----
diff --git a/cpp/certs/c_dsa1024_pub.pem b/cpp/certs/c_dsa1024_pub.pem
new file mode 100644
index 00000000000..977daed30b5
--- /dev/null
+++ b/cpp/certs/c_dsa1024_pub.pem
@@ -0,0 +1,104 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 27 17:11:27 2006 GMT
+            Not After : Mar 26 17:11:27 2011 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Client
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    7b:0f:23:89:4a:d3:06:f0:e6:85:83:bc:58:eb:80:
+                    60:22:82:c1:96:0c:6e:82:24:2d:b0:3e:2b:3f:f9:
+                    d6:37:df:08:31:6c:61:08:58:7e:ba:c9:a8:4e:ad:
+                    39:22:98:46:7a:1f:22:b1:4d:fd:de:bf:19:fa:1d:
+                    9b:e2:b3:ab:bb:0f:21:00:90:6a:6d:4e:f5:d6:42:
+                    f0:ba:42:00:c4:a1:8d:2c:51:8f:9a:ac:35:38:e3:
+                    71:29:9b:7d:0b:15:2d:ad:6f:a9:55:99:e1:ed:83:
+                    ee:c3:4d:4c:b4:56:cc:a6:40:e2:18:11:0d:33:d0:
+                    07:68:cb:6e:9a:78:c8:3d
+                P:   
+                    00:85:c7:eb:9b:7b:10:b5:ea:8a:8b:81:60:ea:e0:
+                    fd:59:12:04:44:63:77:87:c8:95:97:75:84:e3:be:
+                    fa:06:4f:be:62:3c:cd:a1:d1:8d:fb:fb:a9:51:7c:
+                    a1:ec:76:3b:95:e6:f6:1f:55:77:c9:30:2f:80:7d:
+                    e5:ea:e0:be:a7:20:c4:3a:40:ec:fb:b4:55:c3:0d:
+                    9c:a9:8e:a3:9d:84:c1:74:2b:60:97:8b:ae:56:f5:
+                    8e:d6:78:01:e7:43:a6:b7:76:cd:47:71:c5:37:cf:
+                    55:c0:85:c5:bf:76:5e:ce:aa:52:59:63:07:09:1b:
+                    d0:c0:b2:6a:e7:64:09:15:47
+                Q:   
+                    00:dc:01:54:6b:03:8b:65:03:36:30:6c:56:94:cd:
+                    24:cf:e6:e6:fc:a1
+                G:   
+                    05:33:7f:4c:31:a8:a6:84:71:af:30:41:1e:52:8f:
+                    a5:9f:81:df:07:c4:67:a1:9a:10:84:29:89:bd:37:
+                    c2:6e:7b:fc:14:20:43:fd:2b:f7:0e:40:56:a5:b0:
+                    d5:0b:32:5d:a1:e2:70:a6:0e:c8:f3:49:47:c0:1d:
+                    46:fa:3b:b2:ee:10:f8:1c:e5:2a:99:f7:d2:df:8a:
+                    dc:81:fc:ea:31:ca:86:f6:9d:61:a6:34:84:e9:a0:
+                    fd:7a:ae:b1:8d:21:84:60:97:c7:4b:7f:03:b1:a4:
+                    05:54:d9:7a:1e:8d:c6:6b:8d:3a:bb:e4:04:d6:68:
+                    26:c5:ed:b3:f0:ea:7c:a4
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            95:20:93:AA:43:0E:06:7D:F3:7E:3C:75:6B:CD:F9:C5:15:DD:0E:0E
+            X509v3 Authority Key Identifier: 
+            keyid:9F:A2:17:D5:F0:19:FA:38:09:39:AA:22:26:BF:7A:B5:42:7B:66:EE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:client, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        97:ab:56:bc:ea:04:e5:f2:f1:dd:6c:eb:85:f4:21:5a:25:75:
+        c6:58:cb:85:87:7f:34:a9:51:c7:a2:32:1a:b0:73:a1:e9:9f:
+        70:bc:98:c7:3e:cb:3c:1e:55:8d:60:e7:7b:14:ee:05:f3:8d:
+        78:8d:a2:a4:06:4a:e1:d8:57:10:39:e4:b7:cd:b3:a4:13:56:
+        0e:92:8e:59:a9:6b:5d:ab:87:a1:77:62:a9:3b:a4:b4:a0:fe:
+        96:68:1c:dc:5a:27:50:71:c3:7c:a8:0a:03:81:92:aa:24:d7:
+        04:39:db:e3:13:b4:14:01:00:10:c1:45:51:5e:48:93:0d:c6:
+        71:a3:bf:a0:d9:df:c0:cc:10:44:f1:9e:2d:c0:42:49:f2:a8:
+        f4:77:5b:40:96:79:34:9b:b3:00:54:69:ad:91:56:22:82:72:
+        05:1b:a0:e6:b0:35:eb:4d:7c:17:30:c3:07:79:6b:ab:51:47:
+        fe:e0:60:65:88:8d:86:b3:57:95:9c:75:d7:5a:f9:e2:2f:8c:
+        fb:2c:60:b8:36:ac:93:07:a7:b4:14:c5:7e:bb:6f:d0:1d:e0:
+        44:08:54:92:ff:55:7c:39:f4:07:65:15:74:ad:a8:1b:99:68:
+        a6:b3:d1:6e:74:92:a2:24:bb:4d:87:60:a2:50:6b:71:a5:49:
+        4b:ba:24:eb
+-----BEGIN CERTIFICATE-----
+MIIFKjCCBBKgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI3MTcxMTI3WhcNMTEwMzI2MTcxMTI3WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBkNsaWVudDCC
+AbYwggErBgcqhkjOOAQBMIIBHgKBgQCFx+ubexC16oqLgWDq4P1ZEgREY3eHyJWX
+dYTjvvoGT75iPM2h0Y37+6lRfKHsdjuV5vYfVXfJMC+AfeXq4L6nIMQ6QOz7tFXD
+DZypjqOdhMF0K2CXi65W9Y7WeAHnQ6a3ds1HccU3z1XAhcW/dl7OqlJZYwcJG9DA
+smrnZAkVRwIVANwBVGsDi2UDNjBsVpTNJM/m5vyhAoGABTN/TDGopoRxrzBBHlKP
+pZ+B3wfEZ6GaEIQpib03wm57/BQgQ/0r9w5AVqWw1QsyXaHicKYOyPNJR8AdRvo7
+su4Q+BzlKpn30t+K3IH86jHKhvadYaY0hOmg/XqusY0hhGCXx0t/A7GkBVTZeh6N
+xmuNOrvkBNZoJsXts/DqfKQDgYQAAoGAew8jiUrTBvDmhYO8WOuAYCKCwZYMboIk
+LbA+Kz/51jffCDFsYQhYfrrJqE6tOSKYRnofIrFN/d6/Gfodm+Kzq7sPIQCQam1O
+9dZC8LpCAMShjSxRj5qsNTjjcSmbfQsVLa1vqVWZ4e2D7sNNTLRWzKZA4hgRDTPQ
+B2jLbpp4yD2jggEOMIIBCjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSVIJOqQw4GffN+
+PHVrzfnFFd0ODjCBxAYDVR0jBIG8MIG5gBSfohfV8Bn6OAk5qiImv3q1Qntm7qGB
+naSBmjCBlzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcT
+ElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNV
+BAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYO
+aW5mb0B6ZXJvYy5jb22CAQAwFwYDVR0RBBAwDoIGY2xpZW50hwR/AAABMA0GCSqG
+SIb3DQEBBAUAA4IBAQCXq1a86gTl8vHdbOuF9CFaJXXGWMuFh380qVHHojIasHOh
+6Z9wvJjHPss8HlWNYOd7FO4F8414jaKkBkrh2FcQOeS3zbOkE1YOko5ZqWtdq4eh
+d2KpO6S0oP6WaBzcWidQccN8qAoDgZKqJNcEOdvjE7QUAQAQwUVRXkiTDcZxo7+g
+2d/AzBBE8Z4twEJJ8qj0d1tAlnk0m7MAVGmtkVYignIFG6DmsDXrTXwXMMMHeWur
+UUf+4GBliI2Gs1eVnHXXWvniL4z7LGC4NqyTB6e0FMV+u2/QHeBECFSS/1V8OfQH
+ZRV0ragbmWims9FudJKiJLtNh2CiUGtxpUlLuiTr
+-----END CERTIFICATE-----
diff --git a/cpp/certs/c_rsa1024_priv.pem b/cpp/certs/c_rsa1024_priv.pem
index 67db8be940e..57601793024 100644
--- a/cpp/certs/c_rsa1024_priv.pem
+++ b/cpp/certs/c_rsa1024_priv.pem
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCmYZc13gMz20GQ1zMB1P1mVqLm2lNq7ZTMF/zkUNWP0DyHJ6rP
-9bKhcmb3Nm5/6jFNZ+CJceTZO7OElF0IRLDcSt1F92GujA/ZuGbh8HB8QdT3uIUa
-/RhOtVQbLm1x36xmWyTOM0aU/oX8u38Z8rmG2hzZEPOevojH4YlXWh2weQIDAQAB
-AoGAEH8ooPysUJ3yuEu+EPZvUZBRgpYvIzD/SeUu++xP4HyDI9t5AjmYRo2zS9un
-xSMRVF1yU+5pBGj4+bJELyewaV5B6R5DWaqesBxabjdwNrjV5tj3hlOIvJ9qCtrs
-sK7s1supNtRouWZB03lpGa8AbeiAuhd1NBDoitzxYGiO7SECQQDYcWNA9jLvZXo/
-IWUdqEaxlzHe4zz9jIEf2SH/r4j7+DzeW/LvV3yhRedarkztXU+2oK3hbT5LUgEe
-rrSSjLGFAkEAxMn9VoJ+Ssj+rJ+a2U4SsgTlfapnm9SaIDWf3xl7smXaM5XHbJvl
-lSU5u2fOCo5e+KzW8rlf+Q9jgGv04oo7ZQJBAMkue8dCEI4ckMhlTguHAk7H7n7y
-URqLounrdYKnsngigNFePizh8OImi6jqIm7vMMzcBUNnu2NfUdMnKIifZdECQEk1
-j+7oGw29WqljsxrWpbPeiHXIuETLwg7rhC9ebps+sv9v4EHyeWWT9LdYddmNf51p
-x4mDF0YzyGOVRgQlQtUCQQDKxoGy/jG/hRps94Tg24u50sJvvK+7wfLJAxaGL96V
-W7slvcY4PBB7zzTOtzkWf//i+ALXHknXd9zSzYqVok2m
+MIICXgIBAAKBgQDV9Nih9v3rGn059AD2oXNAqoxHi9KTqoBIW/Ius8de0aec9hoJ
+H9VgqzYJi9/MdxTOqdW+m1Xw+mrU/Ayl5z4H+jNRtstNBBCw7K92otdeiUoaw+3e
+VtDt/1q/f6ZUFvB0ZD8o2Y2Na+Rys5LDznWRhrN1EUqqqCdKhlCWzz/hOwIDAQAB
+AoGBAIIHRKTiK5z3Q0W2MeOxaQ7S12Af7MELbN0M7BlP7wmEFv6AXoBPFWmjg7q3
+hDKJ6F5Uvu8RDmDef5CjAbjN2Vb5RJjJgO6ErgeRwvEVJEhJQec8TAjM5LjM/uNW
+CZYtzQcNTncyVJFBxhXUBkdySZMZ8uxx3DDXkKgtyDypQ42pAkEA7sJM66z3XIuB
+59Gg1snSzM54n6KbfWxKI1UOuBfRHGlC6wq7+F+Qlacxq7V3g5Nt1x/10y8aUpEi
+Pnp87JmWLQJBAOVoC602l3yyZj0ixVX1YdhMwtL/XWbM+rJNsGNOzRQaCU5WLDoX
+quxDmBVx7Inq4NYy3sgyrCkStEf2U1zxngcCQQCVRtgu9brGmtbCqNcl05O/x0u1
+i0YqOd10j8afJQzx9YIIUHLLzHwqhRlSISgzFKc1PF9HBYkwnFtLsuuORkyVAkEA
+q9ToUiD/DT8Ph6GA0GcRmBO/Jo5ypqrI6T957Ji80d7Cs7OmQwkxVPE4fG+t7oxJ
+RwgpiSkzfTxuXyypuoechwJAdOmpDJwviuD6tzWwtE08NEh9Oq1na7evmsa4peEc
+H102JWO5F50gVSQGxXfzLX4niPgDA/qvU9QGV3YPSGFxOQ==
 -----END RSA PRIVATE KEY-----
diff --git a/cpp/certs/c_rsa1024_pub.pem b/cpp/certs/c_rsa1024_pub.pem
index db528aa1648..b6803224dfd 100644
--- a/cpp/certs/c_rsa1024_pub.pem
+++ b/cpp/certs/c_rsa1024_pub.pem
@@ -5,70 +5,72 @@ Certificate:
         Signature Algorithm: md5WithRSAEncryption
         Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
         Validity
-            Not Before: Mar 15 17:51:49 2006 GMT
-            Not After : Mar 14 17:51:49 2011 GMT
+            Not Before: Mar 27 17:11:26 2006 GMT
+            Not After : Mar 26 17:11:26 2011 GMT
         Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Client
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (1024 bit)
                 Modulus (1024 bit):
-                    00:a6:61:97:35:de:03:33:db:41:90:d7:33:01:d4:
-                    fd:66:56:a2:e6:da:53:6a:ed:94:cc:17:fc:e4:50:
-                    d5:8f:d0:3c:87:27:aa:cf:f5:b2:a1:72:66:f7:36:
-                    6e:7f:ea:31:4d:67:e0:89:71:e4:d9:3b:b3:84:94:
-                    5d:08:44:b0:dc:4a:dd:45:f7:61:ae:8c:0f:d9:b8:
-                    66:e1:f0:70:7c:41:d4:f7:b8:85:1a:fd:18:4e:b5:
-                    54:1b:2e:6d:71:df:ac:66:5b:24:ce:33:46:94:fe:
-                    85:fc:bb:7f:19:f2:b9:86:da:1c:d9:10:f3:9e:be:
-                    88:c7:e1:89:57:5a:1d:b0:79
+                    00:d5:f4:d8:a1:f6:fd:eb:1a:7d:39:f4:00:f6:a1:
+                    73:40:aa:8c:47:8b:d2:93:aa:80:48:5b:f2:2e:b3:
+                    c7:5e:d1:a7:9c:f6:1a:09:1f:d5:60:ab:36:09:8b:
+                    df:cc:77:14:ce:a9:d5:be:9b:55:f0:fa:6a:d4:fc:
+                    0c:a5:e7:3e:07:fa:33:51:b6:cb:4d:04:10:b0:ec:
+                    af:76:a2:d7:5e:89:4a:1a:c3:ed:de:56:d0:ed:ff:
+                    5a:bf:7f:a6:54:16:f0:74:64:3f:28:d9:8d:8d:6b:
+                    e4:72:b3:92:c3:ce:75:91:86:b3:75:11:4a:aa:a8:
+                    27:4a:86:50:96:cf:3f:e1:3b
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: 
             CA:FALSE
             X509v3 Subject Key Identifier: 
-            5A:7C:B0:53:25:B0:40:B2:D8:4D:8E:0C:EE:1C:FB:EC:12:8F:8C:D6
+            0C:4A:44:31:A3:7B:C2:17:F2:79:E2:1B:70:1E:77:7E:97:01:A9:8D
             X509v3 Authority Key Identifier: 
-            keyid:F6:04:02:42:46:5A:F1:21:FD:71:42:D6:7B:C4:79:65:7E:1D:1E:86
+            keyid:9F:A2:17:D5:F0:19:FA:38:09:39:AA:22:26:BF:7A:B5:42:7B:66:EE
             DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
             serial:00
 
+            X509v3 Subject Alternative Name: 
+            DNS:client, IP Address:127.0.0.1
     Signature Algorithm: md5WithRSAEncryption
-        87:64:9b:c7:9d:fc:5a:d9:01:11:87:6d:bd:12:74:a9:97:02:
-        e3:4b:9a:3b:d0:02:f1:b1:ad:84:1f:0f:ed:f4:54:93:bb:d0:
-        02:cf:c3:15:7e:c6:f3:72:0f:2c:95:b7:90:ea:33:be:79:06:
-        bf:cb:74:9b:85:74:c2:e2:f9:7c:28:f3:96:f0:0b:97:b4:11:
-        69:d9:85:ba:79:e8:49:54:96:02:47:32:34:12:81:04:65:04:
-        65:a3:50:ec:1b:b4:cc:fc:1e:a6:c2:9a:6c:ef:a4:be:ef:d8:
-        ba:7f:f5:e6:6d:65:3c:4a:fc:a2:d3:27:80:1e:19:2d:7a:9f:
-        f9:9d:de:c5:67:0a:20:99:98:65:02:38:06:be:ad:20:49:9d:
-        c5:46:92:46:13:01:f6:fb:07:ae:aa:c1:43:62:1c:4e:6b:c5:
-        55:18:e0:e1:09:3b:11:42:46:3b:a7:c9:56:06:4c:eb:15:74:
-        16:d4:0e:8d:b3:fd:b1:24:af:29:7e:97:b8:39:83:f0:7b:0b:
-        d1:50:a3:a6:a4:9e:a4:98:02:a6:25:62:6f:08:24:08:e3:53:
-        3c:c1:bb:bc:d1:79:88:9b:3e:78:ec:8b:5e:40:2f:bf:f6:aa:
-        ed:f2:25:12:3e:4c:29:92:33:0a:8c:12:61:f9:cb:67:e2:2d:
-        48:a7:89:ee
+        03:39:43:d2:42:28:38:ad:5b:f3:65:6e:55:c4:34:4f:42:cd:
+        da:66:d0:72:75:f6:cb:34:01:95:29:e0:00:39:71:23:15:27:
+        bf:fd:18:7d:ff:b2:f5:fc:9a:76:25:6c:e6:d0:8a:3d:51:4f:
+        1e:5a:81:3b:a9:46:89:05:fb:d6:bf:45:49:b0:46:ed:e4:7c:
+        61:40:03:06:cb:5d:02:be:43:76:29:30:e7:d3:73:d2:a0:81:
+        a6:bc:8b:55:f7:2c:9b:f7:85:8e:3f:4f:4d:d0:ed:ec:e5:4b:
+        a8:5b:bd:c8:fb:0b:a8:ee:43:90:f4:ab:3b:4a:0f:f3:47:45:
+        89:f9:4f:dc:58:a8:0d:6e:f3:dd:bd:f4:a6:1e:de:96:14:fa:
+        b6:84:50:f6:67:a6:35:80:26:15:ba:c3:01:c7:7e:93:85:63:
+        1d:ce:cb:b0:b1:97:56:34:dd:4f:9d:aa:87:43:58:60:20:7f:
+        4a:df:64:49:bc:5b:30:0d:13:54:cc:4c:69:de:c9:4d:d8:98:
+        fd:5f:40:ec:f4:b9:04:67:dc:b6:76:c3:bf:84:c0:81:ff:95:
+        a9:c3:ae:00:9d:6e:96:24:a3:4d:9c:76:36:87:12:8c:fc:39:
+        f0:d0:f7:93:36:3d:63:ee:c2:14:d1:ce:58:84:ad:f2:58:32:
+        65:2c:1b:9f
 -----BEGIN CERTIFICATE-----
-MIID9zCCAt+gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+MIIEEjCCAvqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
 MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
 b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
-MzE1MTc1MTQ5WhcNMTEwMzE0MTc1MTQ5WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+MzI3MTcxMTI2WhcNMTEwMzI2MTcxMTI2WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
 CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
 MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBkNsaWVudDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApmGXNd4DM9tBkNczAdT9Zlai5tpT
-au2UzBf85FDVj9A8hyeqz/WyoXJm9zZuf+oxTWfgiXHk2TuzhJRdCESw3ErdRfdh
-rowP2bhm4fBwfEHU97iFGv0YTrVUGy5tcd+sZlskzjNGlP6F/Lt/GfK5htoc2RDz
-nr6Ix+GJV1odsHkCAwEAAaOB9DCB8TAJBgNVHRMEAjAAMB0GA1UdDgQWBBRafLBT
-JbBAsthNjgzuHPvsEo+M1jCBxAYDVR0jBIG8MIG5gBT2BAJCRlrxIf1xQtZ7xHll
-fh0ehqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExGzAZ
-BgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UEChMLWmVyb0MsIEluYy4x
-DDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVzdCBDQTEdMBsGCSqGSIb3
-DQEJARYOaW5mb0B6ZXJvYy5jb22CAQAwDQYJKoZIhvcNAQEEBQADggEBAIdkm8ed
-/FrZARGHbb0SdKmXAuNLmjvQAvGxrYQfD+30VJO70ALPwxV+xvNyDyyVt5DqM755
-Br/LdJuFdMLi+Xwo85bwC5e0EWnZhbp56ElUlgJHMjQSgQRlBGWjUOwbtMz8HqbC
-mmzvpL7v2Lp/9eZtZTxK/KLTJ4AeGS16n/md3sVnCiCZmGUCOAa+rSBJncVGkkYT
-Afb7B66qwUNiHE5rxVUY4OEJOxFCRjunyVYGTOsVdBbUDo2z/bEkryl+l7g5g/B7
-C9FQo6aknqSYAqYlYm8IJAjjUzzBu7zReYibPnjsi15AL7/2qu3yJRI+TCmSMwqM
-EmH5y2fiLUinie4=
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1fTYofb96xp9OfQA9qFzQKqMR4vS
+k6qASFvyLrPHXtGnnPYaCR/VYKs2CYvfzHcUzqnVvptV8Ppq1PwMpec+B/ozUbbL
+TQQQsOyvdqLXXolKGsPt3lbQ7f9av3+mVBbwdGQ/KNmNjWvkcrOSw851kYazdRFK
+qqgnSoZQls8/4TsCAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAxK
+RDGje8IX8nniG3Aed36XAamNMIHEBgNVHSMEgbwwgbmAFJ+iF9XwGfo4CTmqIia/
+erVCe2buoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZjbGllbnSHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBAAM5Q9JCKDitW/NlblXENE9Czdpm0HJ19ss0
+AZUp4AA5cSMVJ7/9GH3/svX8mnYlbObQij1RTx5agTupRokF+9a/RUmwRu3kfGFA
+AwbLXQK+Q3YpMOfTc9Kggaa8i1X3LJv3hY4/T03Q7ezlS6hbvcj7C6juQ5D0qztK
+D/NHRYn5T9xYqA1u89299KYe3pYU+raEUPZnpjWAJhW6wwHHfpOFYx3Oy7Cxl1Y0
+3U+dqodDWGAgf0rfZEm8WzANE1TMTGneyU3YmP1fQOz0uQRn3LZ2w7+EwIH/lanD
+rgCdbpYko02cdjaHEoz8OfDQ95M2PWPuwhTRzliErfJYMmUsG58=
 -----END CERTIFICATE-----
diff --git a/cpp/certs/cacert.pem b/cpp/certs/cacert.pem
index 40b2d1e47b3..81f516e8384 100644
--- a/cpp/certs/cacert.pem
+++ b/cpp/certs/cacert.pem
@@ -3,25 +3,25 @@ MIIEozCCA4ugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
 MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
 b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
-MzE1MTc1MTQ5WhcNMTEwMzE0MTc1MTQ5WjCBlzELMAkGA1UEBhMCVVMxEDAOBgNV
+MzI3MTcxMTI1WhcNMTEwMzI2MTcxMTI1WjCBlzELMAkGA1UEBhMCVVMxEDAOBgNV
 BAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UE
 ChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVz
 dCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDnTrtDY6KHEDN72Tx7OgkUaLMhYHIURb7/I72c
-AtoRzbf9qW77w+FmruNySlNAMPiPk70D8Xcl5svtOPe/OGgxSgSvoMS/ym/57eMe
-IE0LD6g5hwn2VQ65ZyPGHJ7PWgixpcejtpPIe2GeXABGp3ADGurlaOwvsORX72IQ
-hvciNlK31WZKvFascLGgvIgpNzasK1y1mV+My9I9rMBp6tz79aWYH62Tv/yZB/Kz
-F+6okSLIzYzZCMRactUbrWX3AE10c3gsJoIOi1spr5ax1LyjlS3AWI5jL2Eu0XLO
-k0Yz8o6M2XGr3BD/Q/cUFIKjjhZr6O0saJybWkAzmWeeuZ+XAgMBAAGjgfcwgfQw
-DAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU9gQCQkZa8SH9cULWe8R5ZX4dHoYwgcQG
-A1UdIwSBvDCBuYAU9gQCQkZa8SH9cULWe8R5ZX4dHoahgZ2kgZowgZcxCzAJBgNV
+DQEBAQUAA4IBDwAwggEKAoIBAQC8U4E+bm85HhX2dNSRQBUb9JBdzUoFE0+aoUst
+k/Zn8ADNDQpn1TjaxJizjK/yT1RvKD4bVMwRCxPvHjh64bBBEtFMsUGljiSwZbIp
+6P94n0TYLWb8XWD3HEMoOW9ALRSQmQC5VDrgr2Ci/Jp7Z5vLHzZR3w910cziJAhi
+v3M0zLDNzxtM08Gfqzpf1gRAaoFt5XDYF880SO9r7tbmPzs7iQHKd4WDhumWoVIX
+zKzRU89Y0SoWuxczzRIxpnx5uhFw2kkH5ZlVwvymd5/WKk1QZI0mO//0KOmSlCba
+dxczc2KUlcsPRPytPxT0HyWKlfxJQxmToLRkcAUvy90/GpCtAgMBAAGjgfcwgfQw
+DAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUn6IX1fAZ+jgJOaoiJr96tUJ7Zu4wgcQG
+A1UdIwSBvDCBuYAUn6IX1fAZ+jgJOaoiJr96tUJ7Zu6hgZ2kgZowgZcxCzAJBgNV
 BAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRswGQYDVQQHExJQYWxtIEJlYWNoIEdh
 cmRlbnMxFDASBgNVBAoTC1plcm9DLCBJbmMuMQwwCgYDVQQLEwNJY2UxFjAUBgNV
 BAMTDVplcm9DIFRlc3QgQ0ExHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
-ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQDebv6otMlokDnzC/Y25VU+fhV8Hat9R0nE
-osWTArvmDgD8yip1Us7QSaoftuznIn3Xbh2jBOx5ND6srs14AIOpxaFU5QVOLzv3
-ZDcd7KOW+d7ft02NZFZcFkmvCjgFkjZcnyT4vDoGXopXlnlgJ4ipQv5Mz8af4RW+
-XTTKfSixR4gJbNfnywumssuV7bUxASivo+fSmiCUCHLDT9HocHgd69z55vT1Wqc2
-5K7Og+JAZvoItuoJxrQ7Mvd0nYUYaP2cmNRKramigqjNG0om529qH0/Cagsfi+bG
-PYjorZxJw8W+XSZv14qqJEo93ilZRo90RlB5e+n2kpdgA107qA7t
+ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQAAaGr0F3Hdoxj/zQahT/tBptv3xG+m+X1d
+2W6PbPdokjQ01rfCP8i3TMKjGmVy1XQj4UGhUg7xKgi8sIg7i5Mju/zDQbsA3udo
+REfBY5yKHVyQh0Fg57DjWsMFSgT3ZJOrYWfOX0Jv5HQhZtlws48ttLkuW2sCf6Cp
+kZ3/+j6ir9LmfxUQ/ss4DfyV/UrrJ5hcwXcJ0AeezecfZHNLqU7IRFdVWVCT0UTM
+JStCOE3sBZU3MwiVYdq+cm6mGdVuXWX3wKVuhlgMx1ZQZ8Bxt5bmcDQ5E1auAZ7R
+C4HRFQRPJhWeIwFUo0vLZyG7W1PGG4vAfaBRDPOsOV6deypxcmIH
 -----END CERTIFICATE-----
diff --git a/cpp/certs/cakey.pem b/cpp/certs/cakey.pem
index 9943f2f65d9..f7b84cb55a1 100644
--- a/cpp/certs/cakey.pem
+++ b/cpp/certs/cakey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA5067Q2OihxAze9k8ezoJFGizIWByFEW+/yO9nALaEc23/alu
-+8PhZq7jckpTQDD4j5O9A/F3JebL7Tj3vzhoMUoEr6DEv8pv+e3jHiBNCw+oOYcJ
-9lUOuWcjxhyez1oIsaXHo7aTyHthnlwARqdwAxrq5WjsL7DkV+9iEIb3IjZSt9Vm
-SrxWrHCxoLyIKTc2rCtctZlfjMvSPazAaerc+/WlmB+tk7/8mQfysxfuqJEiyM2M
-2QjEWnLVG61l9wBNdHN4LCaCDotbKa+WsdS8o5UtwFiOYy9hLtFyzpNGM/KOjNlx
-q9wQ/0P3FBSCo44Wa+jtLGicm1pAM5lnnrmflwIDAQABAoIBAQDjiNtFSzmRyyoZ
-5nRMc6aC4Qt1Bb6ymnlr2einE1cYtFkNuiJmnyWXMOqkfuCuAH5CHn6M5nbiXcq0
-rJlpDT/RXJKHgYqJb8X/ATetZvDitKAzFteB7eHyF7dlJrpCFrr+palhLjTpvhUl
-BjNvTT4uj8gJq9DKiSPWLLE2uM1aZF7uDwcCHF/AdsWzI9WQtrY2iFCW0YJ+hKMF
-6yf1HKQchlg2KvUwfRhsdNimcr0XmsBobb988TXofm5srl4EpoHKXgVONGd0ysGq
-bWpVwuGCPPNvVHIn8sdE28kg5R9dtj16sTWuOUAYZvD7obD/pZpBcz93zre9S37T
-l/SsX/7BAoGBAPVd8jhRakJVLJvdPkb6mIEudH/xNue97F5HIsuAVH2Qe43G76Rr
-5YvebHSDmLueiEPm29dDs8wvCJGNza5/p/QOuuGp0NIdEa4pXXbKEqLJseEGESnG
-t+qsbNATlmMo9rA6chTNPECcwb7NdgyUaaM3GWyTWpiZL0ykz9QUwOefAoGBAPFU
-0A0bD3SHt7HpATbS25ykz3AsNYLxS+79O7SU8KLDQdhsM5CFIUtpX1IMD/uEDhSa
-4xzFH6bimihxqTluhwm8gtqqc1X47pI3ZM0O9Gh0srBBNnBlPBurykjPKtJqyfLf
-NBKFAwf80vfC5kUBJ33+xInw+qOgDmha9pcQWKUJAoGAHfZ59LykcDM8flAXIc3K
-P8Qvf8wx+zyrF5wyOI2UQ70YCWkorHhskJb5wYSsawTh+QDBCdl/pEh+EGAzpMJ7
-/QardZEqKe5Y0V7FxhLJEc31hdga0nIs1WB27TXnIHbJIR4R/k5NtEowMp+ecczR
-1ZeN6D9aSdYy+3YI1wotwFsCgYEAzMinczePOdcgrbuG6DqtWJMR46HgFqkjQj1o
-uKfaOoNuEHRgnTYbNp7H4BuURF2ehSWZqwQrA7YuEjvA2ZdMx5pLf7o7/Kwr5a9T
-vh3+j9TW/HGZ/G4rP1/bW0VQlRVBIPL+gOiV1eVYMB4WwF9mX6gcpuDyDn73Ot5V
-eYLJdeECgYEAqpnQAGbpkxZJrw5FOwFEMZFC5efFBiwLGcbZVHjA8xyi79JYoab0
-/ke4qR3Y7wsnNhWKZzKkVs1wpZrVslzh9uasTEVM978doQ7Sq47gttVaxxrNDR2S
-SOa3b0yLq8Kf2w/k86PYkgdo5tBgqe59d/+tD23WisLAtHPlDNPWi8Q=
+MIIEowIBAAKCAQEAvFOBPm5vOR4V9nTUkUAVG/SQXc1KBRNPmqFLLZP2Z/AAzQ0K
+Z9U42sSYs4yv8k9Ubyg+G1TMEQsT7x44euGwQRLRTLFBpY4ksGWyKej/eJ9E2C1m
+/F1g9xxDKDlvQC0UkJkAuVQ64K9govyae2ebyx82Ud8PddHM4iQIYr9zNMywzc8b
+TNPBn6s6X9YEQGqBbeVw2BfPNEjva+7W5j87O4kByneFg4bplqFSF8ys0VPPWNEq
+FrsXM80SMaZ8eboRcNpJB+WZVcL8pnef1ipNUGSNJjv/9CjpkpQm2ncXM3NilJXL
+D0T8rT8U9B8lipX8SUMZk6C0ZHAFL8vdPxqQrQIDAQABAoIBAEVh+n7WzvFbLTpE
+pr/wvRY0jy+P35JpH+3XOMxM8/4tBQ6GnGvOuYiX365eyb/bDD97sw38usYYr7ps
+BuD23ynKVgQMViQ5bzjx7qbUKbL18rY2W/fkK0I/Tlq2dk9NjIMNa5/b8WkwE8lY
+iU2nyVUXZbraFGcS6YnzPoerAzXTBfMZmeHQ9RsgoAuQKDylWuDoA/D3wnazi5gx
+QL8Q4GCgnNkUir20UP7jTSPfpwSmVtzLRhWIdKSnoAOIBD7pc7Pu1Y13p0POZtmW
+9+z/5h02XS3qb350rAijCv89+t8dqGwY44kd/DbzmeB/nVKM4eG50Z+i1UK1YeUT
+C7FuxwECgYEA5D2iLbdSe+wXQexKXIz8O/ELZQljPbA5EgPe7HbR/6PhVpdiuBAZ
+23Q9oMPV/8UGu3Dmnhg9uoMOGDfHoMnvZHGg6QGCQAYZBMRrMkEebcTwYzYBp7Oe
+GGaCkR8WDCVmflUBqklZeSI2USbkV+h4mDydWHv0ZurKtSNhUe3mbG0CgYEA0zsd
+k19hXq4ptZbcVRvRWOX3livypxkPcr89CoamgN1Qb6BxaxEQoqy6p62BO2U+Gfgd
+lBi2/vkIIJw9E0bkh22HKUqErPtrTMc3G9NprF1hXzE8kSLijyAOHHIYFd5X9oTt
+T3pBFX/RkcnB51JWrsffHFVtrJMoz3n2hbbFjUECgYEAhMH023KOX9ZrkMTIXB0F
+ejgy0IotV2xxRbFKsXBLpc7E+4ECwt1arPNoBWLjzunjiJObEMo43YvtXtjTHQtY
+W6xcVCu0f1kMpGE7mPeXo3GyAYMgY1Nu2fKGb7MNN/NpMoJvfYU8reDgh0N//kIS
+IzrequEuv85CKipyKR2fseECgYBs90H6lGmWfiHmGzzuartEMN3YCjPTH4pol17V
+30BlmcW0z/+yS8tZH+HqPgc8rK2sl+IqU9WTEsSujeqz1w5tDoN7OYXX9psTsHEt
+WZJZ6JIimTO1a1mUm+Srp+/k2B5ofYouRdLtVFK38myk+ETfRRxDcY5ySDf1T+Vs
+dSzUAQKBgDnQyeEgrqjE26ndAssJxgxhrdgCGgYG+cBI9XQIxQgqvNu5ek5ka5Fo
+f+I9E0E34zzkSKtTZD5AKH2cwB/JZrA2X6/URjt6fI+GDvG79pHGh7BOEAYUArF5
+zQQkkHlA7uHW1TT0uHhnjX4bb3DvTRQBGm+/7hImrKoSGe0N3wLn
 -----END RSA PRIVATE KEY-----
diff --git a/cpp/certs/client_sslconfig.xml b/cpp/certs/client_sslconfig.xml
deleted file mode 100644
index 133db5e26a0..00000000000
--- a/cpp/certs/client_sslconfig.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 
-<SSLConfig> 
-    <client> 
-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="10" /> 
-        <certauthority file="cacert.pem" />
-        <basecerts> 
-            <rsacert keysize="1024"> 
-                <public  encoding="PEM" filename="c_rsa1024_pub.pem" /> 
-                <private encoding="PEM" filename="c_rsa1024_priv.pem" /> 
-            </rsacert> 
-        </basecerts> 
-    </client> 
-</SSLConfig>
diff --git a/cpp/certs/dsaparam1024.pem b/cpp/certs/dsaparam1024.pem
new file mode 100644
index 00000000000..6e81da549cc
--- /dev/null
+++ b/cpp/certs/dsaparam1024.pem
@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHgKBgQCFx+ubexC16oqLgWDq4P1ZEgREY3eHyJWXdYTjvvoGT75iPM2h0Y37
++6lRfKHsdjuV5vYfVXfJMC+AfeXq4L6nIMQ6QOz7tFXDDZypjqOdhMF0K2CXi65W
+9Y7WeAHnQ6a3ds1HccU3z1XAhcW/dl7OqlJZYwcJG9DAsmrnZAkVRwIVANwBVGsD
+i2UDNjBsVpTNJM/m5vyhAoGABTN/TDGopoRxrzBBHlKPpZ+B3wfEZ6GaEIQpib03
+wm57/BQgQ/0r9w5AVqWw1QsyXaHicKYOyPNJR8AdRvo7su4Q+BzlKpn30t+K3IH8
+6jHKhvadYaY0hOmg/XqusY0hhGCXx0t/A7GkBVTZeh6NxmuNOrvkBNZoJsXts/Dq
+fKQ=
+-----END DSA PARAMETERS-----
diff --git a/cpp/certs/makecerts b/cpp/certs/makecerts
index 0d81d0a69d2..f4522fa7080 100755
--- a/cpp/certs/makecerts
+++ b/cpp/certs/makecerts
@@ -12,6 +12,9 @@
 # This script creates the required CA key and certificate (if they do not
 # already exist) and server certificate/key pairs.
 #
+# Remove cakey.pem and dsaparam1024.pem to regenerate everything.
+#
+# NOTE: Make sure that ICE_HOME is set correctly before you start!
 
 #
 # Note: If you want private keys passphrase protected, comment this out.
@@ -20,35 +23,41 @@ PASSPHRASE=-nodes
 
 CA_HOME=$ICE_HOME/certs/openssl/ca
 
-if ! [ -f $CA_HOME/cakey.pem ]; then
-    #
-    # Set up a sample CA for key generation.
-    #
-    cd $ICE_HOME/certs/openssl
-    mkdir ca
-    cd ca
-    echo '01' > serial
-    touch index.txt
+#
+# Generate RSA certificates and keys.
+#
+if ! [ -f $ICE_HOME/certs/cakey.pem ]; then
+
+    if [ -d $CA_HOME ]; then
+	rm -rf $CA_HOME
+    fi
+    mkdir $CA_HOME
+    echo '01' > $CA_HOME/serial
+    touch $CA_HOME/index.txt
 
     #
     # Generate our CA certificate and key if they do not already exist.
     #
-    echo "You will be prompted for a passphrase - this is the passphrase that protects the CA signing authority key."
+    if test -z "$PASSPHRASE" ; then
+	echo "You will be prompted for a passphrase that protects the CA signing authority key."
+    fi
     openssl req -config $ICE_HOME/certs/openssl/ice_ca.cnf -x509 -days 1825 -newkey rsa -out $CA_HOME/cacert.pem \
 	-outform PEM $PASSPHRASE
     cp $CA_HOME/cacert.pem $ICE_HOME/certs
     cp $CA_HOME/cakey.pem $ICE_HOME/certs
 
     #
-    # Create our Server certificate and key.
+    # Create our server certificate and key.
     #
     SERIAL=`cat $CA_HOME/serial`
     KEY_NAME=`echo $SERIAL`_key.pem
     CERT_NAME=`echo $SERIAL`_cert.pem
     openssl req -config $ICE_HOME/certs/openssl/server.cnf -newkey rsa $PASSPHRASE -keyout $CA_HOME/$KEY_NAME \
         -keyform PEM -out $CA_HOME/req.pem
-    echo "You will be prompted for a passphrase - this is so we can sign the new Server Certificate."
-    echo "Enter the passphrase for the CA signing authority."
+    if test -z "$PASSPHRASE" ; then
+	echo "You will be prompted for a passphrase to sign the new server Certificate."
+	echo "Enter the passphrase for the CA signing authority."
+    fi
     openssl ca -config $ICE_HOME/certs/openssl/server.cnf -batch -in $CA_HOME/req.pem
     mv $CA_HOME/$SERIAL.pem $CA_HOME/$CERT_NAME
     cp $CA_HOME/$KEY_NAME  $ICE_HOME/certs/s_rsa1024_priv.pem
@@ -56,45 +65,73 @@ if ! [ -f $CA_HOME/cakey.pem ]; then
     rm $CA_HOME/req.pem
 
     #
-    # Create our Server certificate and key.
+    # Create our client certificate and key.
     #
     SERIAL=`cat $CA_HOME/serial`
     KEY_NAME=`echo $SERIAL`_key.pem
     CERT_NAME=`echo $SERIAL`_cert.pem
     openssl req -config $ICE_HOME/certs/openssl/client.cnf -newkey rsa $PASSPHRASE -keyout $CA_HOME/$KEY_NAME \
         -keyform PEM -out $CA_HOME/req.pem
-    echo "You will be prompted for a passphrase - this is so we can sign the new Client Certificate."
-    echo "Enter the passphrase for the CA signing authority."
+    if test -z "$PASSPHRASE" ; then
+	echo "You will be prompted for a passphrase to sign the new client Certificate."
+	echo "Enter the passphrase for the CA signing authority."
+    fi
     openssl ca -config $ICE_HOME/certs/openssl/client.cnf -batch -in $CA_HOME/req.pem
     mv $CA_HOME/$SERIAL.pem $CA_HOME/$CERT_NAME
     cp $CA_HOME/$KEY_NAME  $ICE_HOME/certs/c_rsa1024_priv.pem
     cp $CA_HOME/$CERT_NAME $ICE_HOME/certs/c_rsa1024_pub.pem
     rm $CA_HOME/req.pem
 
+    rm -f dsaparam1024.pem
+fi
+
+#
+# Generate DSA parameters and keys.
+#
+if ! [ -f dsaparam1024.pem ]; then
+
+    if [ -d $CA_HOME ]; then
+	rm -rf $CA_HOME
+    fi
+    mkdir $CA_HOME
+    echo '01' > $CA_HOME/serial
+    touch $CA_HOME/index.txt
+
+    openssl dsaparam -out dsaparam1024.pem -outform PEM 1024
+
     #
-    # Copy pertinent certificates to test directory.
+    # Create our server certificate and key.
     #
-    cp $ICE_HOME/certs/cacert.pem         $ICE_HOME/test/IceSSL/certs
-    cp $ICE_HOME/certs/c_rsa1024_priv.pem $ICE_HOME/test/IceSSL/certs/goodKey_1.pem
-    cp $ICE_HOME/certs/c_rsa1024_pub.pem  $ICE_HOME/test/IceSSL/certs/goodCert_1.pem
-    cp $ICE_HOME/certs/s_rsa1024_priv.pem $ICE_HOME/test/IceSSL/certs/goodKey_2.pem
-    cp $ICE_HOME/certs/s_rsa1024_pub.pem  $ICE_HOME/test/IceSSL/certs/goodCert_2.pem
-else
+    SERIAL=`cat $CA_HOME/serial`
+    KEY_NAME=`echo $SERIAL`_key.pem
+    CERT_NAME=`echo $SERIAL`_cert.pem
+    openssl req -config $ICE_HOME/certs/openssl/server.cnf -newkey dsa:dsaparam1024.pem $PASSPHRASE \
+	-keyout $CA_HOME/$KEY_NAME -keyform PEM -out $CA_HOME/req.pem
+    if test -z "$PASSPHRASE" ; then
+	echo "You will be prompted for a passphrase to sign the new server Certificate."
+	echo "Enter the passphrase for the CA signing authority."
+    fi
+    openssl ca -config $ICE_HOME/certs/openssl/server.cnf -batch -in $CA_HOME/req.pem
+    mv $CA_HOME/$SERIAL.pem $CA_HOME/$CERT_NAME
+    cp $CA_HOME/$KEY_NAME  $ICE_HOME/certs/s_dsa1024_priv.pem
+    cp $CA_HOME/$CERT_NAME $ICE_HOME/certs/s_dsa1024_pub.pem
+    rm $CA_HOME/req.pem
+
     #
-    # Create a new certificate and key.
+    # Create our client certificate and key.
     #
-
     SERIAL=`cat $CA_HOME/serial`
     KEY_NAME=`echo $SERIAL`_key.pem
     CERT_NAME=`echo $SERIAL`_cert.pem
-    openssl req -config $ICE_HOME/certs/openssl/generic.cnf -newkey rsa $PASSPHRASE -keyout $CA_HOME/$KEY_NAME \
-        -keyform PEM -out $CA_HOME/req.pem
-    echo "You will be prompted for a passphrase - this is so we can sign the new certificate."
-    echo "Enter the passphrase for the CA signing authority."
-    openssl ca -config $ICE_HOME/certs/openssl/generic.cnf -in $CA_HOME/req.pem
+    openssl req -config $ICE_HOME/certs/openssl/client.cnf -newkey dsa:dsaparam1024.pem $PASSPHRASE \
+	-keyout $CA_HOME/$KEY_NAME -keyform PEM -out $CA_HOME/req.pem
+    if test -z "$PASSPHRASE" ; then
+	echo "You will be prompted for a passphrase to sign the new client Certificate."
+	echo "Enter the passphrase for the CA signing authority."
+    fi
+    openssl ca -config $ICE_HOME/certs/openssl/client.cnf -batch -in $CA_HOME/req.pem
     mv $CA_HOME/$SERIAL.pem $CA_HOME/$CERT_NAME
-    cp $CA_HOME/$KEY_NAME  $ICE_HOME/certs/newkey.pem
-    cp $CA_HOME/$CERT_NAME $ICE_HOME/certs/newcert.pem
+    cp $CA_HOME/$KEY_NAME  $ICE_HOME/certs/c_dsa1024_priv.pem
+    cp $CA_HOME/$CERT_NAME $ICE_HOME/certs/c_dsa1024_pub.pem
     rm $CA_HOME/req.pem
 fi
-
diff --git a/cpp/certs/openssl/client.cnf b/cpp/certs/openssl/client.cnf
index 28b5f1ca8aa..c14e1c558b7 100644
--- a/cpp/certs/openssl/client.cnf
+++ b/cpp/certs/openssl/client.cnf
@@ -21,8 +21,8 @@ default_ca = ice
 
 [ ice ]
 dir              = $ENV::ICE_HOME/certs/openssl/ca  # Where everything is kept.
-private_key      = $dir/cakey.pem           # The CA Private Key.
-certificate      = $dir/cacert.pem          # The CA Certificate.
+private_key      = $ENV::ICE_HOME/certs/cakey.pem   # The CA Private Key.
+certificate      = $ENV::ICE_HOME/certs/cacert.pem  # The CA Certificate.
 database         = $dir/index.txt           # Database index file.
 new_certs_dir    = $dir                     # Default loc for new certs.
 serial           = $dir/serial              # The current serial number.
@@ -54,6 +54,7 @@ basicConstraints = CA:false
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer:always
 
+subjectAltName = DNS:client, IP:127.0.0.1
 
 [ req ]
 default_bits        = 1024
diff --git a/cpp/certs/openssl/server.cnf b/cpp/certs/openssl/server.cnf
index 9ba8182f72f..34f9abc88be 100644
--- a/cpp/certs/openssl/server.cnf
+++ b/cpp/certs/openssl/server.cnf
@@ -21,8 +21,8 @@ default_ca = ice
 
 [ ice ]
 dir              = $ENV::ICE_HOME/certs/openssl/ca  # Where everything is kept.
-private_key      = $dir/cakey.pem           # The CA Private Key.
-certificate      = $dir/cacert.pem          # The CA Certificate.
+private_key      = $ENV::ICE_HOME/certs/cakey.pem   # The CA Private Key.
+certificate      = $ENV::ICE_HOME/certs/cacert.pem  # The CA Certificate.
 database         = $dir/index.txt           # Database index file.
 new_certs_dir    = $dir                     # Default loc for new certs.
 serial           = $dir/serial              # The current serial number.
@@ -54,6 +54,7 @@ basicConstraints = CA:false
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer:always
 
+subjectAltName = DNS:server, IP:127.0.0.1
 
 [ req ]
 default_bits        = 1024
diff --git a/cpp/certs/s_dh1024.pem b/cpp/certs/s_dh1024.pem
deleted file mode 100644
index 442a1659fe7..00000000000
--- a/cpp/certs/s_dh1024.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIGHAoGBAKhfWPlaRdW7/pMBnsUSWpGS8/JxL1dJ6LNalbsXb9O5+RB+WtokhuMS
-fKs5YFSdWqt+Z/xHUpx7c0Z4VwuiEzS1CkPFpoGHptGnrvnSha9k9Ou1fXFWbumb
-cnSfbMbAr1EcvtCmxbN1vMAiLmbOmomKNY4L6x44cLqua/ppus+jAgEC
------END DH PARAMETERS-----
diff --git a/cpp/certs/s_dsa1024_priv.pem b/cpp/certs/s_dsa1024_priv.pem
new file mode 100644
index 00000000000..d23062d2b24
--- /dev/null
+++ b/cpp/certs/s_dsa1024_priv.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCFx+ubexC16oqLgWDq4P1ZEgREY3eHyJWXdYTjvvoGT75iPM2h
+0Y37+6lRfKHsdjuV5vYfVXfJMC+AfeXq4L6nIMQ6QOz7tFXDDZypjqOdhMF0K2CX
+i65W9Y7WeAHnQ6a3ds1HccU3z1XAhcW/dl7OqlJZYwcJG9DAsmrnZAkVRwIVANwB
+VGsDi2UDNjBsVpTNJM/m5vyhAoGABTN/TDGopoRxrzBBHlKPpZ+B3wfEZ6GaEIQp
+ib03wm57/BQgQ/0r9w5AVqWw1QsyXaHicKYOyPNJR8AdRvo7su4Q+BzlKpn30t+K
+3IH86jHKhvadYaY0hOmg/XqusY0hhGCXx0t/A7GkBVTZeh6NxmuNOrvkBNZoJsXt
+s/DqfKQCgYA8wQGhj4VYT3kVOouWicf1jv5fKFXMJ9A5St3O3A1UIv/IqjCtKhtC
+uBSZQ0DoSfYhC0EEYC0SHoUjGCdltbhUcpf0LL4JKF3LMqQh47fnXbZPSO6Ym4ik
+09oJLMXHEY2c6HJcfoeoitx1tNroUA2nAr7LdSPUhMGpX8L7K1x1jgIUGbaXvv1m
+Mj583RyiGl38VTpSrsI=
+-----END DSA PRIVATE KEY-----
diff --git a/cpp/certs/s_dsa1024_pub.pem b/cpp/certs/s_dsa1024_pub.pem
new file mode 100644
index 00000000000..e826c947ab6
--- /dev/null
+++ b/cpp/certs/s_dsa1024_pub.pem
@@ -0,0 +1,104 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 27 17:11:27 2006 GMT
+            Not After : Mar 26 17:11:27 2011 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Server
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    3c:c1:01:a1:8f:85:58:4f:79:15:3a:8b:96:89:c7:
+                    f5:8e:fe:5f:28:55:cc:27:d0:39:4a:dd:ce:dc:0d:
+                    54:22:ff:c8:aa:30:ad:2a:1b:42:b8:14:99:43:40:
+                    e8:49:f6:21:0b:41:04:60:2d:12:1e:85:23:18:27:
+                    65:b5:b8:54:72:97:f4:2c:be:09:28:5d:cb:32:a4:
+                    21:e3:b7:e7:5d:b6:4f:48:ee:98:9b:88:a4:d3:da:
+                    09:2c:c5:c7:11:8d:9c:e8:72:5c:7e:87:a8:8a:dc:
+                    75:b4:da:e8:50:0d:a7:02:be:cb:75:23:d4:84:c1:
+                    a9:5f:c2:fb:2b:5c:75:8e
+                P:   
+                    00:85:c7:eb:9b:7b:10:b5:ea:8a:8b:81:60:ea:e0:
+                    fd:59:12:04:44:63:77:87:c8:95:97:75:84:e3:be:
+                    fa:06:4f:be:62:3c:cd:a1:d1:8d:fb:fb:a9:51:7c:
+                    a1:ec:76:3b:95:e6:f6:1f:55:77:c9:30:2f:80:7d:
+                    e5:ea:e0:be:a7:20:c4:3a:40:ec:fb:b4:55:c3:0d:
+                    9c:a9:8e:a3:9d:84:c1:74:2b:60:97:8b:ae:56:f5:
+                    8e:d6:78:01:e7:43:a6:b7:76:cd:47:71:c5:37:cf:
+                    55:c0:85:c5:bf:76:5e:ce:aa:52:59:63:07:09:1b:
+                    d0:c0:b2:6a:e7:64:09:15:47
+                Q:   
+                    00:dc:01:54:6b:03:8b:65:03:36:30:6c:56:94:cd:
+                    24:cf:e6:e6:fc:a1
+                G:   
+                    05:33:7f:4c:31:a8:a6:84:71:af:30:41:1e:52:8f:
+                    a5:9f:81:df:07:c4:67:a1:9a:10:84:29:89:bd:37:
+                    c2:6e:7b:fc:14:20:43:fd:2b:f7:0e:40:56:a5:b0:
+                    d5:0b:32:5d:a1:e2:70:a6:0e:c8:f3:49:47:c0:1d:
+                    46:fa:3b:b2:ee:10:f8:1c:e5:2a:99:f7:d2:df:8a:
+                    dc:81:fc:ea:31:ca:86:f6:9d:61:a6:34:84:e9:a0:
+                    fd:7a:ae:b1:8d:21:84:60:97:c7:4b:7f:03:b1:a4:
+                    05:54:d9:7a:1e:8d:c6:6b:8d:3a:bb:e4:04:d6:68:
+                    26:c5:ed:b3:f0:ea:7c:a4
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            B2:7C:17:D5:44:73:73:A4:AD:CE:2C:0C:57:CB:40:56:9A:7D:57:E8
+            X509v3 Authority Key Identifier: 
+            keyid:9F:A2:17:D5:F0:19:FA:38:09:39:AA:22:26:BF:7A:B5:42:7B:66:EE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:server, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        14:ae:4b:08:35:bb:a3:89:8a:36:51:e0:c1:4e:77:47:04:1e:
+        f8:26:7b:71:66:1a:99:75:34:fa:ec:f1:93:9a:f0:cd:f7:ce:
+        0e:b4:a9:db:0d:c6:dc:79:38:9e:46:66:31:f0:36:50:4e:84:
+        cf:b0:af:c0:78:37:70:9b:1c:bb:52:ed:89:e1:30:97:49:58:
+        c6:be:ac:f1:81:bb:4d:1b:d8:3a:e1:80:ad:6b:f3:fb:34:24:
+        74:3d:3b:91:1b:53:0f:2d:be:07:ce:2a:0e:83:20:2d:66:d5:
+        6b:08:b8:15:cc:94:3b:d9:4a:e8:6c:bc:f2:b7:63:24:6e:bf:
+        59:8e:4a:cc:bd:fd:49:20:4a:5c:65:ea:97:37:7b:6b:1e:f1:
+        97:53:1b:18:82:b2:c8:d5:98:f6:66:ba:7b:eb:b0:19:51:36:
+        25:71:04:70:4b:6e:ae:a4:c3:2e:2e:55:25:fe:df:2b:f5:de:
+        f9:6d:89:e1:c7:72:a4:db:66:98:24:3d:dc:b4:1f:e7:b2:7e:
+        22:28:28:5e:58:ea:5b:c3:3a:9e:01:dc:95:a1:fe:1d:f5:b7:
+        c1:7b:ed:6e:24:80:4d:e2:ca:26:b9:f8:4c:12:74:f7:82:a0:
+        d5:af:7d:d9:8a:54:cf:e1:38:63:8f:b6:b4:67:a5:c9:b8:62:
+        d0:da:8e:d1
+-----BEGIN CERTIFICATE-----
+MIIFKjCCBBKgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI3MTcxMTI3WhcNMTEwMzI2MTcxMTI3WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBlNlcnZlcjCC
+AbYwggErBgcqhkjOOAQBMIIBHgKBgQCFx+ubexC16oqLgWDq4P1ZEgREY3eHyJWX
+dYTjvvoGT75iPM2h0Y37+6lRfKHsdjuV5vYfVXfJMC+AfeXq4L6nIMQ6QOz7tFXD
+DZypjqOdhMF0K2CXi65W9Y7WeAHnQ6a3ds1HccU3z1XAhcW/dl7OqlJZYwcJG9DA
+smrnZAkVRwIVANwBVGsDi2UDNjBsVpTNJM/m5vyhAoGABTN/TDGopoRxrzBBHlKP
+pZ+B3wfEZ6GaEIQpib03wm57/BQgQ/0r9w5AVqWw1QsyXaHicKYOyPNJR8AdRvo7
+su4Q+BzlKpn30t+K3IH86jHKhvadYaY0hOmg/XqusY0hhGCXx0t/A7GkBVTZeh6N
+xmuNOrvkBNZoJsXts/DqfKQDgYQAAoGAPMEBoY+FWE95FTqLlonH9Y7+XyhVzCfQ
+OUrdztwNVCL/yKowrSobQrgUmUNA6En2IQtBBGAtEh6FIxgnZbW4VHKX9Cy+CShd
+yzKkIeO35122T0jumJuIpNPaCSzFxxGNnOhyXH6HqIrcdbTa6FANpwK+y3Uj1ITB
+qV/C+ytcdY6jggEOMIIBCjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSyfBfVRHNzpK3O
+LAxXy0BWmn1X6DCBxAYDVR0jBIG8MIG5gBSfohfV8Bn6OAk5qiImv3q1Qntm7qGB
+naSBmjCBlzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcT
+ElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNV
+BAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYO
+aW5mb0B6ZXJvYy5jb22CAQAwFwYDVR0RBBAwDoIGc2VydmVyhwR/AAABMA0GCSqG
+SIb3DQEBBAUAA4IBAQAUrksINbujiYo2UeDBTndHBB74JntxZhqZdTT67PGTmvDN
+984OtKnbDcbceTieRmYx8DZQToTPsK/AeDdwmxy7Uu2J4TCXSVjGvqzxgbtNG9g6
+4YCta/P7NCR0PTuRG1MPLb4HzioOgyAtZtVrCLgVzJQ72UrobLzyt2Mkbr9ZjkrM
+vf1JIEpcZeqXN3trHvGXUxsYgrLI1Zj2Zrp767AZUTYlcQRwS26upMMuLlUl/t8r
+9d75bYnhx3Kk22aYJD3ctB/nsn4iKCheWOpbwzqeAdyVof4d9bfBe+1uJIBN4som
+ufhMEnT3gqDVr33ZilTP4Thjj7a0Z6XJuGLQ2o7R
+-----END CERTIFICATE-----
diff --git a/cpp/certs/s_rsa1024_priv.pem b/cpp/certs/s_rsa1024_priv.pem
index 808ef1c0d87..3f27b2a9bba 100644
--- a/cpp/certs/s_rsa1024_priv.pem
+++ b/cpp/certs/s_rsa1024_priv.pem
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDha4kCb1efkTYveRj2d0AiZYFsh/f4X33OeXTh2vjphVnKQUtf
-SrsFC5NkDlRkEOy0qaAWlE9rPIm4Sq9MfS0nqCkJchuN6G9MKQ0HaHZP31sPe1l5
-17KJ6mNJtHarJ4hEazQQ4yXNsEvJ3FuEG1Jjn6euuEpv3/Kw6MH87D7gUQIDAQAB
-AoGBAJCGQ4d+H228ykLRn0GV31auQbZ1znQ9tQlGMbwEioYd6x2Tk2F7JkDr1QnX
-bh/iAgEqp+sSF4EnhRzVNWMS9nk8c57SH+SCTev4KysjYoUl1RpU9X2n5dFBifSY
-J8saC5QXh8ZWxKckAeZHrdEezLigoIEQAL3SY0NyShPJt1QBAkEA88dms6q4az83
-7b/uyIfjRu2ZDe9z8kUXn/aua6y/h1qn51DikjFobnwaEVy0Tvka71rqhB1pvigo
-qejFqhtI8QJBAOy4hWEGNYgwP3n/4ejZmKrWhdqCgvtHZaV3D4sMv7YFrfIOHEEe
-tymOaJW7p2Z+Qerqjh9geJ4lsOwvx4h0DWECQHrE6C8BgkDYpKUCbRHmhYpZ7CO9
-fOn868nupKaraAWVnUt8S66OXWaO713hDxlakLsMUWDZo0BV3yy6gpmJhjECQHT3
-zDgf+E2eAY+H55nGA1DPBX7uJEiDg+9ZwF1l5EjNz6CeZkmrIrgu/PCXs+TKGEo6
-shVA9vi2CRD7nu2G4qECQGAG4AZnG10WEdTb48kBJ1BXiFr5SHPKkPXh2187HfnE
-JUGFX76iVQTXtVL1PZLbiOjYOZb4OA7SeDbKCI2zZIs=
+MIICXgIBAAKBgQDYZHZv6IAfmQAgcYo2tBdH8XlwLHl2critTDjcUUFzmTL6vLco
+iaGSStp+j7RuuxJEHk9D5PlRS2vTu3lDlKLbkfWkQSkFXr6A3mpBKjiNYQW/Q+TW
+OXWuvfBhSTpyz0Vq5kTB04tv7nH19LpZlJxNc5UwSsobJY2VG4Gpyf0M0wIDAQAB
+AoGBALc7amacU1FuNwNB4S0tFcGfoZrwrfE0d1iXAFbenzOJd/eFMPqsgBnmNFmS
+ydAxq+fuWmQ9UTgbSzTAvJATHkqLYlT9eBHhK3s37Bp9ug9c67ScXJAmSFwjRzBj
+fZricMLcFqYCPVwq0TtnedR2Qjv9DVootKw60OOR59hfN/jhAkEA+cENUL4WoY/S
+8omfN42Vv+3glaoRD1vI/tqGIAjxtlvLDRCG3SksExlV+UqIT1Pw8hOIIEYRZYdR
+bQ7fVk/hewJBAN3N04KcjeBbC+cHETB0DDxy3Gt7TiRsuCSTsa+Xf5o6nYwVlJKY
+jzv3SYnWfLY+zUWmWBBRlbR8jU/wC3R1hokCQCiFauyjurZByH7zVzLDNP2r0ZlW
+u2fbg3Pd7o76BIWKxRn8iXUOfgknPiyxLAZ63wfXpWlfFOl9F/fyxseRNEsCQQDI
+QkS8gWLrdOi7LztK1wwRK9dtR4gXBP4BMERWeF9iPZfvWbCp5wozpyKDS9+PoAYv
+429RVIfozCe+S8nb3RyZAkEAsXgTwB80RXlLseQ8MVXXJm79MbXJCnO8Z3MxMNtc
+VeHP1BTWCXHzNujzulAYXf3gzz7egyeFEZcGtzIN+uvniA==
 -----END RSA PRIVATE KEY-----
diff --git a/cpp/certs/s_rsa1024_pub.pem b/cpp/certs/s_rsa1024_pub.pem
index e10ddf847ac..44837252507 100644
--- a/cpp/certs/s_rsa1024_pub.pem
+++ b/cpp/certs/s_rsa1024_pub.pem
@@ -5,70 +5,72 @@ Certificate:
         Signature Algorithm: md5WithRSAEncryption
         Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
         Validity
-            Not Before: Mar 15 17:51:49 2006 GMT
-            Not After : Mar 14 17:51:49 2011 GMT
+            Not Before: Mar 27 17:11:26 2006 GMT
+            Not After : Mar 26 17:11:26 2011 GMT
         Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Server
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
             RSA Public Key: (1024 bit)
                 Modulus (1024 bit):
-                    00:e1:6b:89:02:6f:57:9f:91:36:2f:79:18:f6:77:
-                    40:22:65:81:6c:87:f7:f8:5f:7d:ce:79:74:e1:da:
-                    f8:e9:85:59:ca:41:4b:5f:4a:bb:05:0b:93:64:0e:
-                    54:64:10:ec:b4:a9:a0:16:94:4f:6b:3c:89:b8:4a:
-                    af:4c:7d:2d:27:a8:29:09:72:1b:8d:e8:6f:4c:29:
-                    0d:07:68:76:4f:df:5b:0f:7b:59:79:d7:b2:89:ea:
-                    63:49:b4:76:ab:27:88:44:6b:34:10:e3:25:cd:b0:
-                    4b:c9:dc:5b:84:1b:52:63:9f:a7:ae:b8:4a:6f:df:
-                    f2:b0:e8:c1:fc:ec:3e:e0:51
+                    00:d8:64:76:6f:e8:80:1f:99:00:20:71:8a:36:b4:
+                    17:47:f1:79:70:2c:79:76:72:b8:ad:4c:38:dc:51:
+                    41:73:99:32:fa:bc:b7:28:89:a1:92:4a:da:7e:8f:
+                    b4:6e:bb:12:44:1e:4f:43:e4:f9:51:4b:6b:d3:bb:
+                    79:43:94:a2:db:91:f5:a4:41:29:05:5e:be:80:de:
+                    6a:41:2a:38:8d:61:05:bf:43:e4:d6:39:75:ae:bd:
+                    f0:61:49:3a:72:cf:45:6a:e6:44:c1:d3:8b:6f:ee:
+                    71:f5:f4:ba:59:94:9c:4d:73:95:30:4a:ca:1b:25:
+                    8d:95:1b:81:a9:c9:fd:0c:d3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: 
             CA:FALSE
             X509v3 Subject Key Identifier: 
-            40:C5:B7:F0:4D:C4:C2:27:02:AD:7E:A9:1B:7C:86:62:F6:21:68:55
+            72:1B:46:3B:76:F9:07:7E:F7:22:58:4C:62:D3:60:B5:A6:B2:92:BB
             X509v3 Authority Key Identifier: 
-            keyid:F6:04:02:42:46:5A:F1:21:FD:71:42:D6:7B:C4:79:65:7E:1D:1E:86
+            keyid:9F:A2:17:D5:F0:19:FA:38:09:39:AA:22:26:BF:7A:B5:42:7B:66:EE
             DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
             serial:00
 
+            X509v3 Subject Alternative Name: 
+            DNS:server, IP Address:127.0.0.1
     Signature Algorithm: md5WithRSAEncryption
-        4f:2a:7f:f8:ec:16:74:33:ed:cd:1a:98:8a:4b:e7:50:06:d9:
-        23:96:25:f0:92:bd:1b:67:38:a4:50:0e:1b:04:40:7b:bc:82:
-        a2:bd:e1:97:3e:74:6e:d5:e9:2a:e7:24:de:7f:1d:47:04:47:
-        7f:ac:d1:f8:c2:9e:f7:df:18:bb:8a:cd:ee:ac:1d:81:1a:5d:
-        5e:1f:b3:71:25:00:cd:15:1b:a6:9a:11:9f:02:3c:c5:b1:40:
-        5f:51:35:b1:8c:79:95:69:5a:07:99:86:61:bf:a7:21:c0:4a:
-        d1:77:4a:71:b9:61:6d:48:48:5f:98:83:93:3e:a9:3a:3b:a8:
-        08:84:f9:d8:56:12:bb:29:31:72:57:40:af:eb:da:de:c3:e9:
-        3b:f8:d9:7f:b8:77:d0:a0:0b:da:07:c0:53:05:0b:bb:34:3d:
-        da:04:30:0d:b7:9e:8c:77:6c:ea:cc:ba:bb:51:1d:90:95:d5:
-        00:d2:c3:f0:e4:e4:52:6e:17:18:30:2d:7d:94:1c:93:8d:5d:
-        4a:d9:7c:bc:ad:d9:f2:4c:8e:37:73:8d:d4:b0:eb:cd:f1:8b:
-        53:03:19:88:40:6f:6b:1d:34:98:a7:6e:f6:8d:0d:72:ce:57:
-        1b:b5:99:4c:92:ce:44:95:3d:d2:86:c6:9f:79:4f:df:54:56:
-        f8:bd:e8:4d
+        8d:96:e4:81:85:6e:cf:85:e6:c2:f3:61:69:b8:6f:7f:e3:05:
+        ec:cf:27:7e:bb:41:c9:3f:04:6e:a1:45:f3:f3:69:40:01:80:
+        51:90:43:f7:3c:1f:60:da:e6:02:bf:e8:f7:54:80:d9:2e:45:
+        e4:32:fe:ef:28:3a:42:9a:a3:bf:cb:68:4b:7f:08:45:42:4d:
+        9b:7f:fe:03:ea:3a:af:16:90:03:dd:52:ee:c0:dd:91:77:09:
+        3c:e6:67:0d:dc:5a:de:d7:27:02:46:38:80:bf:9b:5e:5d:12:
+        78:d0:ab:6a:c5:51:36:09:78:f1:35:98:3e:a3:20:58:c1:3e:
+        80:8f:dd:b9:bb:af:46:df:45:4f:51:20:81:82:65:48:11:a8:
+        1b:9a:1a:9e:33:87:c3:7b:26:79:7b:c4:54:e1:82:4c:f8:3d:
+        85:1b:01:31:81:a4:fb:86:61:1b:9f:8c:ca:e6:a6:61:86:cb:
+        7c:fe:d7:29:75:37:be:99:22:71:ea:23:b3:7f:91:b4:b0:95:
+        99:f5:04:5c:0a:ab:c3:68:1f:9d:25:43:ff:f9:08:97:55:cc:
+        e6:27:97:c1:60:67:75:8a:00:82:f6:e7:0d:f4:86:48:47:32:
+        90:73:a2:8c:12:af:37:95:37:5a:69:4e:35:7f:59:bb:03:e7:
+        eb:21:0e:e7
 -----BEGIN CERTIFICATE-----
-MIID9zCCAt+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+MIIEEjCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
 EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
 MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
 b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
-MzE1MTc1MTQ5WhcNMTEwMzE0MTc1MTQ5WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+MzI3MTcxMTI2WhcNMTEwMzI2MTcxMTI2WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
 CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
 MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBlNlcnZlcjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4WuJAm9Xn5E2L3kY9ndAImWBbIf3
-+F99znl04dr46YVZykFLX0q7BQuTZA5UZBDstKmgFpRPazyJuEqvTH0tJ6gpCXIb
-jehvTCkNB2h2T99bD3tZedeyiepjSbR2qyeIRGs0EOMlzbBLydxbhBtSY5+nrrhK
-b9/ysOjB/Ow+4FECAwEAAaOB9DCB8TAJBgNVHRMEAjAAMB0GA1UdDgQWBBRAxbfw
-TcTCJwKtfqkbfIZi9iFoVTCBxAYDVR0jBIG8MIG5gBT2BAJCRlrxIf1xQtZ7xHll
-fh0ehqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExGzAZ
-BgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UEChMLWmVyb0MsIEluYy4x
-DDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVzdCBDQTEdMBsGCSqGSIb3
-DQEJARYOaW5mb0B6ZXJvYy5jb22CAQAwDQYJKoZIhvcNAQEEBQADggEBAE8qf/js
-FnQz7c0amIpL51AG2SOWJfCSvRtnOKRQDhsEQHu8gqK94Zc+dG7V6SrnJN5/HUcE
-R3+s0fjCnvffGLuKze6sHYEaXV4fs3ElAM0VG6aaEZ8CPMWxQF9RNbGMeZVpWgeZ
-hmG/pyHAStF3SnG5YW1ISF+Yg5M+qTo7qAiE+dhWErspMXJXQK/r2t7D6Tv42X+4
-d9CgC9oHwFMFC7s0PdoEMA23nox3bOrMurtRHZCV1QDSw/Dk5FJuFxgwLX2UHJON
-XUrZfLyt2fJMjjdzjdSw683xi1MDGYhAb2sdNJinbvaNDXLOVxu1mUySzkSVPdKG
-xp95T99UVvi96E0=
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2GR2b+iAH5kAIHGKNrQXR/F5cCx5
+dnK4rUw43FFBc5ky+ry3KImhkkrafo+0brsSRB5PQ+T5UUtr07t5Q5Si25H1pEEp
+BV6+gN5qQSo4jWEFv0Pk1jl1rr3wYUk6cs9FauZEwdOLb+5x9fS6WZScTXOVMErK
+GyWNlRuBqcn9DNMCAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFHIb
+Rjt2+Qd+9yJYTGLTYLWmspK7MIHEBgNVHSMEgbwwgbmAFJ+iF9XwGfo4CTmqIia/
+erVCe2buoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZzZXJ2ZXKHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBAI2W5IGFbs+F5sLzYWm4b3/jBezPJ367Qck/
+BG6hRfPzaUABgFGQQ/c8H2Da5gK/6PdUgNkuReQy/u8oOkKao7/LaEt/CEVCTZt/
+/gPqOq8WkAPdUu7A3ZF3CTzmZw3cWt7XJwJGOIC/m15dEnjQq2rFUTYJePE1mD6j
+IFjBPoCP3bm7r0bfRU9RIIGCZUgRqBuaGp4zh8N7Jnl7xFThgkz4PYUbATGBpPuG
+YRufjMrmpmGGy3z+1yl1N76ZInHqI7N/kbSwlZn1BFwKq8NoH50lQ//5CJdVzOYn
+l8FgZ3WKAIL25w30hkhHMpBzoowSrzeVN1ppTjV/WbsD5+shDuc=
 -----END CERTIFICATE-----
diff --git a/cpp/certs/server_sslconfig.xml b/cpp/certs/server_sslconfig.xml
deleted file mode 100644
index d68321f5ba0..00000000000
--- a/cpp/certs/server_sslconfig.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 

-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 

-<SSLConfig> 

-    <server> 

-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer|client_once|fail_no_cert" verifydepth="10" /> 

-        <certauthority file="cacert.pem" />

-        <basecerts> 

-            <rsacert keysize="1024"> 

-                <public  encoding="PEM" filename="s_rsa1024_pub.pem" /> 

-                <private encoding="PEM" filename="s_rsa1024_priv.pem" /> 

-            </rsacert>

-        </basecerts>

-    </server> 

-</SSLConfig>

diff --git a/cpp/certs/sslconfig.dtd b/cpp/certs/sslconfig.dtd
deleted file mode 100644
index 4e8e79d89c0..00000000000
--- a/cpp/certs/sslconfig.dtd
+++ /dev/null
@@ -1,43 +0,0 @@
-<!ELEMENT SSLConfig (client?,server?)>  

-<!ELEMENT client (general, certauthority?, basecerts)>  

-<!ELEMENT server (general, certauthority?, basecerts, tempcerts?)>  

-<!ELEMENT general EMPTY>  

-<!ELEMENT certauthority EMPTY> 

-<!ELEMENT basecerts (rsacert?,dsacert?,dhparams?)>  

-<!ELEMENT tempcerts (rsacert*,dhparams*)>  

-  

-<!ATTLIST general  

-        version (SSLv23|SSLv3|TLSv1) "SSLv23"  

-        cipherlist CDATA #IMPLIED  

-        context CDATA #IMPLIED  

-        verifymode CDATA "none"  

-        verifydepth CDATA "10"  

-        randombytes CDATA #IMPLIED>  

-  

-<!ATTLIST certauthority 

-        file CDATA #IMPLIED 

-        path CDATA #IMPLIED>  

-  

-<!ELEMENT rsacert (public,private)>  

-<!ATTLIST rsacert  

-        keysize CDATA #REQUIRED>  

-  

-<!ELEMENT dsacert (public,private)>  

-<!ATTLIST dsacert  

-        keysize CDATA #REQUIRED>  

-  

-<!ELEMENT dhparams EMPTY>  

-<!ATTLIST dhparams  

-        keysize CDATA #REQUIRED  

-        encoding CDATA #FIXED "PEM"  

-        filename CDATA #REQUIRED>  

-  

-<!ELEMENT public EMPTY>  

-<!ATTLIST public  

-        encoding CDATA #FIXED "PEM"  

-        filename CDATA #REQUIRED>  

-  

-<!ELEMENT private EMPTY>  

-<!ATTLIST private  

-        encoding CDATA #FIXED "PEM"  

-        filename CDATA #REQUIRED>

diff --git a/cpp/certs/sslconfig.xml b/cpp/certs/sslconfig.xml
deleted file mode 100644
index 9f4757b2f81..00000000000
--- a/cpp/certs/sslconfig.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 

-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 

-<SSLConfig> 

-    <client> 

-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="10" /> 

-        <certauthority file="cacert.pem" />

-        <basecerts> 

-            <rsacert keysize="1024"> 

-                <public  encoding="PEM" filename="c_rsa1024_pub.pem" /> 

-                <private encoding="PEM" filename="c_rsa1024_priv.pem" /> 

-            </rsacert>

-        </basecerts>

-    </client> 

-    <server> 

-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="10" /> 

-        <certauthority file="cacert.pem" />

-        <basecerts> 

-            <rsacert keysize="1024"> 

-                <public  encoding="PEM" filename="s_rsa1024_pub.pem" /> 

-                <private encoding="PEM" filename="s_rsa1024_priv.pem" /> 

-            </rsacert>

-        </basecerts>

-    </server> 

-</SSLConfig>

diff --git a/cpp/config/PropertyNames.def b/cpp/config/PropertyNames.def
index 39ef0cb3f12..6fd414bdb08 100644
--- a/cpp/config/PropertyNames.def
+++ b/cpp/config/PropertyNames.def
@@ -30,18 +30,18 @@
 # parsed by PropertiesI::parseIceCommandLineOptions(). If set to
 # false, command line options matching the section label won't be
 # parsed by PropertiesI::parseIceCommandLineOptions. This is useful
-# for plugin properties (e.g.: IceSSL) which are parsed when the
-# plugin is loaded (see PluginManagerI::loadPlugins()).
+# for plugin properties that are parsed when the plugin is loaded
+# (see PluginManagerI::loadPlugins()).
 #
 # Section labels must appear on a line by themselves (possibly
-# followed by a comment).  Leading and trailing whitespace is
+# followed by a comment). Leading and trailing whitespace is
 # ignored. Each section must occur only once in a file. "validProps"
 # is reserved and cannot be used as a section name.
 #
-# Each section contains a number of property names, one to a line.  A
+# Each section contains a number of property names, one to a line. A
 # property name cannot contain the # character. Otherwise, a property
 # name is taken to be any consecutive sequence of non-whitespace
-# characters.  Leading and trailing whitespace is ignored, as is a
+# characters. Leading and trailing whitespace is ignored, as is a
 # trailing comment.
 #
 
@@ -289,38 +289,47 @@ IcePatch2:
     ThreadPool.StackSize
 
 IceSSL:
-    Client.CertPath
-    Client.Config
-    Client.IgnoreValidPeriod
-    Client.Overrides.CACertificate
-    Client.Overrides.DSA.Certificate
-    Client.Overrides.DSA.PrivateKey
-    Client.Overrides.RSA.Certificate
-    Client.Overrides.RSA.PrivateKey
-    Client.Passphrase.Retries
-    Server.CertPath
-    Server.Config
-    Server.IgnoreValidPeriod
-    Server.Overrides.CACertificate
-    Server.Overrides.DSA.Certificate
-    Server.Overrides.DSA.PrivateKey
-    Server.Overrides.RSA.Certificate
-    Server.Overrides.RSA.PrivateKey
-    Server.Passphrase.Retries
+    Client.CertAuthDir
+    Client.CertAuthFile
+    Client.CertFile
+    Client.CheckCertName
+    Client.CheckCRL
+    Client.Ciphers
+    Client.DefaultDir
+    Client.DH.*
+    Client.KeyFile
+    Client.Password
+    Client.PasswordRetryMax
+    Client.Protocols
+    Client.VerifyDepthMax
+    Client.VerifyPeer
+    DelayInit
+    EntropyDaemon
+    ImportCert.*
+    Random
+    Server.CertAuthDir
+    Server.CertAuthFile
+    Server.CertFile
+    Server.CheckCRL
+    Server.Ciphers
+    Server.DefaultDir
+    Server.DH.*
+    Server.KeyFile
+    Server.Password
+    Server.PasswordRetryMax
+    Server.Protocols
+    Server.VerifyDepthMax
+    Server.VerifyPeer
     Trace.Security
     Client.Certs
     Client.CertsPassword
-    Client.Ciphers
     Client.Keystore
     Client.KeystorePassword
-    Client.Password
     Server.Certs
     Server.CertsPassword
-    Server.Ciphers
     Server.ClientAuth
     Server.Keystore
     Server.KeystorePassword
-    Server.Password
 
 IceStorm:
     Flush.Timeout
diff --git a/cpp/config/TestUtil.py b/cpp/config/TestUtil.py
index 2a3fc86c7f1..de764030638 100644
--- a/cpp/config/TestUtil.py
+++ b/cpp/config/TestUtil.py
@@ -13,8 +13,8 @@
 # protocol. Otherwise TCP is used.
 #
 
-#protocol = "ssl"
-protocol = "tcp"
+protocol = "ssl"
+#protocol = "tcp"
 
 #
 # Set compressed to 1 in case you want to run the tests with
@@ -242,16 +242,24 @@ else:
 if protocol == "ssl":
     plugin		 = " --Ice.Plugin.IceSSL=IceSSL:create"
     clientProtocol       = plugin + " --Ice.Default.Protocol=ssl" + \
-                           " --IceSSL.Client.CertPath=" + os.path.join(toplevel, "certs") + \
-                           " --IceSSL.Client.Config=client_sslconfig.xml"
+                           " --IceSSL.Client.DefaultDir=" + os.path.join(toplevel, "certs") + \
+                           " --IceSSL.Client.CertFile=c_rsa1024_pub.pem" + \
+                           " --IceSSL.Client.KeyFile=c_rsa1024_priv.pem" + \
+                           " --IceSSL.Client.CertAuthFile=cacert.pem"
     serverProtocol       = plugin + " --Ice.Default.Protocol=ssl" + \
-                           " --IceSSL.Server.CertPath=" + os.path.join(toplevel, "certs") + \
-                           " --IceSSL.Server.Config=server_sslconfig.xml"
+                           " --IceSSL.Server.DefaultDir=" + os.path.join(toplevel, "certs") + \
+                           " --IceSSL.Server.CertFile=s_rsa1024_pub.pem" + \
+                           " --IceSSL.Server.KeyFile=s_rsa1024_priv.pem" + \
+                           " --IceSSL.Server.CertAuthFile=cacert.pem"
     clientServerProtocol = plugin + " --Ice.Default.Protocol=ssl" + \
-                           " --IceSSL.Client.CertPath=" + os.path.join(toplevel, "certs") + \
-                           " --IceSSL.Client.Config=sslconfig.xml" + \
-                           " --IceSSL.Server.CertPath=" + os.path.join(toplevel, "certs") + \
-                           " --IceSSL.Server.Config=sslconfig.xml"
+                           " --IceSSL.Client.DefaultDir=" + os.path.join(toplevel, "certs") + \
+                           " --IceSSL.Client.CertFile=c_rsa1024_pub.pem" + \
+                           " --IceSSL.Client.KeyFile=c_rsa1024_priv.pem" + \
+                           " --IceSSL.Client.CertAuthFile=cacert.pem" + \
+                           " --IceSSL.Server.DefaultDir=" + os.path.join(toplevel, "certs") + \
+                           " --IceSSL.Server.CertFile=s_rsa1024_pub.pem" + \
+                           " --IceSSL.Server.KeyFile=s_rsa1024_priv.pem" + \
+                           " --IceSSL.Server.CertAuthFile=cacert.pem"
 else:
     clientProtocol = ""
     serverProtocol = ""
@@ -292,13 +300,17 @@ def clientServerTestWithOptionsAndNames(name, additionalServerOptions, additiona
     client = os.path.join(testdir, clientName)
  
     print "starting " + serverName + "...",
-    serverPipe = os.popen(server + serverOptions + additionalServerOptions + " 2>&1")
+    serverCmd = server + serverOptions + additionalServerOptions + " 2>&1"
+    #print "serverCmd =", serverCmd
+    serverPipe = os.popen(serverCmd)
     getServerPid(serverPipe)
     getAdapterReady(serverPipe)
     print "ok"
     
     print "starting " + clientName + "...",
-    clientPipe = os.popen(client + clientOptions + additionalClientOptions + " 2>&1")
+    clientCmd = client + clientOptions + additionalClientOptions + " 2>&1"
+    #print "clientCmd =", clientCmd
+    clientPipe = os.popen(clientCmd)
     print "ok"
 
     printOutputFromPipe(clientPipe)
diff --git a/cpp/config/convertssl.py b/cpp/config/convertssl.py
new file mode 100755
index 00000000000..d68c1804061
--- /dev/null
+++ b/cpp/config/convertssl.py
@@ -0,0 +1,204 @@
+#!/usr/bin/env python
+# **********************************************************************
+#
+# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+#
+# This copy of Ice is licensed to you under the terms described in the
+# ICE_LICENSE file included in this distribution.
+#
+# **********************************************************************
+
+#
+# This script converts an XML configuration file for earlier versions of
+# the IceSSL plugin to the new property format in 3.1.
+#
+# Usage:
+#
+# python convertssl.py myconfig.xml
+#
+# The equivalent properties are printed to standard output. If any
+# compatibility issues are detected, a NOTE comment is emitted.
+#
+
+import sys, xml.dom, xml.dom.minidom
+
+#
+# Show usage information.
+#
+def usage():
+    print "Usage: " + sys.argv[0] + " xmlfile"
+    print
+    print "Options:"
+    print "-h    Show this message."
+
+def isCygwin():
+    # The substring on sys.platform is required because some cygwin
+    # versions return variations like "cygwin_nt-4.01".
+    if sys.platform[:6] == "cygwin":
+        return 1
+    else:
+        return 0
+
+def isWin32():
+    if sys.platform == "win32" or isCygwin():
+        return 1
+    else:
+        return 0
+
+if isWin32():
+    sep = ";"
+else:
+    sep = ":"
+
+def findChild(parent, name):
+    for i in parent.childNodes:
+	if i.localName == name:
+	    return i
+    return None
+
+def printConfig(node, name):
+    prefix = "IceSSL." + name + "."
+    result = "# NOTE: You may need to define " + prefix + "DefaultDir\n"
+    general = findChild(node, "general")
+    if general:
+	if general.attributes.has_key("version"):
+	    version = general.attributes["version"].nodeValue
+	    if version == "SSLv3":
+		result = result + prefix + "Protocols=SSLv3\n"
+	    elif version == "TLSv1":
+		result = result + prefix + "Protocols=TLSv1\n"
+	    elif version != "SSLv23":
+		print "unknown value `" + version + "' for version attribute"
+		sys.exit(1)
+
+	if general.attributes.has_key("cipherlist"):
+	    result = result + prefix + "Ciphers=" + general.attributes["cipherlist"].nodeValue + "\n"
+
+	if general.attributes.has_key("verifymode"):
+	    verifymode = general.attributes["verifymode"].nodeValue
+	    if verifymode == "none":
+		result = result + prefix + "VerifyPeer=0\n"
+	    elif verifymode == "peer":
+		result = result + prefix + "VerifyPeer=1\n"
+	    elif verifymode.find("fail") != -1:
+		result = result + prefix + "VerifyPeer=2\n"
+	    elif verifymode.find("client_once") != -1:
+		result = result + prefix + "VerifyPeer=2\n"
+	    else:
+		print "unknown value `" + verifymode + "' for verifymode attribute"
+		sys.exit(1)
+
+	if general.attributes.has_key("verifydepth"):
+	    result = result + prefix + "VerifyDepthMax=" + general.attributes["verifydepth"].nodeValue + "\n"
+
+	if general.attributes.has_key("randombytes"):
+	    result = result + "# NOTE: You may need to use IceSSL.EntropyDaemon\n"
+	    result = result + "IceSSL.Random=" + general.attributes["randombytes"].nodeValue + "\n"
+
+    ca = findChild(node, "certauthority")
+    if ca:
+	if ca.attributes.has_key("file"):
+	    result = result + prefix + "CertAuthFile=" + ca.attributes["file"].nodeValue + "\n"
+	if ca.attributes.has_key("path"):
+	    result = result + prefix + "CertAuthDir=" + ca.attributes["path"].nodeValue + "\n"
+
+    basecerts = findChild(node, "basecerts")
+    if basecerts:
+	certFile = ""
+	keyFile = ""
+	rsacert = findChild(basecerts, "rsacert")
+	if rsacert:
+	    pub = findChild(rsacert, "public")
+	    if pub.attributes.has_key("encoding"):
+		if pub.attributes["encoding"].nodeValue != "PEM":
+		    result = result + "# NOTE: Only PEM encoding is supported for certificates!\n"
+	    if pub.attributes.has_key("filename"):
+		certFile = pub.attributes["filename"].nodeValue
+	    priv = findChild(rsacert, "private")
+	    if priv.attributes.has_key("encoding"):
+		if priv.attributes["encoding"].nodeValue != "PEM":
+		    result = result + "# NOTE: Only PEM encoding is supported for private keys!\n"
+	    if priv.attributes.has_key("filename"):
+		keyFile = priv.attributes["filename"].nodeValue
+	dsacert = findChild(basecerts, "dsacert")
+	if dsacert:
+	    pub = findChild(dsacert, "public")
+	    if pub.attributes.has_key("encoding"):
+		if pub.attributes["encoding"].nodeValue != "PEM":
+		    result = result + "# NOTE: Only PEM encoding is supported for certificates!\n"
+	    if pub.attributes.has_key("filename"):
+		if len(certFile) > 0:
+		    certFile = certFile + sep + pub.attributes["filename"].nodeValue
+		else:
+		    certFile = pub.attributes["filename"].nodeValue
+	    priv = findChild(rsacert, "private")
+	    if priv.attributes.has_key("encoding"):
+		if priv.attributes["encoding"].nodeValue != "PEM":
+		    result = result + "# NOTE: Only PEM encoding is supported for private keys!\n"
+	    if priv.attributes.has_key("filename"):
+		if len(keyFile) > 0:
+		    keyFile = keyFile + sep + priv.attributes["filename"].nodeValue
+		else:
+		    keyFile = priv.attributes["filename"].nodeValue
+	if len(certFile) > 0:
+	    result = result + prefix + "CertFile=" + certFile + "\n"
+	if len(keyFile) > 0:
+	    result = result + prefix + "KeyFile=" + keyFile + "\n"
+
+	for child in basecerts.childNodes:
+	    if child.localName == "dhparams":
+		keysize = child.attributes["keysize"].nodeValue
+		if child.attributes.has_key("encoding"):
+		    if child.attributes["encoding"].nodeValue != "PEM":
+			result = result + "# NOTE: Only PEM encoding is supported for DH parameters!\n"
+		filename = child.attributes["filename"].nodeValue
+		result = result + prefix + "DH." + keysize + "=" + filename + "\n"
+
+    return result
+
+#
+# Check arguments
+#
+xmlfile = None
+for x in sys.argv[1:]:
+    if x == "-h":
+        usage()
+        sys.exit(0)
+    elif x.startswith("-"):
+        print sys.argv[0] + ": unknown option `" + x + "'"
+        print
+        usage()
+        sys.exit(1)
+    else:
+	if xmlfile:
+	    usage()
+	    sys.exit(1)
+	xmlfile = x
+
+if not xmlfile:
+    usage()
+    sys.exit(1)
+
+f = open(xmlfile, 'r')
+doc = xml.dom.minidom.parse(f)
+f.close()
+
+config = findChild(doc, "SSLConfig")
+if not config:
+    print sys.argv[0] + ": unable to find element SSLConfig"
+    sys.exit(1)
+
+child = findChild(config, "client")
+client = None
+if child:
+    client = printConfig(child, "Client")
+
+child = findChild(config, "server")
+server = None
+if child:
+    server = printConfig(child, "Server")
+
+if client:
+    print client
+if server:
+    print server
diff --git a/cpp/demo/Ice/MFC/client/config b/cpp/demo/Ice/MFC/client/config
index 44db27f89eb..07d084c4d23 100644
--- a/cpp/demo/Ice/MFC/client/config
+++ b/cpp/demo/Ice/MFC/client/config
@@ -43,5 +43,7 @@ IceSSL.Trace.Security=0
 # and other pertinent information for creating an SSL connection.
 #
 Ice.Plugin.IceSSL=IceSSL:create
-IceSSL.Client.CertPath=../../../../certs
-IceSSL.Client.Config=sslconfig.xml
+IceSSL.Client.DefaultDir=../../../../certs
+IceSSL.Client.CertAuthFile=cacert.pem
+IceSSL.Client.CertFile=c_rsa1024_pub.pem
+IceSSL.Client.KeyFile=c_rsa1024_priv.pem
diff --git a/cpp/demo/Ice/MFC/server/config b/cpp/demo/Ice/MFC/server/config
index e88bb4d86f0..5291554edb8 100644
--- a/cpp/demo/Ice/MFC/server/config
+++ b/cpp/demo/Ice/MFC/server/config
@@ -42,5 +42,7 @@ IceSSL.Trace.Security=0
 # and other pertinent information for creating an SSL connection.
 #
 Ice.Plugin.IceSSL=IceSSL:create
-IceSSL.Server.CertPath=../../../../certs
-IceSSL.Server.Config=sslconfig.xml
+IceSSL.Server.DefaultDir=../../../../certs
+IceSSL.Server.CertAuthFile=cacert.pem
+IceSSL.Server.CertFile=s_rsa1024_pub.pem
+IceSSL.Server.KeyFile=s_rsa1024_priv.pem
diff --git a/cpp/demo/Ice/callback/config b/cpp/demo/Ice/callback/config
index 9b1f3e0e779..c535aec1327 100644
--- a/cpp/demo/Ice/callback/config
+++ b/cpp/demo/Ice/callback/config
@@ -7,8 +7,12 @@ Callback.Server.Endpoints=tcp -p 10000:udp -p 10000:ssl -p 10001
 Ice.Warn.Connections=1
 
 Ice.Plugin.IceSSL=IceSSL:create
-IceSSL.Client.CertPath=../../../certs
-IceSSL.Client.Config=sslconfig.xml
-IceSSL.Server.CertPath=../../../certs
-IceSSL.Server.Config=sslconfig.xml
+IceSSL.Client.DefaultDir=../../../certs
+IceSSL.Client.CertAuthFile=cacert.pem
+IceSSL.Client.CertFile=c_rsa1024_pub.pem
+IceSSL.Client.KeyFile=c_rsa1024_priv.pem
+IceSSL.Server.DefaultDir=../../../certs
+IceSSL.Server.CertAuthFile=cacert.pem
+IceSSL.Server.CertFile=s_rsa1024_pub.pem
+IceSSL.Server.KeyFile=s_rsa1024_priv.pem
 #IceSSL.Trace.Security=1
diff --git a/cpp/demo/Ice/hello/config b/cpp/demo/Ice/hello/config
index b5fd3775193..204eed1c6fe 100644
--- a/cpp/demo/Ice/hello/config
+++ b/cpp/demo/Ice/hello/config
@@ -56,10 +56,14 @@ IceSSL.Trace.Security=0
 # and other pertinent information for creating an SSL connection.
 #
 Ice.Plugin.IceSSL=IceSSL:create
-IceSSL.Client.CertPath=../../../certs
-IceSSL.Client.Config=sslconfig.xml
-IceSSL.Server.CertPath=../../../certs
-IceSSL.Server.Config=sslconfig.xml
+IceSSL.Client.DefaultDir=../../../certs
+IceSSL.Client.CertAuthFile=cacert.pem
+IceSSL.Client.CertFile=c_rsa1024_pub.pem
+IceSSL.Client.KeyFile=c_rsa1024_priv.pem
+IceSSL.Server.DefaultDir=../../../certs
+IceSSL.Server.CertAuthFile=cacert.pem
+IceSSL.Server.CertFile=s_rsa1024_pub.pem
+IceSSL.Server.KeyFile=s_rsa1024_priv.pem
 
 #
 # IceGrid registry settings (assumes that a db directory exists in the 
diff --git a/cpp/demo/Ice/latency/config b/cpp/demo/Ice/latency/config
index 1ab1916e177..d20130b15ab 100644
--- a/cpp/demo/Ice/latency/config
+++ b/cpp/demo/Ice/latency/config
@@ -2,10 +2,14 @@ Latency.Ping=ping:default -p 10000
 Latency.Endpoints=default -p 10000
 
 #Ice.Plugin.IceSSL=IceSSL:create
-IceSSL.Client.CertPath=../../../certs
-IceSSL.Client.Config=./sslconfig.xml
-IceSSL.Server.CertPath=../../../certs
-IceSSL.Server.Config=./sslconfig.xml
+IceSSL.Client.DefaultDir=../../../certs
+IceSSL.Client.CertAuthFile=cacert.pem
+IceSSL.Client.CertFile=c_rsa1024_pub.pem
+IceSSL.Client.KeyFile=c_rsa1024_priv.pem
+IceSSL.Server.DefaultDir=../../../certs
+IceSSL.Server.CertAuthFile=cacert.pem
+IceSSL.Server.CertFile=s_rsa1024_pub.pem
+IceSSL.Server.KeyFile=s_rsa1024_priv.pem
 
 Ice.ACM.Client=0
 Ice.ACM.Server=0
diff --git a/cpp/demo/Ice/nested/config b/cpp/demo/Ice/nested/config
index 93740191ba6..ac570a355c8 100644
--- a/cpp/demo/Ice/nested/config
+++ b/cpp/demo/Ice/nested/config
@@ -11,8 +11,11 @@ Ice.ThreadPool.Server.SizeMax=10
 #Ice.Warn.Connections=1
 
 Ice.Plugin.IceSSL=IceSSL:create
-IceSSL.Client.CertPath=../../../certs
-IceSSL.Client.Config=sslconfig.xml
-IceSSL.Server.CertPath=../../../certs
-IceSSL.Server.Config=sslconfig.xml
-#IceSSL.Trace.Security=2
+IceSSL.Client.DefaultDir=../../../certs
+IceSSL.Client.CertAuthFile=cacert.pem
+IceSSL.Client.CertFile=c_rsa1024_pub.pem
+IceSSL.Client.KeyFile=c_rsa1024_priv.pem
+IceSSL.Server.DefaultDir=../../../certs
+IceSSL.Server.CertAuthFile=cacert.pem
+IceSSL.Server.CertFile=s_rsa1024_pub.pem
+IceSSL.Server.KeyFile=s_rsa1024_priv.pem
diff --git a/cpp/demo/Ice/throughput/config b/cpp/demo/Ice/throughput/config
index 567793849cb..3625d1ff84f 100644
--- a/cpp/demo/Ice/throughput/config
+++ b/cpp/demo/Ice/throughput/config
@@ -2,10 +2,14 @@ Throughput.Throughput=throughput:default -p 10000
 Throughput.Endpoints=default -p 10000
 
 #Ice.Plugin.IceSSL=IceSSL:create
-IceSSL.Client.CertPath=../../../certs
-IceSSL.Client.Config=./sslconfig.xml
-IceSSL.Server.CertPath=../../../certs
-IceSSL.Server.Config=./sslconfig.xml
+IceSSL.Client.DefaultDir=../../../certs
+IceSSL.Client.CertAuthFile=cacert.pem
+IceSSL.Client.CertFile=c_rsa1024_pub.pem
+IceSSL.Client.KeyFile=c_rsa1024_priv.pem
+IceSSL.Server.DefaultDir=../../../certs
+IceSSL.Server.CertAuthFile=cacert.pem
+IceSSL.Server.CertFile=s_rsa1024_pub.pem
+IceSSL.Server.KeyFile=s_rsa1024_priv.pem
 
 Ice.ACM.Client=0
 Ice.ACM.Server=0
diff --git a/cpp/demo/Ice/value/config b/cpp/demo/Ice/value/config
index e1af8a384b1..4d10c058c86 100644
--- a/cpp/demo/Ice/value/config
+++ b/cpp/demo/Ice/value/config
@@ -2,7 +2,11 @@ Value.Initial=initial:default -p 10000
 Value.Endpoints=default -p 10000
 
 Ice.Plugin.IceSSL=IceSSL:create
-IceSSL.Client.CertPath=../../../certs
-IceSSL.Client.Config=sslconfig.xml
-IceSSL.Server.CertPath=../../../certs
-IceSSL.Server.Config=sslconfig.xml
+IceSSL.Client.DefaultDir=../../../certs
+IceSSL.Client.CertAuthFile=cacert.pem
+IceSSL.Client.CertFile=c_rsa1024_pub.pem
+IceSSL.Client.KeyFile=c_rsa1024_priv.pem
+IceSSL.Server.DefaultDir=../../../certs
+IceSSL.Server.CertAuthFile=cacert.pem
+IceSSL.Server.CertFile=s_rsa1024_pub.pem
+IceSSL.Server.KeyFile=s_rsa1024_priv.pem
diff --git a/cpp/demo/IceBox/hello/config b/cpp/demo/IceBox/hello/config
index 259e77eb654..b4b667ba907 100644
--- a/cpp/demo/IceBox/hello/config
+++ b/cpp/demo/IceBox/hello/config
@@ -53,10 +53,14 @@ Ice.Warn.Connections=1
 # and other pertinent information for creating an SSL connection.
 #
 Ice.Plugin.IceSSL=IceSSL:create
-IceSSL.Client.CertPath=C:\src\ice\certs
-IceSSL.Client.Config=sslconfig.xml
-IceSSL.Server.CertPath=C:\src\ice\certs
-IceSSL.Server.Config=sslconfig.xml
+IceSSL.Client.DefaultDir=../../../certs
+IceSSL.Client.CertAuthFile=cacert.pem
+IceSSL.Client.CertFile=c_rsa1024_pub.pem
+IceSSL.Client.KeyFile=c_rsa1024_priv.pem
+IceSSL.Server.DefaultDir=../../../certs
+IceSSL.Server.CertAuthFile=cacert.pem
+IceSSL.Server.CertFile=s_rsa1024_pub.pem
+IceSSL.Server.KeyFile=s_rsa1024_priv.pem
 
 #
 # Security Tracing
diff --git a/cpp/include/IceSSL/CertificateVerifierOpenSSL.h b/cpp/include/IceSSL/CertificateVerifierOpenSSL.h
deleted file mode 100644
index 25dcf34352d..00000000000
--- a/cpp/include/IceSSL/CertificateVerifierOpenSSL.h
+++ /dev/null
@@ -1,49 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CERTIFICATE_VERIFIER_OPENSSL_H
-#define ICE_SSL_CERTIFICATE_VERIFIER_OPENSSL_H
-
-#include <IceSSL/Config.h>
-#include <IceSSL/CertificateVerifier.h>
-#include <IceSSL/Plugin.h>
-#include <openssl/ssl.h>
-
-namespace IceSSL
-{
-
-class ICE_SSL_API CertificateVerifierOpenSSL : public IceSSL::CertificateVerifier
-{
-public:
-
-    virtual ~CertificateVerifierOpenSSL();
-
-    void setContext(ContextType);
-
-    virtual int verify(int, X509_STORE_CTX*, SSL*) = 0;
-
-protected:
-
-    ContextType _contextType;
-};
-
-typedef IceInternal::Handle<IceSSL::CertificateVerifierOpenSSL> CertificateVerifierOpenSSLPtr;
-
-}
-
-namespace IceInternal
-{
-
-ICE_SSL_API void incRef(IceSSL::CertificateVerifierOpenSSL*);
-ICE_SSL_API void decRef(IceSSL::CertificateVerifierOpenSSL*);
-
-}
-
-
-#endif
diff --git a/cpp/include/IceSSL/Config.h b/cpp/include/IceSSL/Config.h
deleted file mode 100644
index d1dacf06444..00000000000
--- a/cpp/include/IceSSL/Config.h
+++ /dev/null
@@ -1,23 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONFIG_H
-#define ICE_SSL_CONFIG_H
-
-#include <IceUtil/Config.h>
-
-#ifndef ICE_SSL_API
-#   ifdef ICE_SSL_API_EXPORTS
-#       define ICE_SSL_API ICE_DECLSPEC_EXPORT
-#   else
-#       define ICE_SSL_API ICE_DECLSPEC_IMPORT
-#   endif
-#endif
-
-#endif
diff --git a/cpp/include/IceSSL/Plugin.h b/cpp/include/IceSSL/Plugin.h
new file mode 100644
index 00000000000..c3031ea5967
--- /dev/null
+++ b/cpp/include/IceSSL/Plugin.h
@@ -0,0 +1,162 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_PLUGIN_H
+#define ICE_SSL_PLUGIN_H
+
+#include <Ice/Plugin.h>
+
+//
+// SSL_CTX is the OpenSSL type that holds configuration settings for
+// all SSL connections.
+//
+typedef struct ssl_ctx_st SSL_CTX;
+
+//
+// SSL is the OpenSSL type that represents an SSL connection.
+//
+typedef struct ssl_st SSL;
+
+//
+// X509 is the OpenSSL type that represents a certificate.
+//
+typedef struct x509_st X509;
+
+namespace IceSSL
+{
+
+//
+// VerifyInfo contains information that may be of use to a
+// CertificateVerifier implementation.
+//
+struct VerifyInfo
+{
+    VerifyInfo();
+
+    //
+    // A value of true indicates an incoming (server) connection.
+    //
+    const bool incoming;
+
+    //
+    // The peer's certificate. This value may be 0 if the peer
+    // did not supply a certificate.
+    //
+    X509* cert;
+
+    //
+    // The SSL connection object.
+    //
+    SSL* ssl;
+
+    //
+    // The address of the server as specified by the proxy's
+    // endpoint. For example, in the following proxy:
+    //
+    // identity:ssl -h www.server.com -p 10000
+    //
+    // the value of address is "www.server.com".
+    //
+    // The value is an empty string for incoming connections.
+    //
+    const std::string address;
+
+    //
+    // The values of all dNSName and iPAddress fields in the peer
+    // certificate's subjectAltName extension. An application may
+    // use this information to restrict connections to peers that
+    // have specific values.
+    //
+    const std::vector<std::string> dnsNames;
+    const std::vector<std::string> ipAddresses;
+};
+
+//
+// An application can customize the certificate verification process
+// by implementing the CertificateVerifier interface.
+//
+class CertificateVerifier : public IceUtil::Shared
+{
+public:
+
+    //
+    // Raise Ice::SecurityException with an appropriate value for
+    // its reason member if the connection should be rejected.
+    //
+    virtual void verify(VerifyInfo&) = 0;
+};
+typedef IceUtil::Handle<CertificateVerifier> CertificateVerifierPtr;
+
+//
+// In order to read an encrypted file, such as one containing a private
+// key, OpenSSL requests a password from IceSSL. The password can be
+// defined using an IceSSL configuration property, but a plain-text
+// password is a security risk. If a password is not supplied via
+// configuration, IceSSL allows OpenSSL to prompt the user interactively.
+// This may not be desirable (or even possible), so the application can
+// supply an implementation of PasswordPrompt to take responsibility for
+// obtaining the password.
+//
+// Note that the password is needed during plugin initialization, so in
+// general you will need to delay initialization (by defining
+// IceSSL.DelayInit=1), configure the PasswordPrompt, then manually
+// initialize the plugin.
+//
+class PasswordPrompt : public IceUtil::Shared
+{
+public:
+
+    //
+    // The getPassword method may be invoked repeatedly, such as when
+    // several encrypted files are opened, or when multiple password
+    // attempts are allowed.
+    //
+    virtual std::string getPassword() = 0;
+};
+typedef IceUtil::Handle<PasswordPrompt> PasswordPromptPtr;
+
+class Plugin : public Ice::Plugin
+{
+public:
+
+    //
+    // Initialize the IceSSL plugin. An application may supply its
+    // own SSL_CTX objects to configure the SSL contexts for client
+    // (outgoing) and server (incoming) connections. If an argument
+    // is nonzero, the plugin skips its normal property-based
+    // configuration.
+    // 
+    virtual void initialize(SSL_CTX* clientContext = 0,
+			    SSL_CTX* serverContext = 0) = 0;
+
+    //
+    // Establish the certificate verifier object. This should be
+    // done before any connections are established.
+    //
+    virtual void setCertificateVerifier(const CertificateVerifierPtr&) = 0;
+
+    //
+    // Establish the password prompt object. This must be done
+    // before the plugin is initialized.
+    //
+    virtual void setPasswordPrompt(const PasswordPromptPtr&) = 0;
+
+    //
+    // Obtain the client and server SSL contexts. If you need to
+    // customize a context, you should do it before any SSL
+    // connections are established.
+    //
+    virtual SSL_CTX* clientContext() = 0;
+    virtual SSL_CTX* serverContext() = 0;
+};
+typedef IceUtil::Handle<Plugin> PluginPtr;
+
+}
+
+#endif
diff --git a/cpp/include/IceSSL/RSACertificateGen.h b/cpp/include/IceSSL/RSACertificateGen.h
deleted file mode 100644
index c9b6f1a9ea1..00000000000
--- a/cpp/include/IceSSL/RSACertificateGen.h
+++ /dev/null
@@ -1,83 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CERTIFICATE_GEN_H
-#define ICE_SSL_CERTIFICATE_GEN_H
-
-#include <IceSSL/RSAKeyPairF.h>
-#include <IceSSL/Config.h>
-
-namespace IceSSL
-{
-
-class ICE_SSL_API RSACertificateGenContext
-{
-public:
-
-    RSACertificateGenContext();
-    ~RSACertificateGenContext();
-
-    // Conversion helper functions.
-    static long minutesToSeconds(long);
-    static long hoursToSeconds(long);
-    static long daysToSeconds(long);
-    static long weeksToSeconds(long);
-    static long yearsToSeconds(long);
-
-    // Distinguished Name (setter) methods.
-    void setCountry(const std::string&);
-    void setStateProvince(const std::string&);
-    void setLocality(const std::string&);
-    void setOrganization(const std::string&);
-    void setOrgainizationalUnit(const std::string&);
-    void setCommonName(const std::string&);
-
-    void setBitStrength(int);
-    void setSecondsValid(long);
-    void setIssuedAdjustment(long);
-
-    // Distinguished Name (getters) methods.
-    unsigned char* getCountry() const;
-    unsigned char* getStateProvince() const;
-    unsigned char* getLocality() const;
-    unsigned char* getOrganization() const;
-    unsigned char* getOrganizationalUnit() const;
-    unsigned char* getCommonName() const;
-
-    int getModulusLength() const;
-    long getSecondsValid() const;
-    long getIssuedAdjustment() const;
-
-private:
-
-    std::string _country;
-    std::string _stateProvince;
-    std::string _locality;
-    std::string _organization;
-    std::string _organizationalUnit;
-    std::string _commonName;
-    int _modulusLength;
-    long _secondsValid;
-    long _issuedAdjustment;
-};
-
-class ICE_SSL_API RSACertificateGen
-{
-public:
-
-    RSACertificateGen();
-    ~RSACertificateGen();
-
-    RSAKeyPairPtr generate(const RSACertificateGenContext&);
-    RSAKeyPairPtr loadKeyPair(const std::string&, const std::string&);
-};
-
-}
-
-#endif
diff --git a/cpp/include/IceSSL/RSACertificateGenF.h b/cpp/include/IceSSL/RSACertificateGenF.h
deleted file mode 100644
index 1ed2c68db52..00000000000
--- a/cpp/include/IceSSL/RSACertificateGenF.h
+++ /dev/null
@@ -1,21 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CERTIFICATE_GEN_F_H
-#define ICE_SSL_CERTIFICATE_GEN_F_H
-
-namespace IceSSL
-{
-
-class RSACertificateGenContext;
-class RSACertificateGen;
-
-}
-
-#endif
diff --git a/cpp/include/IceSSL/RSAKeyPair.h b/cpp/include/IceSSL/RSAKeyPair.h
deleted file mode 100644
index 602de0206d0..00000000000
--- a/cpp/include/IceSSL/RSAKeyPair.h
+++ /dev/null
@@ -1,65 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_RSA_KEY_PAIR_H
-#define ICE_SSL_RSA_KEY_PAIR_H
-
-#include <IceUtil/Shared.h>
-
-#include <Ice/BuiltinSequences.h>
-
-#include <IceSSL/RSAKeyPairF.h>
-#include <IceSSL/RSACertificateGenF.h>
-#include <IceSSL/RSAPrivateKeyF.h>
-#include <IceSSL/RSAPublicKeyF.h>
-#include <IceSSL/Config.h>
-
-#include <openssl/ssl.h>
-
-
-namespace IceSSL
-{
-
-class ICE_SSL_API RSAKeyPair : public IceUtil::Shared
-{
-public:
-
-    // Construction from Base64 encodings.
-    RSAKeyPair(const std::string&, const std::string&);
-
-    // Construction from binary DER encoding ByteSeq's.
-    RSAKeyPair(const Ice::ByteSeq&, const Ice::ByteSeq&);
-
-    virtual ~RSAKeyPair();
-
-    // Conversions to Base64 encodings.
-    void keyToBase64(std::string&);
-    void certToBase64(std::string&);
-
-    // Conversions to binary DER encodings.
-    void keyToByteSeq(Ice::ByteSeq&);
-    void certToByteSeq(Ice::ByteSeq&);
-
-    // Get the internal key structures as per the OpenSSL implementation.
-    RSA* getRSAPrivateKey() const;
-    X509* getX509PublicKey() const;
-
-private:
-
-    RSAKeyPair(const RSAPrivateKeyPtr&, const RSAPublicKeyPtr&);
-
-    friend class RSACertificateGen;
-
-    RSAPrivateKeyPtr _privateKey;
-    RSAPublicKeyPtr _publicKey;
-};
-
-}
-
-#endif
diff --git a/cpp/include/IceSSL/RSAKeyPairF.h b/cpp/include/IceSSL/RSAKeyPairF.h
deleted file mode 100644
index 70ebbde808c..00000000000
--- a/cpp/include/IceSSL/RSAKeyPairF.h
+++ /dev/null
@@ -1,32 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_RSA_KEY_PAIR_F_H
-#define ICE_SSL_RSA_KEY_PAIR_F_H
-
-#include <Ice/Handle.h>
-#include <IceSSL/Config.h>
-
-namespace IceSSL
-{
-
-class RSAKeyPair;
-typedef IceInternal::Handle<RSAKeyPair> RSAKeyPairPtr;
-
-}
-
-namespace IceInternal
-{
-
-void ICE_SSL_API incRef(::IceSSL::RSAKeyPair*);
-void ICE_SSL_API decRef(::IceSSL::RSAKeyPair*);
-
-}
-
-#endif
diff --git a/cpp/include/IceSSL/RSAPrivateKey.h b/cpp/include/IceSSL/RSAPrivateKey.h
deleted file mode 100644
index bfed56bb16c..00000000000
--- a/cpp/include/IceSSL/RSAPrivateKey.h
+++ /dev/null
@@ -1,60 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_RSA_PRIVATE_KEY_H
-#define ICE_SSL_RSA_PRIVATE_KEY_H
-
-#include <IceUtil/Shared.h>
-
-#include <Ice/BuiltinSequences.h>
-
-#include <IceSSL/Config.h>
-#include <IceSSL/RSAPrivateKeyF.h>
-
-#include <openssl/ssl.h>
-
-
-
-namespace IceSSL
-{
-
-class ICE_SSL_API RSAPrivateKey : public IceUtil::Shared
-{
-public:
-
-    // Construction from Base64 encoding.
-    RSAPrivateKey(const std::string&);
-
-    // Construction from binary DER encoding ByteSeq.
-    RSAPrivateKey(const Ice::ByteSeq&);
-
-    // Construction from RSA Private Key structure (simple initialization).
-    RSAPrivateKey(RSA*);
-
-    ~RSAPrivateKey();
-
-    // Conversion to Base64 encoding.
-    void keyToBase64(std::string&);
-
-    // Conversion to binary DER encoding.
-    void keyToByteSeq(Ice::ByteSeq&);
-
-    // Get the internal key structure as per the OpenSSL implementation.
-    RSA* get() const;
-
-private:
-
-    void byteSeqToKey(const Ice::ByteSeq&);
-
-    RSA* _privateKey;
-};
-
-}
-
-#endif
diff --git a/cpp/include/IceSSL/RSAPrivateKeyF.h b/cpp/include/IceSSL/RSAPrivateKeyF.h
deleted file mode 100644
index 1fea0669c57..00000000000
--- a/cpp/include/IceSSL/RSAPrivateKeyF.h
+++ /dev/null
@@ -1,31 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_RSA_PRIVATE_KEY_F_H
-#define ICE_SSL_RSA_PRIVATE_KEY_F_H
-
-#include <Ice/Handle.h>
-
-namespace IceSSL
-{
-
-class RSAPrivateKey;
-typedef IceInternal::Handle<RSAPrivateKey> RSAPrivateKeyPtr;
-
-}
-
-namespace IceInternal
-{
-
-void incRef(::IceSSL::RSAPrivateKey*);
-void decRef(::IceSSL::RSAPrivateKey*);
-
-}
-
-#endif
diff --git a/cpp/include/IceSSL/RSAPublicKey.h b/cpp/include/IceSSL/RSAPublicKey.h
deleted file mode 100644
index e16d7ac71ea..00000000000
--- a/cpp/include/IceSSL/RSAPublicKey.h
+++ /dev/null
@@ -1,58 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_RSA_PUBLIC_KEY_H
-#define ICE_SSL_RSA_PUBLIC_KEY_H
-
-#include <IceUtil/Shared.h>
-
-#include <Ice/BuiltinSequences.h>
-
-#include <IceSSL/Config.h>
-#include <IceSSL/RSAPublicKeyF.h>
-
-#include <openssl/ssl.h>
-
-namespace IceSSL
-{
-
-class ICE_SSL_API RSAPublicKey : public IceUtil::Shared
-{
-public:
-
-    // Construction from Base64 encoding.
-    RSAPublicKey(const std::string&);
-
-    // Construction from binary DER encoding ByteSeq.
-    RSAPublicKey(const Ice::ByteSeq&);
-
-    // Construction from X509 structure (simple initialization).
-    RSAPublicKey(X509*);
-
-    virtual ~RSAPublicKey();
-
-    // Conversion to Base64 encoding.
-    void certToBase64(std::string&);
-
-    // Conversion to binary DER encoding.
-    void certToByteSeq(Ice::ByteSeq&);
-
-    // Get the internal key structure as per the OpenSSL implementation.
-    X509* getX509PublicKey() const;
-
-private:
-
-    void byteSeqToCert(const Ice::ByteSeq&);
-
-    X509* _publicKey;
-};
-
-}
-
-#endif
diff --git a/cpp/include/IceSSL/RSAPublicKeyF.h b/cpp/include/IceSSL/RSAPublicKeyF.h
deleted file mode 100644
index ce07db65316..00000000000
--- a/cpp/include/IceSSL/RSAPublicKeyF.h
+++ /dev/null
@@ -1,31 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_RSA_PUBLIC_KEY_F_H
-#define ICE_SSL_RSA_PUBLIC_KEY_F_H
-
-#include <Ice/Handle.h>
-
-namespace IceSSL
-{
-
-class RSAPublicKey;
-typedef IceInternal::Handle<RSAPublicKey> RSAPublicKeyPtr;
-
-}
-
-namespace IceInternal
-{
-
-void incRef(::IceSSL::RSAPublicKey*);
-void decRef(::IceSSL::RSAPublicKey*);
-
-}
-
-#endif
diff --git a/cpp/slice/IceSSL/CertificateVerifier.ice b/cpp/slice/IceSSL/CertificateVerifier.ice
deleted file mode 100644
index e49bd15858c..00000000000
--- a/cpp/slice/IceSSL/CertificateVerifier.ice
+++ /dev/null
@@ -1,50 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CERTIFICATE_VERIFIER_ICE
-#define ICE_SSL_CERTIFICATE_VERIFIER_ICE
-
-#include <IceSSL/Plugin.ice>
-
-module IceSSL
-{
-
-/**
- *
- * The [CertificateVerifier] is the base interface for all classes that define
- * additional application-specific certificate verification rules.  These rules
- * are evaluated during the SSL handshake by an instance of a class derived
- * from [CertificateVerifier].  The methods defined in derived interfaces will
- * depend upon the requirements of the underlying SSL implementation.
- *
- * Default certificate verifier implementations can be obtained via the
- * [Plugin].
- *
- * As this is simply a base class for purposes of derivation, no methods are
- * defined.
- *
- * @see Plugin
- *
- **/
-local interface CertificateVerifier
-{
-    /**
-     *
-     * Set the context type of this Certificate Verifier.
-     *
-     * @param type The type of context that is using this CertificateVerifier,
-     * Client, Server or ClientServer.
-     *
-     **/
-    void setContext(ContextType type);
-};
-
-};
-
-#endif
diff --git a/cpp/slice/IceSSL/Exception.ice b/cpp/slice/IceSSL/Exception.ice
deleted file mode 100644
index 01f175cb3ab..00000000000
--- a/cpp/slice/IceSSL/Exception.ice
+++ /dev/null
@@ -1,256 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_EXCEPTION_ICE
-#define ICE_SSL_EXCEPTION_ICE
-
-module IceSSL
-{
-
-/**
- *
- * This exception represents the base of all security related exceptions
- * in &Ice;. It is a local exception because, usually, a problem with security
- * precludes a proper secure connection over which to transmit exceptions.
- * In addition, many exceptions would contain information that is of no use
- * to external clients/servers.
- *
- **/
-local exception SslException
-{
-    /**
-     *
-     * Contains pertinent information from the security system to help
-     * explain the nature of the exception in greater detail. In some
-     * instances, it contains information from the underlying security
-     * implementation and/or debugging trace.
-     *
-     **/
-    string message;
-};
-
-/**
- *
- * This exception indicates that an attempt was made to load the
- * configuration for a <literal>Context</literal>, but the
- * property specifying the indicated <literal>Context</literal>'s 
- * SSL configuration file was not set. Check the values for the
- * appropriate property, either <literal>IceSSL.Client.Config</literal>
- * or <literal>IceSSL.Server.Config</literal>.
- *
- **/
-local exception ConfigurationLoadingException extends SslException
-{
-};
-
-/**
- *
- * This exception indicates that a problem occurred while parsing the
- * SSL configuration file, or while attempting to locate the configuration
- * file. This exception could indicate a
- * problem with the <literal>IceSSL.Client.Config</literal>,
- * <literal>IceSSL.Server.Config</literal>,
- * <literal>IceSSL.Client.CertPath</literal> or
- * <literal>IceSSL.Server.CertPath</literal> properties for your
- * [Ice::Communicator].
- *
- **/
-local exception ConfigParseException extends SslException
-{
-};
-
-/**
- *
- * This exception generally indicates that a problem occurred
- * that caused the shutdown of an SSL connection.
- *
- **/
-local exception ShutdownException extends SslException
-{
-};
-
-/**
- *
- * Indicates that a problem occurred that violates the SSL
- * protocol, causing the connection to be shutdown.
- *
- **/
-local exception ProtocolException extends ShutdownException
-{
-};
-
-/**
- *
- * Indicates a problem occurred during the certificate
- * verification phase of the SSL handshake. This is currently only
- * thrown by server connections.
- *
- **/
-local exception CertificateVerificationException extends ShutdownException
-{
-};
-
-/**
- *
- * A root exception class for all exceptions related to public key
- * certificates.
- *
- **/
-local exception CertificateException extends SslException
-{
-};
-
-/**
- *
- * Indicates that a problem occurred while signing certificates during
- * temporary RSA certificate generation.
- *
- **/
-local exception CertificateSigningException extends CertificateException
-{
-};
-
-/**
- *
- * Indicates that the signature verification of a newly signed temporary
- * RSA certificate has failed.
- *
- **/
-local exception CertificateSignatureException extends CertificateException
-{
-};
-
-/**
- *
- * Indicates that IceSSL was unable to parse the provided public key
- * certificate into a form usable by the underlying SSL implementation.
- *
- **/
-local exception CertificateParseException extends CertificateException
-{
-};
-
-/**
- *
- * A root exception class for all exceptions related to private keys.
- *
- **/
-local exception PrivateKeyException extends SslException
-{
-};
-
-/**
- *
- * Indicates that IceSSL was unable to parse the provided private key
- * into a form usable by the underlying SSL implementation.
- *
- **/
-local exception PrivateKeyParseException extends PrivateKeyException
-{
-};
-
-/**
- *
- * This exception indicates that the provided CertificateVerifier was
- * not derived from the proper base class, and thus, does not provide
- * the appropriate interface.
- *
- */
-local exception CertificateVerifierTypeException extends SslException
-{
-};
-
-/**
- *
- * A problem was encountered while setting up the
- * <literal>Context</literal>.  This can include problems related
- * to loading certificates and keys or calling methods on a
- * <literal>Context</literal> that has not been initialized as of yet.
- *
- **/
-local exception ContextException extends SslException
-{
-};
-
-/**
- *
- * Indicates that a problem occurred while initializing the context structure
- * of the underlying SSL implementation.
- *
- **/
-local exception ContextInitializationException extends ContextException
-{
-};
-
-/**
- *
- * This exception is raised when an attempt is made to make use of a
- * <literal>Context</literal> that has not been configured yet.
- *
- **/
-local exception ContextNotConfiguredException extends ContextException
-{
-};
-
-/**
- *
- * An attempt was made to call a method that references a
- * [IceSSL::ContextType] that is not supported for that operation.
- *
- **/
-local exception UnsupportedContextException extends ContextException
-{
-};
-
-/**
- *
- * Indicates that a problem occurred while loading a certificate
- * into a <literal>Context</literal> from either a memory buffer
- * or from a file.
- *
- **/
-local exception CertificateLoadException extends ContextException
-{
-};
-
-/**
- *
- * Indicates that a problem occurred while loading a private key
- * into a <literal>Context</literal> from either a memory buffer
- * or from a file.
- *
- **/
-local exception PrivateKeyLoadException extends ContextException
-{
-};
-
-/**
- *
- * When loading a public and private key pair into a
- * <literal>Context</literal>, the load succeeded, but the private
- * key and public key (certificate) did not match.
- *
- **/
-local exception CertificateKeyMatchException extends ContextException
-{
-};
-
-/**
- *
- * An attempt to add a certificate to the <literal>Context</literal>'s
- * trusted certifificate store has failed.
- *
- **/
-local exception TrustedCertificateAddException extends ContextException
-{
-};
-
-};
-
-#endif
diff --git a/cpp/slice/IceSSL/Makefile b/cpp/slice/IceSSL/Makefile
deleted file mode 100644
index ffc7e00e86f..00000000000
--- a/cpp/slice/IceSSL/Makefile
+++ /dev/null
@@ -1,26 +0,0 @@
-# **********************************************************************
-#
-# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-#
-# This copy of Ice is licensed to you under the terms described in the
-# ICE_LICENSE file included in this distribution.
-#
-# **********************************************************************
-
-top_srcdir	= ../..
-
-include $(top_srcdir)/config/Make.rules
-
-install::
-	@if test ! -d $(install_slicedir)/IceSSL ; \
-	then \
-	    echo "Creating $(install_slicedir)/IceSSL..." ; \
-	    $(call mkdir,$(install_slicedir)/IceSSL) ; \
-	fi
-
-	@for i in *.ice ; \
-	do \
-	    echo "Installing $$i" ; \
-	    $(INSTALL_DATA) $$i $(install_slicedir)/IceSSL/$$i ; \
-	    chmod a+r $(install_slicedir)/IceSSL/$$i ; \
-	done
diff --git a/cpp/slice/IceSSL/Plugin.ice b/cpp/slice/IceSSL/Plugin.ice
deleted file mode 100644
index f9ce44bde0c..00000000000
--- a/cpp/slice/IceSSL/Plugin.ice
+++ /dev/null
@@ -1,229 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_PLUGIN_ICE
-#define ICE_SSL_PLUGIN_ICE
-
-#include <Ice/BuiltinSequences.ice>
-#include <Ice/Plugin.ice>
-#include <IceSSL/CertificateVerifierF.ice>
-
-/**
- *
- * &IceSSL; is a dynamic SSL transport plug-in for the &Ice; core. It
- * provides authentication, encryption, and message integrity, using
- * the industry-standard SSL protocol.
- *
- **/
-module IceSSL
-{
-
-/**
- *
- * A [Plugin] may serve as a Client, Server or both (ClientServer).  A
- * <literal>Context</literal> is set up inside the [Plugin] in order to handle
- * either Client or Server roles.  The <literal>Context</literal> represents a
- * role-specific configuration.
- *
- * Some [Plugin] operations require a <literal>ContextType</literal> argument to
- * identify the <literal>Context</literal>.
- *
- **/
-enum ContextType
-{
-    /** Select only the Client <literal>Context</literal>, no modifications to the Server. */
-    Client,
-
-    /** Select only the Server <literal>Context</literal>, no modifications to the Client. */
-    Server,
-
-    /** Select and affect changes on both the Client and Server <literal>Context</literal>s. */
-    ClientServer
-};
-
-/**
- *
- * The interface for the SSL plug-in. This interface is typically
- * used to perform programmatic configuration of the plug-in.
- *
- **/
-local interface Plugin extends Ice::Plugin
-{
-    /**
-     *
-     * Configure the plug-in. If the plug-in is left in an
-     * unconfigured state, it will load its configuration from
-     * the properties <literal>IceSSL.Server.Config</literal> or
-     * <literal>IceSSL.Client.Config</literal>, depending on the context
-     * type.
-     *
-     * Configuration property settings will also be loaded during
-     * this operation, with the property values overriding those of the
-     * configuration file.
-     *
-     * @param contextType The <literal>Context</literal>(s) to configure.
-     *
-     **/
-    void configure(ContextType cType);
-
-    /**
-     *
-     * Configure the plug-in for the given <literal>Context</literal>
-     * using the settings in the given configuration file.
-     *
-     * If the plug-in is left in an unconfigured state, it
-     * will load its configuration from the property
-     * <literal>IceSSL.Server.Config</literal> or
-     * <literal>IceSSL.Client.Config</literal>, depending on
-     * the context type.
-     *
-     * Configuration property settings will also be loaded as part of
-     * this operation, with the property values overriding those of the
-     * configuration file.
-     *
-     * @param contextType The <literal>Context</literal> to configure.
-     *
-     * @param configFile The file containing the SSL configuration
-     * information.
-     *
-     * @param certPath The path where certificates referenced in
-     * [configFile] may be found.
-     *
-     **/
-    void loadConfig(ContextType cType, string configFile, string certPath);
-
-    /**
-     *
-     * Set the [CertificateVerifier] used for the indicated [ContextType]
-     * role. All plug-in <literal>Context</literal>s are created with default
-     * [CertificateVerifier] objects installed. Replacement
-     * [CertificateVerifier]s can be specified using this operation.
-     *
-     * This operation only affects new connections -- existing
-     * connections are left unchanged.
-     *
-     * @param contextType The <literal>Context</literal>(s) in which to install the
-     * Certificate Verifier.
-     *
-     * @param certVerifier The [CertificateVerifier] to install.
-     *
-     * @see IceSSL::CertificateVerifier
-     *
-     **/
-    void setCertificateVerifier(ContextType cType, CertificateVerifier certVerifier);
-
-    /**
-     *
-     * Add a trusted certificate to the plug-in's default certificate
-     * store. The provided certificate (passed in Base64-encoded
-     * binary DER format, as per the PEM format) is added to the
-     * trust list so that the certificate, and all certificates signed
-     * by its private key, are trusted.
-     *
-     * This method only affects new connections -- existing
-     * connections are left unchanged.
-     *
-     * @param contextType The <literal>Context</literal>(s) in which to add
-     * the trusted certificate.
-     *
-     * @param certificate The certificate to be trusted, in Base64-encoded
-     * binary DER format.
-     *
-     **/
-    void addTrustedCertificateBase64(ContextType cType, string certificate);
-
-    /**
-     *
-     * Add a trusted certificate to the plug-in's default certificate
-     * store.  The provided certificate (passed in binary DER format)
-     * is added to the trust list so that the certificate, and
-     * all certificates signed by its private key, are trusted.
-     *
-     * This method only affects new connections -- existing
-     * connections are left unchanged.
-     *
-     * @param contextType The <literal>Context</literal>(s) in which to add
-     * the trusted certificate.
-     *
-     * @param certificate The certificate, in binary DER format, to be trusted.
-     *
-     **/
-    void addTrustedCertificate(ContextType cType, Ice::ByteSeq certificate);
-
-    /**
-     *
-     * Set the RSA keys to be used by the plug-in when operating in
-     * the context mode specified by [contextType].
-     *
-     * This method only affects new connections -- existing
-     * connections are left unchanged.
-     *
-     * @param contextType The <literal>Context</literal>(s) in which to
-     * set/replace the RSA keys.
-     *
-     * @param privateKey The RSA private key, in Base64-encoded binary
-     * DER format.
-     *
-     * @param publicKey The RSA public key, in Base64-encoded binary
-     * DER format.
-     *
-     **/
-    void setRSAKeysBase64(ContextType cType, string privateKey, string publicKey);
-
-    /**
-     *
-     * Set the RSA keys to be used by the plug-in when operating in
-     * the context mode specified by [contextType].
-     *
-     * This method only affects new connections -- existing
-     * connections are left unchanged.
-     *
-     * @param contextType The <literal>Context</literal>(s) in which to
-     * set/replace the RSA keys.
-     *
-     * @param privateKey The RSA private key, in binary DER format.
-     *
-     * @param publicKey The RSA public key, in binary DER format.
-     *
-     **/
-    void setRSAKeys(ContextType cType, Ice::ByteSeq privateKey, Ice::ByteSeq publicKey);
-
-    /**
-     *
-     * Retrieves an instance of the [CertificateVerifier] that is
-     * installed by default in all plug-in instances.
-     *
-     * @return CertificateVerifier
-     *
-     **/
-    CertificateVerifier getDefaultCertVerifier();
-
-    /**
-     *
-     * Returns an instance of a [CertificateVerifier] that only accepts
-     * a single certificate, that being the RSA certificate represented by
-     * the binary DER encoding contained in the provided byte sequence.  This
-     * is useful if you wish your application to accept connections from one
-     * party.
-     *
-     * <note><para>Be sure to use the <literal>peer</literal>
-     * <literal>verifymode</literal> in your SSL configuration file.</para>
-     * </note>
-     *
-     * @param certificate A DER encoded RSA certificate.
-     *
-     * @return CertificateVerifier
-     *
-     **/
-    CertificateVerifier getSingleCertVerifier(Ice::ByteSeq certificate);
-};
-
-};
-
-#endif
diff --git a/cpp/slice/IceSSL/PluginF.ice b/cpp/slice/IceSSL/PluginF.ice
deleted file mode 100644
index f7c55b2832c..00000000000
--- a/cpp/slice/IceSSL/PluginF.ice
+++ /dev/null
@@ -1,20 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_PLUGIN_F_ICE
-#define ICE_SSL_PLUGIN_F_ICE
-
-module IceSSL
-{
-
-local interface Plugin;
-
-};
-
-#endif
diff --git a/cpp/slice/Makefile b/cpp/slice/Makefile
index 5566c3b2684..ebbe47982c2 100644
--- a/cpp/slice/Makefile
+++ b/cpp/slice/Makefile
@@ -16,7 +16,6 @@ SUBDIRS		= Freeze \
 		  Ice \
 		  IceBox \
 		  IcePatch2 \
-		  IceSSL \
 		  IceStorm \
 		  IceGrid
 
diff --git a/cpp/src/Ice/Network.cpp b/cpp/src/Ice/Network.cpp
index deb8e18fa66..201d63f5bbe 100644
--- a/cpp/src/Ice/Network.cpp
+++ b/cpp/src/Ice/Network.cpp
@@ -223,20 +223,6 @@ IceInternal::createSocket(bool udp)
     return fd;
 }
 
-static void
-closeSocketNoThrow(SOCKET fd)
-{
-#ifdef _WIN32
-    int error = WSAGetLastError();
-    closesocket(fd);
-    WSASetLastError(error);
-#else
-    int error = errno;
-    close(fd);
-    errno = error;
-#endif
-}
-
 void
 IceInternal::closeSocket(SOCKET fd)
 {
@@ -260,6 +246,20 @@ IceInternal::closeSocket(SOCKET fd)
     errno = error;
 #endif
 }
+
+void
+IceInternal::closeSocketNoThrow(SOCKET fd)
+{
+#ifdef _WIN32
+    int error = WSAGetLastError();
+    closesocket(fd);
+    WSASetLastError(error);
+#else
+    int error = errno;
+    close(fd);
+    errno = error;
+#endif
+}
     
 void
 IceInternal::shutdownSocketWrite(SOCKET fd)
@@ -1200,33 +1200,18 @@ IceInternal::fdToString(SOCKET fd)
     struct sockaddr_in localAddr;
     fdToLocalAddress(fd, localAddr);
 
-    bool peerNotConnected = false;
-    socklen_t remoteLen = static_cast<socklen_t>(sizeof(struct sockaddr_in));
     struct sockaddr_in remoteAddr;
-    if(getpeername(fd, reinterpret_cast<struct sockaddr*>(&remoteAddr), &remoteLen) == SOCKET_ERROR)
-    {
-	if(notConnected())
-	{
-	    peerNotConnected = true;
-	}
-	else
-	{
-	    closeSocketNoThrow(fd);
-	    SocketException ex(__FILE__, __LINE__);
-	    ex.error = getSocketErrno();
-	    throw ex;
-	}
-    }
+    bool peerConnected = fdToRemoteAddress(fd, remoteAddr);
 
     ostringstream s;
     s << "local address = " << addrToString(localAddr);
-    if(peerNotConnected)
+    if(peerConnected)
     {
-	s << "\nremote address = <not connected>";
+	s << "\nremote address = " << addrToString(remoteAddr);
     }
     else
     {
-	s << "\nremote address = " << addrToString(remoteAddr);
+	s << "\nremote address = <not connected>";
     }
     return s.str();
 }
@@ -1244,6 +1229,28 @@ IceInternal::fdToLocalAddress(SOCKET fd, struct sockaddr_in& addr)
     }
 }
 
+bool
+IceInternal::fdToRemoteAddress(SOCKET fd, struct sockaddr_in& addr)
+{
+    socklen_t len = static_cast<socklen_t>(sizeof(struct sockaddr_in));
+    if(getpeername(fd, reinterpret_cast<struct sockaddr*>(&addr), &len) == SOCKET_ERROR)
+    {
+	if(notConnected())
+	{
+	    return false;
+	}
+	else
+	{
+	    closeSocketNoThrow(fd);
+	    SocketException ex(__FILE__, __LINE__);
+	    ex.error = getSocketErrno();
+	    throw ex;
+	}
+    }
+
+    return true;
+}
+
 string
 IceInternal::addrToString(const struct sockaddr_in& addr)
 {
diff --git a/cpp/src/Ice/Network.h b/cpp/src/Ice/Network.h
index f178383af3f..c35d899089a 100644
--- a/cpp/src/Ice/Network.h
+++ b/cpp/src/Ice/Network.h
@@ -82,6 +82,7 @@ ICE_API bool recvTruncated();
 
 ICE_API SOCKET createSocket(bool);
 ICE_API void closeSocket(SOCKET);
+ICE_API void closeSocketNoThrow(SOCKET);
 ICE_API void shutdownSocketWrite(SOCKET);
 ICE_API void shutdownSocketReadWrite(SOCKET);
 
@@ -109,6 +110,7 @@ ICE_API std::string lastErrorToString();
 
 ICE_API std::string fdToString(SOCKET);
 ICE_API void fdToLocalAddress(SOCKET, struct sockaddr_in&);
+ICE_API bool fdToRemoteAddress(SOCKET, struct sockaddr_in&);
 ICE_API std::string addrToString(const struct sockaddr_in&);
 
 ICE_API std::vector<std::string> getLocalHosts();
diff --git a/cpp/src/Ice/PropertyNames.cpp b/cpp/src/Ice/PropertyNames.cpp
index dd7b013565a..97cc05cbc21 100644
--- a/cpp/src/Ice/PropertyNames.cpp
+++ b/cpp/src/Ice/PropertyNames.cpp
@@ -7,7 +7,7 @@
 //
 // **********************************************************************
 
-// Generated by makeprops.py from file `../config/PropertyNames.def', Wed Mar 22 09:08:02 2006
+// Generated by makeprops.py from file `../config/PropertyNames.def', Tue Mar 28 10:20:52 2006
 
 // IMPORTANT: Do not edit this file -- any edits made here will be lost!
 
@@ -203,38 +203,47 @@ const char* IceInternal::PropertyNames::IcePatch2Props[] =
 
 const char* IceInternal::PropertyNames::IceSSLProps[] =
 {
-    "IceSSL.Client.CertPath",
-    "IceSSL.Client.Config",
-    "IceSSL.Client.IgnoreValidPeriod",
-    "IceSSL.Client.Overrides.CACertificate",
-    "IceSSL.Client.Overrides.DSA.Certificate",
-    "IceSSL.Client.Overrides.DSA.PrivateKey",
-    "IceSSL.Client.Overrides.RSA.Certificate",
-    "IceSSL.Client.Overrides.RSA.PrivateKey",
-    "IceSSL.Client.Passphrase.Retries",
-    "IceSSL.Server.CertPath",
-    "IceSSL.Server.Config",
-    "IceSSL.Server.IgnoreValidPeriod",
-    "IceSSL.Server.Overrides.CACertificate",
-    "IceSSL.Server.Overrides.DSA.Certificate",
-    "IceSSL.Server.Overrides.DSA.PrivateKey",
-    "IceSSL.Server.Overrides.RSA.Certificate",
-    "IceSSL.Server.Overrides.RSA.PrivateKey",
-    "IceSSL.Server.Passphrase.Retries",
+    "IceSSL.Client.CertAuthDir",
+    "IceSSL.Client.CertAuthFile",
+    "IceSSL.Client.CertFile",
+    "IceSSL.Client.CheckCertName",
+    "IceSSL.Client.CheckCRL",
+    "IceSSL.Client.Ciphers",
+    "IceSSL.Client.DefaultDir",
+    "IceSSL.Client.DH.*",
+    "IceSSL.Client.KeyFile",
+    "IceSSL.Client.Password",
+    "IceSSL.Client.PasswordRetryMax",
+    "IceSSL.Client.Protocols",
+    "IceSSL.Client.VerifyDepthMax",
+    "IceSSL.Client.VerifyPeer",
+    "IceSSL.DelayInit",
+    "IceSSL.EntropyDaemon",
+    "IceSSL.ImportCert.*",
+    "IceSSL.Random",
+    "IceSSL.Server.CertAuthDir",
+    "IceSSL.Server.CertAuthFile",
+    "IceSSL.Server.CertFile",
+    "IceSSL.Server.CheckCRL",
+    "IceSSL.Server.Ciphers",
+    "IceSSL.Server.DefaultDir",
+    "IceSSL.Server.DH.*",
+    "IceSSL.Server.KeyFile",
+    "IceSSL.Server.Password",
+    "IceSSL.Server.PasswordRetryMax",
+    "IceSSL.Server.Protocols",
+    "IceSSL.Server.VerifyDepthMax",
+    "IceSSL.Server.VerifyPeer",
     "IceSSL.Trace.Security",
     "IceSSL.Client.Certs",
     "IceSSL.Client.CertsPassword",
-    "IceSSL.Client.Ciphers",
     "IceSSL.Client.Keystore",
     "IceSSL.Client.KeystorePassword",
-    "IceSSL.Client.Password",
     "IceSSL.Server.Certs",
     "IceSSL.Server.CertsPassword",
-    "IceSSL.Server.Ciphers",
     "IceSSL.Server.ClientAuth",
     "IceSSL.Server.Keystore",
     "IceSSL.Server.KeystorePassword",
-    "IceSSL.Server.Password",
     0
 };
 
diff --git a/cpp/src/Ice/PropertyNames.h b/cpp/src/Ice/PropertyNames.h
index 36bfecd88f5..471140102df 100644
--- a/cpp/src/Ice/PropertyNames.h
+++ b/cpp/src/Ice/PropertyNames.h
@@ -7,7 +7,7 @@
 //
 // **********************************************************************
 
-// Generated by makeprops.py from file `../config/PropertyNames.def', Wed Mar 22 09:08:02 2006
+// Generated by makeprops.py from file `../config/PropertyNames.def', Tue Mar 28 10:20:52 2006
 
 // IMPORTANT: Do not edit this file -- any edits made here will be lost!
 
diff --git a/cpp/src/IceSSL/.depend b/cpp/src/IceSSL/.depend
index c29829404d8..023fb8d7838 100644
--- a/cpp/src/IceSSL/.depend
+++ b/cpp/src/IceSSL/.depend
@@ -1,37 +1,8 @@
-BaseCerts.o: BaseCerts.cpp ../IceSSL/BaseCerts.h ../IceSSL/CertificateDesc.h ../../include/IceUtil/Config.h
-CertificateAuthority.o: CertificateAuthority.cpp ../IceSSL/CertificateAuthority.h ../../include/IceUtil/Config.h
-CertificateDesc.o: CertificateDesc.cpp ../IceSSL/CertificateDesc.h ../../include/IceUtil/Config.h
-CertificateVerifierF.o: CertificateVerifierF.cpp ../../include/IceSSL/CertificateVerifierF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/UndefSysMacros.h
-CertificateVerifier.o: CertificateVerifier.cpp ../../include/IceSSL/CertificateVerifier.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/IceSSL/Plugin.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Buffer.h ../../include/Ice/Object.h ../../include/Ice/GCShared.h ../../include/Ice/GCRecMutex.h ../../include/IceUtil/RecMutex.h ../../include/Ice/IncomingAsyncF.h
-CertificateVerifierOpenSSL.o: CertificateVerifierOpenSSL.cpp ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceUtil/Config.h ../../include/IceSSL/CertificateVerifier.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/IceSSL/Plugin.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h
-ClientContext.o: ClientContext.cpp ../../include/Ice/Communicator.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/LoggerF.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LoggerUtil.h ../../include/IceSSL/Exception.h ../IceSSL/ClientContext.h ../IceSSL/OpenSSLPluginIF.h ../IceSSL/Context.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/ContextF.h ../../include/Ice/BuiltinSequences.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/GeneralConfig.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/CertificateDesc.h ../IceSSL/TempCerts.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/SslTransceiver.h ../../include/IceUtil/StaticMutex.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../../include/Ice/Buffer.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h
-ConfigParser.o: ConfigParser.cpp ../IceSSL/ConfigParser.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/UndefSysMacros.h ../IceSSL/CertificateDesc.h ../IceSSL/GeneralConfig.h ../IceSSL/OpenSSL.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/TraceLevelsF.h ../../include/IceXML/Parser.h ../../include/IceSSL/Exception.h
-Context.o: Context.cpp ../../include/Ice/Communicator.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/LoggerF.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LoggerUtil.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../IceSSL/DefaultCertificateVerifier.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h ../../include/IceSSL/Exception.h ../../include/IceSSL/RSAKeyPair.h ../../include/IceSSL/RSAKeyPairF.h ../../include/IceSSL/RSACertificateGenF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/RSAPublicKeyF.h ../IceSSL/CertificateDesc.h ../IceSSL/SslTransceiver.h ../IceSSL/SslTransceiverF.h ../IceSSL/OpenSSLPluginIF.h ../../include/IceUtil/StaticMutex.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../../include/Ice/Buffer.h ../IceSSL/Context.h ../IceSSL/ContextF.h ../IceSSL/OpenSSL.h ../IceSSL/GeneralConfig.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../../include/IceSSL/RSAPublicKey.h ../IceSSL/OpenSSLJanitors.h ../IceSSL/OpenSSLUtils.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h
-Convert.o: Convert.cpp ../../include/IceUtil/Config.h ../IceSSL/Convert.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h
-DefaultCertificateVerifier.o: DefaultCertificateVerifier.cpp ../../include/Ice/Communicator.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/LoggerF.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LoggerUtil.h ../IceSSL/OpenSSL.h ../IceSSL/DefaultCertificateVerifier.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/OpenSSLUtils.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h
-DHParams.o: DHParams.cpp ../IceSSL/DHParams.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/IceUtil/Exception.h ../IceSSL/DHParamsF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h
-Exception.o: Exception.cpp ../../include/IceSSL/Exception.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/UndefSysMacros.h
-GeneralConfig.o: GeneralConfig.cpp ../IceSSL/GeneralConfig.h ../IceSSL/OpenSSL.h ../../include/IceUtil/Config.h
-OpenSSLJanitors.o: OpenSSLJanitors.cpp ../IceSSL/OpenSSLJanitors.h ../../include/IceUtil/Config.h
-OpenSSLPluginI.o: OpenSSLPluginI.cpp ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/IceUtil/Exception.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../IceSSL/OpenSSLPluginIF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ServerContext.h ../IceSSL/Context.h ../IceSSL/ContextF.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ClientContext.h ../IceSSL/DHParamsF.h ../../include/Ice/LoggerUtil.h ../../include/Ice/Properties.h ../../include/Ice/ProtocolPluginFacade.h ../../include/Ice/EndpointFactoryF.h ../../include/Ice/InstanceF.h ../../include/Ice/Communicator.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LocalException.h ../IceSSL/TraceLevels.h ../../include/IceSSL/Exception.h ../IceSSL/ConfigParser.h ../../include/IceXML/Parser.h ../IceSSL/OpenSSLJanitors.h ../IceSSL/OpenSSLUtils.h ../IceSSL/SslTransceiver.h ../../include/IceUtil/StaticMutex.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../../include/Ice/Buffer.h ../IceSSL/DefaultCertificateVerifier.h ../IceSSL/SingleCertificateVerifier.h ../IceSSL/SslEndpointI.h ../Ice/EndpointI.h ../Ice/ConnectorF.h ../Ice/AcceptorF.h ../../include/Ice/EndpointFactory.h ../../include/IceSSL/RSAPrivateKey.h ../IceSSL/DHParams.h
-OpenSSLUtils.o: OpenSSLUtils.cpp ../../include/IceUtil/StaticMutex.h ../../include/IceUtil/Config.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/IceUtil/Exception.h ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../IceSSL/OpenSSLPluginIF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ServerContext.h ../IceSSL/Context.h ../IceSSL/ContextF.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ClientContext.h ../IceSSL/DHParamsF.h ../IceSSL/OpenSSLUtils.h ../IceSSL/SslTransceiver.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../../include/Ice/Buffer.h
-PluginF.o: PluginF.cpp ../../include/IceSSL/PluginF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/UndefSysMacros.h
-Plugin.o: Plugin.cpp ../../include/IceSSL/Plugin.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Buffer.h ../../include/Ice/Object.h ../../include/Ice/GCShared.h ../../include/Ice/GCRecMutex.h ../../include/IceUtil/RecMutex.h ../../include/Ice/IncomingAsyncF.h
-RSACertificateGen.o: RSACertificateGen.cpp ../../include/IceUtil/Config.h ../../include/IceSSL/RSACertificateGen.h ../../include/IceSSL/RSAKeyPairF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/IceSSL/Config.h ../IceSSL/OpenSSLJanitors.h ../../include/IceSSL/RSAKeyPair.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LocalObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/IceSSL/RSACertificateGenF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAPrivateKey.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/Exception.h ../IceSSL/OpenSSLUtils.h
-RSAKeyPair.o: RSAKeyPair.cpp ../../include/IceUtil/Config.h ../../include/IceUtil/Base64.h ../../include/IceSSL/RSAKeyPair.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/IceUtil/Exception.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/IceSSL/RSAKeyPairF.h ../../include/IceSSL/Config.h ../../include/IceSSL/RSACertificateGenF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAPrivateKey.h ../../include/IceSSL/RSAPublicKey.h
-RSAPrivateKey.o: RSAPrivateKey.cpp ../../include/IceUtil/Config.h ../../include/IceUtil/Base64.h ../../include/IceSSL/RSAPrivateKey.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/IceUtil/Exception.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/IceSSL/Config.h ../../include/IceSSL/RSAPrivateKeyF.h ../IceSSL/Convert.h ../IceSSL/OpenSSLUtils.h ../../include/IceSSL/Exception.h
-RSAPublicKey.o: RSAPublicKey.cpp ../../include/IceUtil/Config.h ../../include/IceUtil/Base64.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/IceUtil/Exception.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/IceSSL/Config.h ../../include/IceSSL/RSAPublicKeyF.h ../IceSSL/Convert.h ../IceSSL/OpenSSLUtils.h ../../include/IceSSL/Exception.h
-ServerContext.o: ServerContext.cpp ../../include/Ice/Communicator.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/LoggerF.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LoggerUtil.h ../../include/IceSSL/Exception.h ../IceSSL/ServerContext.h ../IceSSL/OpenSSLPluginIF.h ../IceSSL/Context.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/ContextF.h ../../include/Ice/BuiltinSequences.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/GeneralConfig.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/CertificateDesc.h ../IceSSL/TempCerts.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/SslTransceiver.h ../../include/IceUtil/StaticMutex.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../../include/Ice/Buffer.h ../IceSSL/OpenSSLUtils.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h
-SingleCertificateVerifier.o: SingleCertificateVerifier.cpp ../IceSSL/SingleCertificateVerifier.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/Convert.h
-SslAcceptor.o: SslAcceptor.cpp ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/UndefSysMacros.h ../Ice/Network.h ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../IceSSL/OpenSSLPluginIF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ServerContext.h ../IceSSL/Context.h ../IceSSL/ContextF.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ClientContext.h ../IceSSL/DHParamsF.h ../IceSSL/SslAcceptor.h ../Ice/TransceiverF.h ../Ice/Acceptor.h ../Ice/AcceptorF.h ../IceSSL/SslTransceiver.h ../../include/IceUtil/StaticMutex.h ../Ice/Transceiver.h ../../include/Ice/Buffer.h ../IceSSL/TraceLevels.h
-SslConnector.o: SslConnector.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/UndefSysMacros.h ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ProtocolPluginFacadeF.h ../IceSSL/OpenSSLPluginIF.h ../../include/IceSSL/CertificateVerifierF.h ../IceSSL/TraceLevelsF.h ../IceSSL/SslTransceiverF.h ../../include/IceSSL/RSAPrivateKeyF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Plugin.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ServerContext.h ../IceSSL/Context.h ../IceSSL/ContextF.h ../IceSSL/OpenSSL.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../IceSSL/GeneralConfig.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ClientContext.h ../IceSSL/DHParamsF.h ../IceSSL/SslConnector.h ../Ice/TransceiverF.h ../Ice/Connector.h ../Ice/ConnectorF.h ../IceSSL/SslTransceiver.h ../../include/IceUtil/StaticMutex.h ../Ice/Transceiver.h ../../include/Ice/Buffer.h ../IceSSL/TraceLevels.h
-SslEndpointI.o: SslEndpointI.cpp ../Ice/Network.h ../../include/Ice/Config.h ../../include/IceUtil/Config.h ../../include/Ice/BasicStream.h ../../include/Ice/InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/ObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/Buffer.h ../../include/Ice/LocalException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/ProtocolPluginFacade.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/Ice/EndpointFactoryF.h ../IceSSL/SslEndpointI.h ../Ice/EndpointI.h ../Ice/TransceiverF.h ../Ice/ConnectorF.h ../Ice/AcceptorF.h ../../include/Ice/EndpointFactory.h ../IceSSL/OpenSSLPluginIF.h ../IceSSL/SslAcceptor.h ../../include/Ice/LoggerF.h ../IceSSL/TraceLevelsF.h ../Ice/Acceptor.h ../IceSSL/SslConnector.h ../Ice/Connector.h ../IceSSL/SslTransceiver.h ../../include/Ice/StatsF.h ../IceSSL/SslTransceiverF.h ../../include/IceSSL/CertificateVerifierF.h ../../include/IceUtil/StaticMutex.h ../Ice/Transceiver.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../../include/Ice/PropertiesF.h ../../include/IceSSL/RSAPrivateKeyF.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ServerContext.h ../IceSSL/Context.h ../IceSSL/ContextF.h ../IceSSL/OpenSSL.h ../IceSSL/GeneralConfig.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ClientContext.h ../IceSSL/DHParamsF.h
-SslException.o: SslException.cpp ../../include/Ice/LocalException.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/BuiltinSequences.h ../../include/IceSSL/Exception.h
-SslTransceiver.o: SslTransceiver.cpp ../../include/Ice/LoggerUtil.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/Stats.h ../Ice/Network.h ../../include/Ice/LocalException.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/BuiltinSequences.h ../IceSSL/SslTransceiver.h ../../include/Ice/StatsF.h ../IceSSL/SslTransceiverF.h ../IceSSL/OpenSSLPluginIF.h ../IceSSL/TraceLevelsF.h ../../include/IceSSL/CertificateVerifierF.h ../../include/IceUtil/StaticMutex.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ../../include/Ice/Buffer.h ../../include/IceSSL/CertificateVerifierOpenSSL.h ../../include/IceSSL/Config.h ../../include/IceSSL/CertificateVerifier.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../IceSSL/TraceLevels.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Exception.h ../IceSSL/OpenSSLPluginI.h ../../include/IceUtil/RecMutex.h ../../include/Ice/PropertiesF.h ../../include/IceSSL/RSAPrivateKeyF.h ../IceSSL/CertificateDesc.h ../IceSSL/CertificateAuthority.h ../IceSSL/BaseCerts.h ../IceSSL/TempCerts.h ../IceSSL/ServerContext.h ../IceSSL/Context.h ../IceSSL/ContextF.h ../IceSSL/OpenSSL.h ../IceSSL/GeneralConfig.h ../../include/IceSSL/RSAPublicKey.h ../../include/IceSSL/RSAPublicKeyF.h ../../include/IceSSL/RSAKeyPairF.h ../IceSSL/ClientContext.h ../IceSSL/DHParamsF.h ../IceSSL/OpenSSLUtils.h
-TempCerts.o: TempCerts.cpp ../IceSSL/TempCerts.h ../IceSSL/CertificateDesc.h ../../include/IceUtil/Config.h
-TraceLevels.o: TraceLevels.cpp ../IceSSL/TraceLevels.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/IceUtil/Exception.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/Ice/Config.h ../IceSSL/TraceLevelsF.h ../../include/Ice/Communicator.h ../../include/Ice/LocalObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/LoggerF.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/Properties.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/ProtocolPluginFacade.h ../../include/Ice/EndpointFactoryF.h ../../include/Ice/InstanceF.h
-Exception.cpp: ../../slice/IceSSL/Exception.ice
-PluginF.cpp: ../../slice/IceSSL/PluginF.ice
-Plugin.cpp: ../../slice/IceSSL/Plugin.ice ../../slice/Ice/BuiltinSequences.ice ../../slice/Ice/Plugin.ice ../../slice/IceSSL/CertificateVerifierF.ice
-CertificateVerifierF.cpp: ../../slice/IceSSL/CertificateVerifierF.ice
-CertificateVerifier.cpp: ../../slice/IceSSL/CertificateVerifier.ice ../../slice/IceSSL/Plugin.ice ../../slice/Ice/BuiltinSequences.ice ../../slice/Ice/Plugin.ice ../../slice/IceSSL/CertificateVerifierF.ice
+AcceptorI.o: AcceptorI.cpp ./AcceptorI.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ProxyF.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/UndefSysMacros.h ../Ice/TransceiverF.h ../Ice/Acceptor.h ../Ice/AcceptorF.h ./InstanceF.h ./Instance.h ./Context.h ./UtilF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ./TransceiverI.h ../../include/Ice/StatsF.h ../Ice/Transceiver.h ./Util.h ../Ice/Network.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LocalException.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LoggerUtil.h
+Context.o: Context.cpp ./Context.h ./InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyHandle.h ./UtilF.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/UndefSysMacros.h ./Instance.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ./Util.h ../Ice/Network.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LocalException.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/LoggerUtil.h ../../include/Ice/Properties.h
+ConnectorI.o: ConnectorI.cpp ./ConnectorI.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ProxyF.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/UndefSysMacros.h ../Ice/TransceiverF.h ../Ice/Connector.h ../Ice/ConnectorF.h ./InstanceF.h ./Instance.h ./Context.h ./UtilF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ./TransceiverI.h ../../include/Ice/StatsF.h ../Ice/Transceiver.h ./Util.h ../Ice/Network.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LocalException.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/LoggerUtil.h
+EndpointI.o: EndpointI.cpp ./EndpointI.h ../Ice/EndpointI.h ../../include/IceUtil/Shared.h ../../include/IceUtil/Config.h ../../include/Ice/Endpoint.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/Ice/Config.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ProxyF.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/EndpointIF.h ../../include/Ice/InstanceF.h ../Ice/TransceiverF.h ../Ice/ConnectorF.h ../Ice/AcceptorF.h ../../include/Ice/EndpointFactory.h ../../include/Ice/EndpointFactoryF.h ./InstanceF.h ./AcceptorI.h ../../include/Ice/LoggerF.h ../Ice/Acceptor.h ./ConnectorI.h ../Ice/Connector.h ./TransceiverI.h ../../include/Ice/StatsF.h ../Ice/Transceiver.h ./Instance.h ./Context.h ./UtilF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../Ice/Network.h ../../include/Ice/BasicStream.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/Buffer.h ../../include/Ice/Protocol.h ../../include/IceUtil/AutoArray.h ../../include/Ice/LocalException.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/BuiltinSequences.h ../Ice/DefaultsAndOverrides.h ../Ice/DefaultsAndOverridesF.h ../../include/Ice/PropertiesF.h
+Instance.o: Instance.cpp ./Instance.h ./InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyHandle.h ./Context.h ./UtilF.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ./EndpointI.h ../Ice/EndpointI.h ../../include/Ice/Endpoint.h ../../include/Ice/EndpointIF.h ../../include/Ice/InstanceF.h ../Ice/TransceiverF.h ../Ice/ConnectorF.h ../Ice/AcceptorF.h ../../include/Ice/EndpointFactory.h ../../include/Ice/EndpointFactoryF.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LocalException.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Logger.h ../../include/Ice/Properties.h ../../include/Ice/ProtocolPluginFacade.h
+PluginI.o: PluginI.cpp ./PluginI.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ../../include/Ice/LocalObjectF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyHandle.h ../../include/Ice/ProxyF.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/UndefSysMacros.h ./InstanceF.h ../../include/Ice/CommunicatorF.h ./Instance.h ./Context.h ./UtilF.h ../../include/Ice/LoggerF.h ../../include/Ice/ProtocolPluginFacadeF.h ./Util.h ../Ice/Network.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/BuiltinSequences.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/Communicator.h ../../include/Ice/StatsF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LocalException.h ../../include/Ice/Logger.h ../../include/Ice/Properties.h ../../include/IceUtil/StaticMutex.h
+TransceiverI.o: TransceiverI.cpp ./TransceiverI.h ./InstanceF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyHandle.h ../../include/Ice/LoggerF.h ../../include/Ice/LocalObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/IceUtil/Shared.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/StatsF.h ../Ice/Transceiver.h ../Ice/TransceiverF.h ./Instance.h ./Context.h ./UtilF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/ProtocolPluginFacadeF.h ../../include/IceSSL/Plugin.h ../../include/Ice/Plugin.h ./Util.h ../Ice/Network.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/Ice/Communicator.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/PropertiesF.h ../../include/Ice/ObjectFactoryF.h ../../include/Ice/RouterF.h ../../include/Ice/LocatorF.h ../../include/Ice/PluginF.h ../../include/Ice/LoggerUtil.h ../../include/Ice/Stats.h ../../include/Ice/Buffer.h ../../include/Ice/LocalException.h ../../include/Ice/BuiltinSequences.h
+Util.o: Util.cpp ./Util.h ./UtilF.h ../../include/Ice/Handle.h ../../include/IceUtil/Handle.h ../../include/IceUtil/Exception.h ../../include/IceUtil/Config.h ../../include/Ice/Config.h ../../include/Ice/ProxyHandle.h ../Ice/Network.h ../../include/IceUtil/Mutex.h ../../include/IceUtil/Lock.h ../../include/IceUtil/ThreadException.h ../../include/IceUtil/Shared.h ../../include/Ice/LocalException.h ../../include/Ice/LocalObjectF.h ../../include/Ice/ProxyF.h ../../include/Ice/ObjectF.h ../../include/Ice/Exception.h ../../include/Ice/LocalObject.h ../../include/Ice/Proxy.h ../../include/Ice/ProxyFactoryF.h ../../include/Ice/ConnectionIF.h ../../include/Ice/EndpointIF.h ../../include/Ice/Endpoint.h ../../include/Ice/UndefSysMacros.h ../../include/Ice/ObjectAdapterF.h ../../include/Ice/ReferenceF.h ../../include/Ice/OutgoingAsyncF.h ../../include/Ice/Current.h ../../include/Ice/ConnectionF.h ../../include/Ice/Identity.h ../../include/Ice/StreamF.h ../../include/Ice/CommunicatorF.h ../../include/Ice/BuiltinSequences.h
diff --git a/cpp/src/IceSSL/AcceptorI.cpp b/cpp/src/IceSSL/AcceptorI.cpp
new file mode 100644
index 00000000000..dc4f0b1f8ad
--- /dev/null
+++ b/cpp/src/IceSSL/AcceptorI.cpp
@@ -0,0 +1,291 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <AcceptorI.h>
+#include <Instance.h>
+#include <TransceiverI.h>
+#include <Util.h>
+#include <Ice/Communicator.h>
+#include <Ice/Exception.h>
+#include <Ice/LocalException.h>
+#include <Ice/LoggerUtil.h>
+#include <Ice/Network.h>
+
+using namespace std;
+using namespace Ice;
+using namespace IceSSL;
+
+SOCKET
+IceSSL::AcceptorI::fd()
+{
+    return _fd;
+}
+
+void
+IceSSL::AcceptorI::close()
+{
+    if(_instance->networkTraceLevel() >= 1)
+    {
+	Trace out(_logger, _instance->networkTraceCategory());
+	out << "stopping to accept ssl connections at " << toString();
+    }
+
+    SOCKET fd = _fd;
+    _fd = INVALID_SOCKET;
+    IceInternal::closeSocket(fd);
+}
+
+void
+IceSSL::AcceptorI::listen()
+{
+    try
+    {
+	IceInternal::doListen(_fd, _backlog);
+    }
+    catch(...)
+    {
+	_fd = INVALID_SOCKET;
+	throw;
+    }
+
+    if(_instance->networkTraceLevel() >= 1)
+    {
+	Trace out(_logger, _instance->networkTraceCategory());
+	out << "accepting ssl connections at " << toString();
+    }
+}
+
+IceInternal::TransceiverPtr
+IceSSL::AcceptorI::accept(int timeout)
+{
+    //
+    // The plugin may not be fully initialized.
+    //
+    ContextPtr ctx = _instance->serverContext();
+
+    SOCKET fd = IceInternal::doAccept(_fd, timeout);
+    IceInternal::setBlock(fd, false);
+
+    //
+    // Get a description of the remote address in case we need it later.
+    //
+    struct sockaddr_in remoteAddr;
+    string desc;
+    if(IceInternal::fdToRemoteAddress(fd, remoteAddr))
+    {
+	desc = IceInternal::addrToString(remoteAddr);
+    }
+
+    BIO* bio = BIO_new_socket(fd, BIO_CLOSE);
+    if(!bio)
+    {
+	IceInternal::closeSocketNoThrow(fd);
+	SecurityException ex(__FILE__, __LINE__);
+	ex.reason = "openssl failure";
+	throw ex;
+    }
+
+    SSL* ssl = SSL_new(ctx->ctx());
+    if(!ssl)
+    {
+	BIO_free(bio); // Also closes the socket.
+	SecurityException ex(__FILE__, __LINE__);
+	ex.reason = "openssl failure";
+	throw ex;
+    }
+    SSL_set_bio(ssl, bio, bio);
+
+    if(_instance->networkTraceLevel() >= 2)
+    {
+	Trace out(_logger, _instance->networkTraceCategory());
+	out << "trying to validate incoming ssl connection\n" << IceInternal::fdToString(fd);
+    }
+
+    // TODO: The timeout is 0 when called by the thread pool.
+    // Make this configurable?
+    if(timeout == 0)
+    {
+	timeout = -1;
+    }
+
+    try
+    {
+	do
+	{
+	    int ret = SSL_accept(ssl);
+	    switch(SSL_get_error(ssl, ret))
+	    {
+	    case SSL_ERROR_NONE:
+		assert(SSL_is_init_finished(ssl));
+		break;
+	    case SSL_ERROR_ZERO_RETURN:
+	    {
+		ConnectionLostException ex(__FILE__, __LINE__);
+		ex.error = IceInternal::getSocketErrno();
+		throw ex;
+	    }
+	    case SSL_ERROR_WANT_READ:
+	    {
+		if(!selectRead(fd, timeout))
+		{
+		    throw ConnectTimeoutException(__FILE__, __LINE__);
+		}
+		break;
+	    }
+	    case SSL_ERROR_WANT_WRITE:
+	    {
+		if(!selectWrite(fd, timeout))
+		{
+		    throw ConnectTimeoutException(__FILE__, __LINE__);
+		}
+		break;
+	    }
+	    case SSL_ERROR_SYSCALL:
+	    {
+		if(ret == -1)
+		{
+		    if(IceInternal::interrupted())
+		    {
+			break;
+		    }
+
+		    if(IceInternal::wouldBlock())
+		    {
+			if(SSL_want_read(ssl))
+			{
+			    if(!selectRead(fd, timeout))
+			    {
+				throw ConnectTimeoutException(__FILE__, __LINE__);
+			    }
+			}
+			else if(SSL_want_write(ssl))
+			{
+			    if(!selectWrite(fd, timeout))
+			    {
+				throw ConnectTimeoutException(__FILE__, __LINE__);
+			    }
+			}
+
+			break;
+		    }
+
+		    if(IceInternal::connectionLost())
+		    {
+			ConnectionLostException ex(__FILE__, __LINE__);
+			ex.error = IceInternal::getSocketErrno();
+			throw ex;
+		    }
+		}
+
+		if(ret == 0)
+		{
+		    ConnectionLostException ex(__FILE__, __LINE__);
+		    ex.error = 0;
+		    throw ex;
+		}
+
+		SocketException ex(__FILE__, __LINE__);
+		ex.error = IceInternal::getSocketErrno();
+		throw ex;
+	    }
+	    case SSL_ERROR_SSL:
+	    {
+		ProtocolException ex(__FILE__, __LINE__);
+		ex.reason = "SSL error occurred for new incoming connection:\nremote address = " + desc + "\n" +
+		    _instance->sslErrors();
+		throw ex;
+	    }
+	    }
+	}
+	while(!SSL_is_init_finished(ssl));
+
+	_instance->serverContext()->validatePeer(ssl, "", true);
+    }
+    catch(...)
+    {
+	SSL_free(ssl);
+	throw;
+    }
+
+    if(_instance->networkTraceLevel() >= 1)
+    {
+	Trace out(_logger, _instance->networkTraceCategory());
+	out << "accepted ssl connection\n" << IceInternal::fdToString(fd);
+    }
+
+    if(_instance->securityTraceLevel() >= 1)
+    {
+	_instance->serverContext()->traceConnection(ssl, true);
+    }
+
+    return new TransceiverI(_instance, ssl, fd);
+}
+
+void
+IceSSL::AcceptorI::connectToSelf()
+{
+    SOCKET fd = IceInternal::createSocket(false);
+    IceInternal::setBlock(fd, false);
+    IceInternal::doConnect(fd, _addr, -1);
+    IceInternal::closeSocket(fd);
+}
+
+string
+IceSSL::AcceptorI::toString() const
+{
+    return IceInternal::addrToString(_addr);
+}
+
+bool
+IceSSL::AcceptorI::equivalent(const string& host, int port) const
+{
+    struct sockaddr_in addr;
+    IceInternal::getAddress(host, port, addr);
+    return IceInternal::compareAddress(addr, _addr);
+}
+
+int
+IceSSL::AcceptorI::effectivePort()
+{
+    return ntohs(_addr.sin_port);
+}
+
+IceSSL::AcceptorI::AcceptorI(const InstancePtr& instance, const string& host, int port) :
+    _instance(instance),
+    _logger(instance->communicator()->getLogger()),
+    _backlog(0)
+{
+    if(_backlog <= 0)
+    {
+        _backlog = 5;
+    }
+
+    try
+    {
+	_fd = IceInternal::createSocket(false);
+	IceInternal::setBlock(_fd, false);
+	IceInternal::getAddress(host, port, _addr);
+	if(_instance->networkTraceLevel() >= 2)
+	{
+	    Trace out(_logger, _instance->networkTraceCategory());
+	    out << "attempting to bind to ssl socket " << toString();
+	}
+	IceInternal::doBind(_fd, _addr);
+    }
+    catch(...)
+    {
+	_fd = INVALID_SOCKET;
+	throw;
+    }
+}
+
+IceSSL::AcceptorI::~AcceptorI()
+{
+    assert(_fd == INVALID_SOCKET);
+}
diff --git a/cpp/src/IceSSL/SslAcceptor.h b/cpp/src/IceSSL/AcceptorI.h
index cf4b99de30e..980a3a0b536 100644
--- a/cpp/src/IceSSL/SslAcceptor.h
+++ b/cpp/src/IceSSL/AcceptorI.h
@@ -7,14 +7,13 @@
 //
 // **********************************************************************
 
-#ifndef ICE_SSL_ACCEPTOR_H
-#define ICE_SSL_ACCEPTOR_H
+#ifndef ICE_SSL_ACCEPTOR_I_H
+#define ICE_SSL_ACCEPTOR_I_H
 
-#include <Ice/TransceiverF.h>
 #include <Ice/LoggerF.h>
-#include <IceSSL/TraceLevelsF.h>
-#include <IceSSL/OpenSSLPluginIF.h>
+#include <Ice/TransceiverF.h>
 #include <Ice/Acceptor.h>
+#include <InstanceF.h>
 
 #ifndef _WIN32
 #   include <netinet/in.h> // For struct sockaddr_in
@@ -23,9 +22,9 @@
 namespace IceSSL
 {
 
-class SslEndpoint;
+class EndpointI;
 
-class SslAcceptor : public IceInternal::Acceptor
+class AcceptorI : public IceInternal::Acceptor
 {
 public:
 
@@ -41,13 +40,12 @@ public:
 
 private:
 
-    SslAcceptor(const OpenSSLPluginIPtr&, const std::string&, int);
-    virtual ~SslAcceptor();
-    friend class SslEndpointI;
+    AcceptorI(const InstancePtr&, const std::string&, int);
+    virtual ~AcceptorI();
+    friend class EndpointI;
 
-    const OpenSSLPluginIPtr _plugin;
-    const TraceLevelsPtr _traceLevels;
-    const ::Ice::LoggerPtr _logger;
+    InstancePtr _instance;
+    Ice::LoggerPtr _logger;
     SOCKET _fd;
     int _backlog;
     struct sockaddr_in _addr;
diff --git a/cpp/src/IceSSL/BaseCerts.cpp b/cpp/src/IceSSL/BaseCerts.cpp
deleted file mode 100644
index 9e71a8e4ddc..00000000000
--- a/cpp/src/IceSSL/BaseCerts.cpp
+++ /dev/null
@@ -1,50 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/BaseCerts.h>
-
-using namespace IceSSL;
-
-IceSSL::BaseCertificates::BaseCertificates()
-{
-}
-
-IceSSL::BaseCertificates::BaseCertificates(CertificateDesc& rsaCert,
-                                           CertificateDesc& dsaCert,
-                                           DiffieHellmanParamsFile& dhParams) :
-                         _rsaCert(rsaCert),
-                         _dsaCert(dsaCert),
-                         _dhParams(dhParams)
-{
-}
-
-IceSSL::BaseCertificates::BaseCertificates(BaseCertificates& baseCerts) :
-                         _rsaCert(baseCerts._rsaCert),
-                         _dsaCert(baseCerts._dsaCert),
-                         _dhParams(baseCerts._dhParams)
-{
-}
-
-const IceSSL::CertificateDesc&
-IceSSL::BaseCertificates::getRSACert() const
-{
-    return _rsaCert;
-}
-
-const IceSSL::CertificateDesc&
-IceSSL::BaseCertificates::getDSACert() const
-{
-    return _dsaCert;
-}
-
-const IceSSL::DiffieHellmanParamsFile&
-IceSSL::BaseCertificates::getDHParams() const
-{
-    return _dhParams;
-}
diff --git a/cpp/src/IceSSL/BaseCerts.h b/cpp/src/IceSSL/BaseCerts.h
deleted file mode 100644
index 03e658bb554..00000000000
--- a/cpp/src/IceSSL/BaseCerts.h
+++ /dev/null
@@ -1,67 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_BASE_CERTS_H
-#define ICE_SSL_BASE_CERTS_H
-
-#include <IceSSL/CertificateDesc.h>
-
-namespace IceSSL
-{
-
-class BaseCertificates
-{
-public:
-
-    BaseCertificates();
-    BaseCertificates(CertificateDesc&, CertificateDesc&, DiffieHellmanParamsFile&);
-    BaseCertificates(BaseCertificates&);
-
-    const CertificateDesc& getRSACert() const;
-    const CertificateDesc& getDSACert() const;
-
-    const DiffieHellmanParamsFile& getDHParams() const;
-
-protected:
-
-    CertificateDesc _rsaCert;
-    CertificateDesc _dsaCert;
-    DiffieHellmanParamsFile _dhParams;
-};
-
-template<class Stream>
-inline Stream& operator << (Stream& target, const BaseCertificates& baseCerts)
-{
-    if(baseCerts.getRSACert().getKeySize() != 0)
-    {
-        target << "RSA\n{\n";
-	IceSSL::operator<<(target, baseCerts.getRSACert());
-        target << "}\n\n";
-    }
-
-    if(baseCerts.getDSACert().getKeySize() != 0)
-    {
-        target << "DSA\n{\n";
-	IceSSL::operator<<(target, baseCerts.getDSACert());
-        target << "}\n\n";
-    }
-
-    if(baseCerts.getDHParams().getKeySize() != 0)
-    {
-        target << "DH\n{\n";
-	IceSSL::operator<<(target, baseCerts.getDHParams());
-        target << "}\n\n";
-    }
-
-    return target;
-}
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/CertificateAuthority.cpp b/cpp/src/IceSSL/CertificateAuthority.cpp
deleted file mode 100644
index 4065f4530cd..00000000000
--- a/cpp/src/IceSSL/CertificateAuthority.cpp
+++ /dev/null
@@ -1,52 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/CertificateAuthority.h>
-
-using namespace std;
-
-IceSSL::CertificateAuthority::CertificateAuthority()
-{
-}
-
-IceSSL::CertificateAuthority::CertificateAuthority(string& fileName, string& path) :
-    _fileName(fileName),
-    _path(path)
-{
-}
-
-IceSSL::CertificateAuthority::CertificateAuthority(CertificateAuthority& certAuthority) :
-    _fileName(certAuthority._fileName),
-    _path(certAuthority._path)
-{
-}
-
-void
-IceSSL::CertificateAuthority::setCAFileName(string& fileName)
-{
-    _fileName = fileName;
-}
-
-void
-IceSSL::CertificateAuthority::setCAPath(string& caPath)
-{
-    _path = caPath;
-}
-
-const std::string&
-IceSSL::CertificateAuthority::getCAFileName() const
-{
-    return _fileName;
-}
-
-const std::string&
-IceSSL::CertificateAuthority::getCAPath() const
-{
-    return _path;
-}
diff --git a/cpp/src/IceSSL/CertificateAuthority.h b/cpp/src/IceSSL/CertificateAuthority.h
deleted file mode 100644
index 54b4e116423..00000000000
--- a/cpp/src/IceSSL/CertificateAuthority.h
+++ /dev/null
@@ -1,40 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CERTIFICATE_AUTHORITY_H
-#define ICE_SSL_CERTIFICATE_AUTHORITY_H
-
-#include <IceUtil/Config.h>
-
-namespace IceSSL
-{
-
-class CertificateAuthority
-{
-public:
-
-    CertificateAuthority();
-    CertificateAuthority(std::string&, std::string&);
-    CertificateAuthority(CertificateAuthority&);
-
-    void setCAFileName(std::string&);
-    void setCAPath(std::string&);
-
-    const std::string& getCAFileName() const;
-    const std::string& getCAPath() const;
-
-private:
-
-    std::string _fileName;
-    std::string _path;
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/CertificateDesc.cpp b/cpp/src/IceSSL/CertificateDesc.cpp
deleted file mode 100644
index c3c1e2bc3d2..00000000000
--- a/cpp/src/IceSSL/CertificateDesc.cpp
+++ /dev/null
@@ -1,122 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/CertificateDesc.h>
-
-using namespace std;
-using namespace IceSSL;
-
-/////////////////////////
-//// CertificateFile ////
-/////////////////////////
-
-IceSSL::CertificateFile::CertificateFile() :
-                        _fileName(""),
-                        _encoding(SSL_FILETYPE_PEM)
-{
-}
-
-IceSSL::CertificateFile::CertificateFile(const string& filename, const int encoding) :
-                        _fileName(filename),
-                        _encoding(encoding)
-{
-}
-
-IceSSL::CertificateFile::CertificateFile(const CertificateFile& certFile) :
-                        _fileName(certFile._fileName),
-                        _encoding(certFile._encoding)
-{
-}
-
-std::string
-IceSSL::CertificateFile::getFileName() const
-{
-    return _fileName;
-}
-
-int
-IceSSL::CertificateFile::getEncoding() const
-{
-    return _encoding;
-}
-
-/////////////////////////////////
-//// DiffieHellmanParamsFile ////
-/////////////////////////////////
-
-IceSSL::DiffieHellmanParamsFile::DiffieHellmanParamsFile() :
-                                CertificateFile(),
-                                _keySize(0)
-{
-}
-
-IceSSL::DiffieHellmanParamsFile::DiffieHellmanParamsFile(const int keySize,
-                                                         const string& filename,
-                                                         const int encoding) :
-                                CertificateFile(filename, encoding),
-                                _keySize(keySize)
-{
-}
-
-IceSSL::DiffieHellmanParamsFile::DiffieHellmanParamsFile(const DiffieHellmanParamsFile& dhParams) :
-                                CertificateFile(dhParams._fileName, dhParams._encoding),
-                                _keySize(dhParams._keySize)
-{
-}
-
-int
-IceSSL::DiffieHellmanParamsFile::getKeySize() const
-{
-    return _keySize;
-}
-
-/////////////////////////
-//// CertificateDesc ////
-/////////////////////////
-
-IceSSL::CertificateDesc::CertificateDesc() :
-                        _keySize(0),
-                        _public(),
-                        _private()
-{
-}
-
-IceSSL::CertificateDesc::CertificateDesc(const int keySize,
-                                         const CertificateFile& publicFile,
-                                         const CertificateFile& privateFile) :
-                        _keySize(keySize),
-                        _public(publicFile),
-                        _private(privateFile)
-{
-}
-
-IceSSL::CertificateDesc::CertificateDesc(const CertificateDesc& certDesc) :
-                        _keySize(certDesc._keySize),
-                        _public(certDesc._public),
-                        _private(certDesc._private)
-{
-}
-
-int
-IceSSL::CertificateDesc::getKeySize() const
-{
-    return _keySize;
-}
-
-const CertificateFile&
-IceSSL::CertificateDesc::getPublic() const
-{
-    return _public;
-}
-
-const CertificateFile&
-IceSSL::CertificateDesc::getPrivate() const
-{
-    return _private;
-}
diff --git a/cpp/src/IceSSL/CertificateDesc.h b/cpp/src/IceSSL/CertificateDesc.h
deleted file mode 100644
index 9bd6166b3f3..00000000000
--- a/cpp/src/IceSSL/CertificateDesc.h
+++ /dev/null
@@ -1,124 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CERTIFICATE_DESC_H
-#define ICE_SSL_CERTIFICATE_DESC_H
-
-#include <IceUtil/Config.h>
-#include <openssl/ssl.h>
-#include <vector>
-
-namespace IceSSL
-{
-
-class CertificateFile
-{
-public:
-
-    CertificateFile();
-    CertificateFile(const std::string&, const int);
-    CertificateFile(const CertificateFile&);
-
-    std::string getFileName() const;
-    int getEncoding() const;
-
-protected:
-
-    std::string _fileName;
-    int _encoding;
-};
-
-class DiffieHellmanParamsFile : public CertificateFile
-{
-public:
-
-    DiffieHellmanParamsFile();
-    DiffieHellmanParamsFile(const int, const std::string&, const int);
-    DiffieHellmanParamsFile(const DiffieHellmanParamsFile&);
-
-    int getKeySize() const;
-
-protected:
-
-    int _keySize;
-};
-
-class CertificateDesc
-{
-public:
-
-    CertificateDesc();
-    CertificateDesc(const int, const CertificateFile&, const CertificateFile&);
-    CertificateDesc(const CertificateDesc&);
-
-    int getKeySize() const;
-
-    const CertificateFile& getPublic() const;
-    const CertificateFile& getPrivate() const;
-
-protected:
-
-    int _keySize;
-    CertificateFile _public;
-    CertificateFile _private;
-};
-
-typedef std::vector<CertificateDesc> RSAVector;
-typedef std::vector<CertificateDesc> DSAVector;
-typedef std::vector<DiffieHellmanParamsFile> DHVector;
-
-template<class Stream>
-inline Stream& operator << (Stream& target, const CertificateFile& certFile)
-{
-    if(certFile.getEncoding() == SSL_FILETYPE_PEM)
-    {
-        target << "[PEM]: " << certFile.getFileName();
-    }
-    else if(certFile.getEncoding() == SSL_FILETYPE_ASN1)
-    {
-        target << "[ASN1]: " << certFile.getFileName();
-    }
-
-    return target;
-}
-
-template<class Stream>
-inline Stream& operator << (Stream& target, const DiffieHellmanParamsFile& dhParams)
-{
-    if(dhParams.getKeySize() != 0)
-    {
-        target << "Keysize: " << dhParams.getKeySize() << "\n";
-        target << "File:    ";
-        IceSSL::operator<<(target, ((CertificateFile&)dhParams));
-        target << "\n";
-    }
-
-    return target;
-}
-
-template<class Stream>
-inline Stream& operator << (Stream& target, const CertificateDesc& certDesc)
-{
-    if(certDesc.getKeySize() != 0)
-    {
-        target << "Keysize: " << certDesc.getKeySize() << "\n";
-        target << "Public:  ";
-        IceSSL::operator<<(target,  certDesc.getPublic());
-        target << "\n";
-        target << "Private: ";
-        IceSSL::operator<<(target, certDesc.getPrivate());
-        target << "\n";
-    }
-
-    return target;
-}
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/CertificateVerifierOpenSSL.cpp b/cpp/src/IceSSL/CertificateVerifierOpenSSL.cpp
deleted file mode 100644
index ba0eae3fa38..00000000000
--- a/cpp/src/IceSSL/CertificateVerifierOpenSSL.cpp
+++ /dev/null
@@ -1,33 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/CertificateVerifierOpenSSL.h>
-
-IceSSL::CertificateVerifierOpenSSL::~CertificateVerifierOpenSSL()
-{
-}
-
-void
-IceSSL::CertificateVerifierOpenSSL::setContext(::IceSSL::ContextType contextType)
-{
-    _contextType = contextType;
-}
-
-void
-IceInternal::incRef(::IceSSL::CertificateVerifierOpenSSL* p)
-{
-    p->__incRef();
-}
-
-void
-IceInternal::decRef(::IceSSL::CertificateVerifierOpenSSL* p)
-{
-    p->__decRef();
-}
-
diff --git a/cpp/src/IceSSL/ClientContext.cpp b/cpp/src/IceSSL/ClientContext.cpp
deleted file mode 100644
index e9a83188c98..00000000000
--- a/cpp/src/IceSSL/ClientContext.cpp
+++ /dev/null
@@ -1,75 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Communicator.h>
-#include <Ice/LoggerUtil.h>
-
-#include <IceSSL/Exception.h>
-#include <IceSSL/ClientContext.h>
-#include <IceSSL/SslTransceiver.h>
-#include <IceSSL/TraceLevels.h>
-
-using namespace std;
-using namespace Ice;
-
-void
-IceSSL::ClientContext::configure(const GeneralConfig& generalConfig,
-                                 const CertificateAuthority& certificateAuthority,
-                                 const BaseCertificates& baseCertificates)
-{
-    Context::configure(generalConfig, certificateAuthority, baseCertificates);
-
-    loadCertificateAuthority(certificateAuthority);
-
-    if(_traceLevels->security >= SECURITY_PROTOCOL)
-    {
-        Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-
-        out << "\n";
-        out << "general configuration (client)\n";
-        out << "------------------------------\n";
-        IceSSL::operator<<(out,  generalConfig);
-        out << "\n\n";
-
-        out << "certificate authority (client)\n";
-        out << "------------------------------\n";
-        out << "file: " << certificateAuthority.getCAFileName() << "\n";
-        out << "path: " << certificateAuthority.getCAPath() << "\n";
-
-        out << "base certificates (client)\n";
-        out << "--------------------------\n";
-        IceSSL::operator<<(out, baseCertificates);
-        out << "\n";
-    }
-}
-
-IceSSL::SslTransceiverPtr
-IceSSL::ClientContext::createTransceiver(int socket, const OpenSSLPluginIPtr& plugin, int timeout)
-{
-    if(_sslContext == 0)
-    {
-        ContextNotConfiguredException contextEx(__FILE__, __LINE__);
-
-        throw contextEx;
-    }
-
-    SSL* ssl = createSSLConnection(socket);
-    return new SslTransceiver(IceSSL::Client, plugin, socket, _certificateVerifier, ssl, timeout);
-}
-
-IceSSL::ClientContext::ClientContext(const TraceLevelsPtr& traceLevels, const CommunicatorPtr& communicator) :
-    Context(traceLevels, communicator, Client)
-{
-    _rsaPrivateKeyProperty = "IceSSL.Client.Overrides.RSA.PrivateKey";
-    _rsaPublicKeyProperty  = "IceSSL.Client.Overrides.RSA.Certificate";
-    _dsaPrivateKeyProperty = "IceSSL.Client.Overrides.DSA.PrivateKey";
-    _dsaPublicKeyProperty  = "IceSSL.Client.Overrides.DSA.Certificate";
-    _caCertificateProperty = "IceSSL.Client.Overrides.CACertificate";
-    _passphraseRetriesProperty = "IceSSL.Client.Passphrase.Retries";
-}
diff --git a/cpp/src/IceSSL/ClientContext.h b/cpp/src/IceSSL/ClientContext.h
deleted file mode 100644
index a24c79ab47d..00000000000
--- a/cpp/src/IceSSL/ClientContext.h
+++ /dev/null
@@ -1,38 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICESSL_CLIENT_CONTEXT_H
-#define ICESSL_CLIENT_CONTEXT_H
-
-#include <IceSSL/OpenSSLPluginIF.h>
-#include <IceSSL/Context.h>
-
-namespace IceSSL
-{
-
-class ClientContext : public Context
-{
-public:
-
-    virtual void configure(const GeneralConfig&,
-                           const CertificateAuthority&,
-                           const BaseCertificates&);
-
-    SslTransceiverPtr createTransceiver(int, const OpenSSLPluginIPtr&, int);
-
-protected:
-
-    ClientContext(const TraceLevelsPtr&, const Ice::CommunicatorPtr&);
-
-    friend class OpenSSLPluginI;
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/ConfigParser.cpp b/cpp/src/IceSSL/ConfigParser.cpp
deleted file mode 100644
index 443bb22d9a9..00000000000
--- a/cpp/src/IceSSL/ConfigParser.cpp
+++ /dev/null
@@ -1,478 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/ConfigParser.h>
-#include <IceSSL/OpenSSL.h>
-#include <IceSSL/Exception.h>
-
-#include <algorithm>
-
-using namespace std;
-using namespace IceSSL;
-
-#ifdef WINDOWS
-    #define CURRENTDIR ".\\"
-#else
-    #define CURRENTDIR "./"
-#endif
-
-//
-// Public Methods
-//
-
-IceSSL::ConfigParser::ConfigParser(const string& configFile, const TraceLevelsPtr& traceLevels,
-                                   const Ice::LoggerPtr& logger) :
-    _root(0),
-    _configFile(configFile),
-    _configPath(CURRENTDIR),
-    _traceLevels(traceLevels),
-    _logger(logger)
-{
-    assert(!configFile.empty());
-}
-
-IceSSL::ConfigParser::ConfigParser(const string& configFile, const string& configPath,
-                                   const TraceLevelsPtr& traceLevels, const Ice::LoggerPtr& logger) :
-    _root(0),
-    _configFile(configFile),
-    _configPath(configPath),
-    _traceLevels(traceLevels),
-    _logger(logger)
-{
-    assert(!configFile.empty());
-    assert(!configPath.empty());
-}
-
-IceSSL::ConfigParser::~ConfigParser()
-{
-}
-
-void
-IceSSL::ConfigParser::process()
-{
-    try
-    {
-        string configFile;
-        if(!isAbsolutePath(_configFile))
-        {
-	    // TODO: ML: _configPath.back();
-            //       ASN: There is no back() method in basic_string.
-#ifdef WINDOWS
-            if(*(_configPath.rbegin()) != '\\')
-            {
-                _configPath += "\\";
-            }
-#else
-            if(*(_configPath.rbegin()) != '/')
-            {
-                _configPath += "/";
-            }
-#endif
-
-            configFile = _configPath + _configFile;
-        }
-        else
-        {
-            configFile = _configFile;
-        }
-
-        _root = IceXML::Parser::parse(configFile);
-    }
-    catch(const IceXML::ParserException& e)
-    {
-        ConfigParseException configEx(__FILE__, __LINE__);
-
-        ostringstream s;
-        s << "error while parsing " << _configFile << ":\n";
-        e.ice_print(s);
-
-        configEx.message = s.str();
-
-        throw configEx;
-    }
-    catch(...)
-    {
-        ConfigParseException configEx(__FILE__, __LINE__);
-
-	// occured during parsing". The latter is redundant, given
-	// that it already says "while parsing".
-        configEx.message = "while parsing " + _configFile + ":\n" + "unknown exception occured during parsing";
-
-        throw configEx;
-    }
-}
-
-bool
-IceSSL::ConfigParser::loadClientConfig(GeneralConfig& general,
-                                       CertificateAuthority& certAuth,
-                                       BaseCertificates& baseCerts)
-{
-    string clientSectionString("SSLConfig:client");
-    IceXML::NodePtr clientSection = find(clientSectionString);
-
-    // If we actually have a client section.
-    if(clientSection)
-    {
-        getGeneral(clientSection, general);
-        getCertAuth(clientSection, certAuth);
-        getBaseCerts(clientSection, baseCerts);
-        return true;
-    }
-
-    return false;
-}
-
-bool
-IceSSL::ConfigParser::loadServerConfig(GeneralConfig& general,
-                                       CertificateAuthority& certAuth,
-                                       BaseCertificates& baseCerts,
-                                       TempCertificates& tempCerts)
-{
-    string serverSectionString("SSLConfig:server");
-    IceXML::NodePtr serverSection = find(serverSectionString);
-
-    // If we actually have a client section.
-    if(serverSection)
-    {
-        getGeneral(serverSection, general);
-        getCertAuth(serverSection, certAuth);
-        getBaseCerts(serverSection, baseCerts);
-        getTempCerts(serverSection, tempCerts);
-        return true;
-    }
-
-    return false;
-}
-
-//
-// Private Methods
-//
-
-// Path is of the form "sslconfig:client:general"
-void
-IceSSL::ConfigParser::popRoot(string& path, string& root, string& tail)
-{
-    string::size_type pos = path.find_first_of(':');
-
-    if(pos != string::npos)
-    {
-        root = path.substr(0,pos);
-        tail = path.substr(pos+1);
-    }
-    else
-    {
-        root = path;
-        tail = "";
-    }
-}
-
-IceXML::NodePtr
-IceSSL::ConfigParser::find(string& nodePath)
-{
-    return find(_root, nodePath);
-}
-
-IceXML::NodePtr
-IceSSL::ConfigParser::find(const IceXML::NodePtr& rootNode, string& nodePath)
-{
-    // The target node that we're looking for.
-    IceXML::NodePtr tNode;
-
-    if(!rootNode)
-    {
-        return tNode;
-    }
-
-    string rootNodeName;
-    string tailNodes;
-
-    // Pop the root off the path.
-    popRoot(nodePath, rootNodeName, tailNodes);
-
-    IceXML::NodeList children = rootNode->getChildren();
-    for(IceXML::NodeList::iterator p = children.begin(); p != children.end(); ++p)
-    {
-        // Ignore any other node types - we're only interested in elements.
-        IceXML::ElementPtr elem = IceXML::ElementPtr::dynamicCast(*p);
-        if(elem)
-        {
-            string nodeName = elem->getName();
-
-            if(nodeName.compare(rootNodeName) == 0)
-            {
-                // No further to recurse, this must be it.
-                if(tailNodes.empty())
-                {
-                    tNode = elem;
-                }
-                else
-                {
-                    // Recursive call.
-                    tNode = find(elem, tailNodes);
-                }
-            }
-        }
-    }
-
-    return tNode;
-}
-
-void
-IceSSL::ConfigParser::getGeneral(const IceXML::NodePtr& rootNode, GeneralConfig& generalConfig)
-{
-    if(!rootNode)
-    {
-        return;
-    }
-
-    string generalString("general");
-    IceXML::NodePtr general = find(rootNode, generalString);
-
-    IceXML::Attributes attributes = general->getAttributes();
-    for(IceXML::Attributes::iterator p = attributes.begin(); p != attributes.end(); ++p)
-    {
-        // Set the property.
-        generalConfig.set(p->first, p->second);
-    }
-}
-
-void
-IceSSL::ConfigParser::getCertAuth(const IceXML::NodePtr& rootNode, CertificateAuthority& certAuth)
-{
-    if(!rootNode)
-    {
-        return;
-    }
-
-    string nodeName = "certauthority";
-    IceXML::NodePtr certAuthNode = find(rootNode, nodeName);
-
-    if(!certAuthNode)
-    {
-        return;
-    }
-
-    string file = certAuthNode->getAttribute("file");
-    if(!file.empty())
-    {
-        // Just a filename, no path component, prepend path.
-        if(!isAbsolutePath(file))
-        {
-            file = _configPath + file;
-        }
-
-        certAuth.setCAFileName(file);
-    }
-
-    string path = certAuthNode->getAttribute("path");
-    if(!path.empty())
-    {
-        certAuth.setCAPath(path);
-    }
-}
-
-void
-IceSSL::ConfigParser::getBaseCerts(const IceXML::NodePtr& rootNode, BaseCertificates& baseCerts)
-{
-    if(!rootNode)
-    {
-        return;
-    }
-
-    string nodeName = "basecerts";
-    IceXML::NodePtr baseCertsRoot = find(rootNode, nodeName);
-
-    if(!baseCertsRoot)
-    {
-        return;
-    }
-
-    CertificateDesc rsaCert;
-    CertificateDesc dsaCert;
-    DiffieHellmanParamsFile dhParams;
-
-    string rsaCertString("rsacert");
-    string dsaCertString("dsacert");
-    string dhParamsString("dhparams");
-
-    getCert(find(baseCertsRoot, rsaCertString), rsaCert);
-    getCert(find(baseCertsRoot, dsaCertString), dsaCert);
-
-    getDHParams(find(baseCertsRoot, dhParamsString), dhParams);
-
-    const BaseCertificates result(rsaCert, dsaCert, dhParams);
-    baseCerts = result;
-}
-
-void
-IceSSL::ConfigParser::getTempCerts(const IceXML::NodePtr& rootNode, TempCertificates& tempCerts)
-{
-    if(!rootNode)
-    {
-        return;
-    }
-
-    string nodeName = "tempcerts";
-    IceXML::NodePtr tempCertsRoot = find(rootNode, nodeName);
-
-    if(!tempCertsRoot)
-    {
-        return;
-    }
-
-    IceXML::NodeList children = tempCertsRoot->getChildren();
-    for(IceXML::NodeList::iterator p = children.begin(); p != children.end(); ++p)
-    {
-        string name = (*p)->getName();
-
-        if(name.compare("dhparams") == 0)
-        {
-            loadDHParams(*p, tempCerts);
-        }
-        else if(name.compare("rsacert") == 0)
-        {
-            loadRSACert(*p, tempCerts);
-        }
-    }
-}
-
-void
-IceSSL::ConfigParser::loadDHParams(const IceXML::NodePtr& rootNode, TempCertificates& tempCerts)
-{
-    DiffieHellmanParamsFile dhParams;
-
-    getDHParams(rootNode, dhParams);
-
-    tempCerts.addDHParams(dhParams);
-}
-
-void
-IceSSL::ConfigParser::loadRSACert(const IceXML::NodePtr& rootNode, TempCertificates& tempCerts)
-{
-    CertificateDesc rsaCert;
-
-    getCert(rootNode, rsaCert);
-
-    tempCerts.addRSACert(rsaCert);
-}
-
-void
-IceSSL::ConfigParser::getCert(const IceXML::NodePtr& rootNode, CertificateDesc& certDesc)
-{
-    if(!rootNode)
-    {
-        return;
-    }
-
-    CertificateFile publicFile;
-    CertificateFile privateFile;
-    int keySize = 0;
-
-    string keySizeValue = rootNode->getAttribute("keysize");
-    if(!keySizeValue.empty())
-    {
-        keySize = atoi(keySizeValue.c_str());
-    }
-
-    string publicString("public");
-    string privateString("private");
-
-    loadCertificateFile(find(rootNode, publicString),  publicFile);
-    loadCertificateFile(find(rootNode, privateString), privateFile);
-
-    // Initialize the certificate description.
-    certDesc = CertificateDesc(keySize, publicFile, privateFile);
-}
-
-void
-IceSSL::ConfigParser::getDHParams(const IceXML::NodePtr& rootNode, DiffieHellmanParamsFile& dhParams)
-{
-    if(!rootNode)
-    {
-        return;
-    }
-
-    CertificateFile certFile;
-    loadCertificateFile(rootNode, certFile);
-
-    int keySize = 0;
-
-    string keySizeValue = rootNode->getAttribute("keysize");
-    if(!keySizeValue.empty())
-    {
-        keySize = atoi(keySizeValue.c_str());
-    }
-
-    dhParams = DiffieHellmanParamsFile(keySize, certFile.getFileName(), certFile.getEncoding());
-}
-
-void
-IceSSL::ConfigParser::loadCertificateFile(const IceXML::NodePtr& rootNode, CertificateFile& certFile)
-{
-    if(!rootNode)
-    {
-        return;
-    }
-
-    string filename;
-    int encoding = SSL_FILETYPE_PEM; // PEM is the default type.
-
-    filename = rootNode->getAttribute("filename");
-    if(!filename.empty())
-    {
-        // Just a filename, no path component, prepend path.
-        if(!isAbsolutePath(filename))
-        {
-            filename = _configPath + filename;
-        }
-    }
-
-    string encodingValue = rootNode->getAttribute("encoding");
-    if(!encodingValue.empty())
-    {
-        encoding = parseEncoding(encodingValue);
-    }
-
-    certFile = CertificateFile(filename, encoding);
-}
-
-bool
-IceSSL::ConfigParser::isAbsolutePath(string& pathString)
-{
-#ifdef WINDOWS
-    // Is true if the pathString begins with a \ or if its second and third characters are ":\"
-
-    string rootDir = ":\\";
-    string pathStringInternal = pathString.substr(1);
-    return ((!pathStringInternal.substr(0,rootDir.length()).compare(rootDir)) ||
-        (*pathStringInternal.begin()) == '\\');
-#else
-    // Is true if the pathString begins with a /
-
-    string rootDir = "/";
-    return !pathString.substr(0,rootDir.length()).compare(rootDir);
-#endif
-}
-
-int
-IceSSL::ConfigParser::parseEncoding(string& encodingString)
-{
-    int encoding = SSL_FILETYPE_PEM;
-
-    if(encodingString == "PEM")
-    {
-        encoding = SSL_FILETYPE_PEM;
-    }
-    else if(encodingString == "ASN1")
-    {
-        encoding = SSL_FILETYPE_ASN1;
-    }
-
-    return encoding;
-}
diff --git a/cpp/src/IceSSL/ConfigParser.h b/cpp/src/IceSSL/ConfigParser.h
deleted file mode 100644
index 4453c0bd81b..00000000000
--- a/cpp/src/IceSSL/ConfigParser.h
+++ /dev/null
@@ -1,83 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONFIG_PARSER_H
-#define ICE_SSL_CONFIG_PARSER_H
-
-#include <Ice/LoggerF.h>
-#include <IceSSL/CertificateDesc.h>
-#include <IceSSL/GeneralConfig.h>
-#include <IceSSL/CertificateAuthority.h>
-#include <IceSSL/BaseCerts.h>
-#include <IceSSL/TempCerts.h>
-#include <IceSSL/TraceLevelsF.h>
-#include <IceXML/Parser.h>
-
-namespace IceSSL
-{
-
-class ConfigParser
-{
-public:
-
-    // Construction based on the indicated config file, or config file and
-    // certificate path.
-    ConfigParser(const std::string&, const TraceLevelsPtr&, const Ice::LoggerPtr&);
-    ConfigParser(const std::string&, const std::string&, const TraceLevelsPtr&, const Ice::LoggerPtr&);
-    ~ConfigParser();
-
-    // Performs a complete parsing of the file.
-    void process();
-
-    // Loads the Client/Server portions of the config file.
-    bool loadClientConfig(GeneralConfig&, CertificateAuthority&, BaseCertificates&);
-    bool loadServerConfig(GeneralConfig&, CertificateAuthority&, BaseCertificates&, TempCertificates&);
-
-private:
-
-    IceXML::NodePtr _root;
-    std::string _configFile;
-    std::string _configPath;
-
-    TraceLevelsPtr _traceLevels;
-    Ice::LoggerPtr _logger;
-
-    // Parse tree walking utility methods.
-    void popRoot(std::string&, std::string&, std::string&);
-    IceXML::NodePtr find(std::string&);
-    IceXML::NodePtr find(const IceXML::NodePtr&, std::string&);
-
-    // Loading of the base elements of the file.
-    void getGeneral(const IceXML::NodePtr&, GeneralConfig&);
-    void getCertAuth(const IceXML::NodePtr&, CertificateAuthority&);
-    void getBaseCerts(const IceXML::NodePtr&, BaseCertificates&);
-    void getTempCerts(const IceXML::NodePtr&, TempCertificates&);
-
-    // Loading of temporary certificates/params (Ephemeral Keys).
-    void loadDHParams(const IceXML::NodePtr&, TempCertificates&);
-    void loadRSACert(const IceXML::NodePtr&, TempCertificates&);
-
-    // Populate with information from the indicated node in the parse tree.
-    void getCert(const IceXML::NodePtr&, CertificateDesc&);
-    void getDHParams(const IceXML::NodePtr&, DiffieHellmanParamsFile&);
-
-    // Populate a certificate file object, basis of all certificates.
-    void loadCertificateFile(const IceXML::NodePtr&, CertificateFile&);
-
-    // Determines if the string represents an absolute pathname.
-    bool isAbsolutePath(std::string&);
-
-    // Parses the certificate encoding format from a string representation
-    // to the proper integer value used by the underlying SSL framework.
-    int parseEncoding(std::string&);
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/ConnectorI.cpp b/cpp/src/IceSSL/ConnectorI.cpp
new file mode 100644
index 00000000000..113d5501356
--- /dev/null
+++ b/cpp/src/IceSSL/ConnectorI.cpp
@@ -0,0 +1,186 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <ConnectorI.h>
+#include <Instance.h>
+#include <TransceiverI.h>
+#include <Util.h>
+#include <Ice/Communicator.h>
+#include <Ice/LocalException.h>
+#include <Ice/LoggerUtil.h>
+#include <Ice/Network.h>
+
+#include <openssl/err.h>
+
+using namespace std;
+using namespace Ice;
+using namespace IceSSL;
+
+IceInternal::TransceiverPtr
+IceSSL::ConnectorI::connect(int timeout)
+{
+    //
+    // The plugin may not be fully initialized.
+    //
+    ContextPtr ctx = _instance->clientContext();
+
+    if(_instance->networkTraceLevel() >= 2)
+    {
+	Trace out(_logger, _instance->networkTraceCategory());
+	out << "trying to establish ssl connection to " << toString();
+    }
+
+    SOCKET fd = IceInternal::createSocket(false);
+    IceInternal::setBlock(fd, false);
+    IceInternal::doConnect(fd, _addr, timeout);
+
+    BIO* bio = BIO_new_socket(fd, BIO_CLOSE);
+    if(!bio)
+    {
+	IceInternal::closeSocketNoThrow(fd);
+	SecurityException ex(__FILE__, __LINE__);
+	ex.reason = "openssl failure";
+	throw ex;
+    }
+
+    SSL* ssl = SSL_new(ctx->ctx());
+    if(!ssl)
+    {
+	BIO_free(bio); // Also closes the socket.
+	SecurityException ex(__FILE__, __LINE__);
+	ex.reason = "openssl failure";
+	throw ex;
+    }
+    SSL_set_bio(ssl, bio, bio);
+
+    try
+    {
+	do
+	{
+	    int result = SSL_connect(ssl);
+	    switch(SSL_get_error(ssl, result))
+	    {
+	    case SSL_ERROR_NONE:
+		break;
+	    case SSL_ERROR_ZERO_RETURN:
+	    {
+		ConnectionLostException ex(__FILE__, __LINE__);
+		ex.error = IceInternal::getSocketErrno();
+		throw ex;
+	    }
+	    case SSL_ERROR_WANT_READ:
+		if(!selectRead(fd, timeout))
+		{
+		    throw ConnectTimeoutException(__FILE__, __LINE__);
+		}
+		break;
+	    case SSL_ERROR_WANT_WRITE:
+		if(!selectWrite(fd, timeout))
+		{
+		    throw ConnectTimeoutException(__FILE__, __LINE__);
+		}
+		break;
+	    case SSL_ERROR_SYSCALL:
+	    {
+		if(result == -1)
+		{
+		    if(IceInternal::interrupted())
+		    {
+			break;
+		    }
+
+		    if(IceInternal::wouldBlock())
+		    {
+			if(SSL_want_read(ssl))
+			{
+			    if(!selectRead(fd, timeout))
+			    {
+				throw ConnectTimeoutException(__FILE__, __LINE__);
+			    }
+			}
+			else if(SSL_want_write(ssl))
+			{
+			    if(!selectWrite(fd, timeout))
+			    {
+				throw ConnectTimeoutException(__FILE__, __LINE__);
+			    }
+			}
+
+			continue;
+		    }
+
+		    if(IceInternal::connectionLost())
+		    {
+			ConnectionLostException ex(__FILE__, __LINE__);
+			ex.error = IceInternal::getSocketErrno();
+			throw ex;
+		    }
+		}
+
+		if(result == 0)
+		{
+		    ConnectionLostException ex(__FILE__, __LINE__);
+		    ex.error = 0;
+		    throw ex;
+		}
+
+		SocketException ex(__FILE__, __LINE__);
+		ex.error = IceInternal::getSocketErrno();
+		throw ex;
+	    }
+	    case SSL_ERROR_SSL:
+	    {
+		ProtocolException ex(__FILE__, __LINE__);
+		ex.reason = "SSL error for new outgoing connection:\nremote address = " +
+		    IceInternal::addrToString(_addr) + "\n" + _instance->sslErrors();
+		throw ex;
+	    }
+	    }
+	}
+	while(!SSL_is_init_finished(ssl));
+
+	_instance->clientContext()->validatePeer(ssl, _host, false);
+    }
+    catch(...)
+    {
+	SSL_free(ssl);
+	throw;
+    }
+
+    if(_instance->networkTraceLevel() >= 1)
+    {
+	Trace out(_logger, _instance->networkTraceCategory());
+	out << "ssl connection established\n" << IceInternal::fdToString(fd);
+    }
+
+    if(_instance->securityTraceLevel() >= 1)
+    {
+	_instance->clientContext()->traceConnection(ssl, false);
+    }
+
+    return new TransceiverI(_instance, ssl, fd);
+}
+
+string
+IceSSL::ConnectorI::toString() const
+{
+    return IceInternal::addrToString(_addr);
+}
+
+IceSSL::ConnectorI::ConnectorI(const InstancePtr& instance, const string& host, int port) :
+    _instance(instance),
+    _host(host),
+    _logger(instance->communicator()->getLogger())
+{
+    IceInternal::getAddress(host, port, _addr);
+}
+
+IceSSL::ConnectorI::~ConnectorI()
+{
+}
diff --git a/cpp/src/IceSSL/SslConnector.h b/cpp/src/IceSSL/ConnectorI.h
index 7e7e161fad8..64972aa9512 100644
--- a/cpp/src/IceSSL/SslConnector.h
+++ b/cpp/src/IceSSL/ConnectorI.h
@@ -7,25 +7,26 @@
 //
 // **********************************************************************
 
-#ifndef ICE_SSL_CONNECTOR_H
-#define ICE_SSL_CONNECTOR_H
+#ifndef ICE_SSL_CONNECTOR_I_H
+#define ICE_SSL_CONNECTOR_I_H
 
-#include <Ice/TransceiverF.h>
 #include <Ice/LoggerF.h>
-#include <IceSSL/TraceLevelsF.h>
-#include <IceSSL/OpenSSLPluginIF.h>
+#include <Ice/TransceiverF.h>
 #include <Ice/Connector.h>
+#include <InstanceF.h>
 
-#ifndef _WIN32
+#ifdef _WIN32
+#   include <winsock2.h>
+#else
 #   include <netinet/in.h> // For struct sockaddr_in
 #endif
 
 namespace IceSSL
 {
 
-class SslEndpoint;
+class EndpointI;
 
-class SslConnector : public IceInternal::Connector
+class ConnectorI : public IceInternal::Connector
 {
 public:
     
@@ -34,14 +35,14 @@ public:
     
 private:
     
-    SslConnector(const OpenSSLPluginIPtr&, const std::string&, int);
-    virtual ~SslConnector();
-    friend class SslEndpointI;
+    ConnectorI(const InstancePtr&, const std::string&, int);
+    virtual ~ConnectorI();
+    friend class EndpointI;
 
-    const OpenSSLPluginIPtr _plugin;
+    InstancePtr _instance;
+    std::string _host;
+    Ice::LoggerPtr _logger;
     struct sockaddr_in _addr;
-    const TraceLevelsPtr _traceLevels;
-    const ::Ice::LoggerPtr _logger;
 };
 
 }
diff --git a/cpp/src/IceSSL/Context.cpp b/cpp/src/IceSSL/Context.cpp
index 099eaa17bed..ffa4d6a8a11 100644
--- a/cpp/src/IceSSL/Context.cpp
+++ b/cpp/src/IceSSL/Context.cpp
@@ -7,650 +7,915 @@
 //
 // **********************************************************************
 
+#include <Context.h>
+#include <Instance.h>
+#include <Util.h>
 #include <Ice/Communicator.h>
+#include <Ice/LocalException.h>
+#include <Ice/Logger.h>
 #include <Ice/LoggerUtil.h>
 #include <Ice/Properties.h>
 
-#include <IceSSL/DefaultCertificateVerifier.h>
-#include <IceSSL/Exception.h>
-#include <IceSSL/RSAKeyPair.h>
-#include <IceSSL/CertificateDesc.h>
-#include <IceSSL/SslTransceiver.h>
-#include <IceSSL/Context.h>
-#include <IceSSL/OpenSSLJanitors.h>
-#include <IceSSL/OpenSSLUtils.h>
-#include <IceSSL/TraceLevels.h>
-
+#ifdef _WIN32
+#   include <direct.h>
+#   include <sys/types.h>
+#   include <sys/stat.h>
+#   define S_ISDIR(mode) ((mode) & _S_IFDIR)
+#   define S_ISREG(mode) ((mode) & _S_IFREG)
+#else
+#   include <sys/stat.h>
+#endif
+
+#include <openssl/x509v3.h>
 #include <openssl/err.h>
 
 using namespace std;
 using namespace Ice;
-using namespace IceInternal;
-
-void IceInternal::incRef(::IceSSL::Context* p) { p->__incRef(); }
-void IceInternal::decRef(::IceSSL::Context* p) { p->__decRef(); }
-
-IceSSL::Context::~Context()
-{
-    cleanUp();
-}
+using namespace IceSSL;
 
-bool
-IceSSL::Context::isConfigured()
+static int
+opensslPasswordCallback(char* buf, int size, int flag, void* userData)
 {
-    return (_sslContext != 0 ? true : false);
-}
-
-void
-IceSSL::Context::cleanUp()
-{
-    if(_sslContext != 0)
+    IceSSL::Context* c = reinterpret_cast<IceSSL::Context*>(userData);
+    string passwd = c->password(flag == 1);
+    int sz = static_cast<int>(passwd.size());
+    if(sz > size)
     {
-        SSL_CTX_free(_sslContext);
-
-        _sslContext = 0;
+	sz = size - 1;
     }
+    strncpy(buf, passwd.c_str(), sz);
+    buf[sz] = '\0';
+    return sz;
 }
 
-void
-IceSSL::Context::setCertificateVerifier(const CertificateVerifierPtr& verifier)
+#ifndef OPENSSL_NO_DH
+static DH*
+opensslDHCallback(SSL* ssl, int /*isExport*/, int keyLength)
 {
-    _certificateVerifier = verifier;
-    _certificateVerifier->setContext(_contextType);
+    IceSSL::Context* c = reinterpret_cast<IceSSL::Context*>(SSL_CTX_get_ex_data(ssl->ctx, 0));
+    return c->dhParams(keyLength);
 }
+#endif
 
-void
-IceSSL::Context::addTrustedCertificateBase64(const string& trustedCertString)
+static int
+opensslVerifyCallback(int ok, X509_STORE_CTX* ctx)
 {
-    RSAPublicKey pubKey(trustedCertString);
-
-    addTrustedCertificate(pubKey);
+    SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
+    IceSSL::Context* c = reinterpret_cast<IceSSL::Context*>(SSL_CTX_get_ex_data(ssl->ctx, 0));
+    return c->verifyCallback(ok, ssl, ctx);
 }
 
-void
-IceSSL::Context::addTrustedCertificate(const Ice::ByteSeq& trustedCert)
+static bool
+passwordError()
 {
-    RSAPublicKey pubKey(trustedCert);
-
-    addTrustedCertificate(pubKey);
+    int reason = ERR_GET_REASON(ERR_peek_error());
+    return (reason == PEM_R_BAD_BASE64_DECODE ||
+	    reason == PEM_R_BAD_DECRYPT ||
+	    reason == PEM_R_BAD_PASSWORD_READ ||
+	    reason == PEM_R_PROBLEMS_GETTING_PASSWORD);
 }
 
-void
-IceSSL::Context::setRSAKeysBase64(const string& privateKey, const string& publicKey)
+//
+// Context.
+//
+IceSSL::Context::Context(const InstancePtr& instance, const string& propPrefix, SSL_CTX* ctx) :
+    _instance(instance),
+    _logger(instance->communicator()->getLogger()),
+    _ctx(ctx)
 {
-    if(privateKey.empty())
+    if(_ctx)
     {
-        IceSSL::PrivateKeyException privateKeyEx(__FILE__, __LINE__);
-
-        privateKeyEx.message = "Empty private key supplied.";
-
-        throw privateKeyEx;
+	return;
     }
 
-    addKeyCert(privateKey, publicKey);
-}
-
-void
-IceSSL::Context::setRSAKeys(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)
-{
-    if(privateKey.empty())
+    _ctx = SSL_CTX_new(SSLv23_method());
+    if(!_ctx)
     {
-        IceSSL::PrivateKeyException privateKeyEx(__FILE__, __LINE__);
-
-        privateKeyEx.message = "Empty private key supplied.";
-
-        throw privateKeyEx;
+	string err = _instance->sslErrors();
+	string msg = "IceSSL: unable to create SSL context:\n" + err;
+	if(_instance->securityTraceLevel() >= 1)
+	{
+	    _logger->trace(_instance->securityTraceCategory(), msg);
+	}
+	PluginInitializationException ex(__FILE__, __LINE__);
+	ex.reason = msg;
+	throw ex;
     }
 
-    addKeyCert(privateKey, publicKey);
-}
-
-void
-IceSSL::Context::configure(const GeneralConfig& generalConfig,
-                           const CertificateAuthority& certificateAuthority,
-                           const BaseCertificates& baseCertificates)
-{
-    // Create an SSL Context based on the context params.
-    createContext(generalConfig.getProtocol());
-
-    // Enable workarounds and disable SSLv2.
-    SSL_CTX_set_options(_sslContext, SSL_OP_ALL|SSL_OP_NO_SSLv2);
-
-    // Get the cipherlist and set it in the context.
-    setCipherList(generalConfig.getCipherList());
-
-    // Set the certificate verification mode.
-    SSL_CTX_set_verify(_sslContext, generalConfig.getVerifyMode(), verifyCallback);
-
-    // Set the certificate verify depth
-    SSL_CTX_set_verify_depth(_sslContext, generalConfig.getVerifyDepth());
-
-    // Determine the number of retries the user gets on passphrase entry.
-    string passphraseRetries = _communicator->getProperties()->getPropertyWithDefault(_passphraseRetriesProperty,
-										      _maxPassphraseRetriesDefault);
-    int retries = atoi(passphraseRetries.c_str());
-    retries = (retries < 0 ? 0 : retries);
-    _maxPassphraseTries = retries + 1;
+    //
+    // Store a pointer to ourself for use in OpenSSL callbacks.
+    //
+    SSL_CTX_set_ex_data(_ctx, 0, this);
 
-    // Process the RSA Certificate
-    setKeyCert(baseCertificates.getRSACert(), _rsaPrivateKeyProperty, _rsaPublicKeyProperty);
+    PropertiesPtr properties = _instance->communicator()->getProperties();
 
-    // Process the DSA Certificate
-    setKeyCert(baseCertificates.getDSACert(), _dsaPrivateKeyProperty, _dsaPublicKeyProperty);
-
-    // Set the DH key agreement parameters.
-    if(baseCertificates.getDHParams().getKeySize() != 0)
+    //
+    // Check for a default directory. We look in this directory for
+    // files mentioned in the configuration.
+    //
     {
-        setDHParams(baseCertificates);
+	_defaultDir = properties->getProperty(propPrefix + "DefaultDir");
     }
-}
-
-//
-// Protected
-//
-
-IceSSL::Context::Context(const TraceLevelsPtr& traceLevels, const CommunicatorPtr& communicator,
-                         const ContextType& type) :
-    _traceLevels(traceLevels),
-    _communicator(communicator),
-    _contextType(type)
-{
-    _certificateVerifier = new DefaultCertificateVerifier(traceLevels, communicator);
-    _certificateVerifier->setContext(_contextType);
-    _sslContext = 0;
-
-    _maxPassphraseRetriesDefault = "4";
-}
 
-SSL_METHOD*
-IceSSL::Context::getSslMethod(SslProtocol sslVersion)
-{
-    SSL_METHOD* sslMethod = 0;
-
-    switch(sslVersion)
+    //
+    // Select protocols.
+    //
     {
-        case SSL_V23 :
-        {
-            sslMethod = SSLv23_method();
-            break;
-        }
-
-        case SSL_V3 :
-        {
-            sslMethod = SSLv3_method();
-            break;
-        }
-
-        case TLS_V1 :
-        {
-            sslMethod = TLSv1_method();
-            break;
-        }
-
-        default :
-        {
-            if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
-            { 
-                Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-                out << "WRN ssl version " << sslVersion;
-                out << " not supported (defaulting to SSL_V23)";
-            }
-
-            sslMethod = SSLv23_method();
-        }
+	string protocols = properties->getProperty(propPrefix + "Protocols");
+	if(!protocols.empty())
+	{
+	    parseProtocols(protocols);
+	}
     }
 
-    return sslMethod;
-}
-
-void
-IceSSL::Context::createContext(SslProtocol sslProtocol)
-{
-    if(_sslContext != 0)
+    //
+    // Determine whether a certificate is required from the peer.
+    //
     {
-        SSL_CTX_free(_sslContext);
-        _sslContext = 0;
+	int verifyPeer = properties->getPropertyAsIntWithDefault(propPrefix + "VerifyPeer", 2);
+	int sslVerifyMode;
+	switch(verifyPeer)
+	{
+	case 0:
+	    sslVerifyMode = SSL_VERIFY_NONE;
+	    break;
+	case 1:
+	    sslVerifyMode = SSL_VERIFY_PEER;
+	    break;
+	case 2:
+	    sslVerifyMode = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+	    break;
+	default:
+	{
+	    string msg = "IceSSL: invalid value for " + propPrefix + "VerifyPeer";
+	    if(_instance->securityTraceLevel() >= 1)
+	    {
+		_logger->trace(_instance->securityTraceCategory(), msg);
+	    }
+	    PluginInitializationException ex(__FILE__, __LINE__);
+	    ex.reason = msg;
+	    throw ex;
+	}
+	}
+	SSL_CTX_set_verify(_ctx, sslVerifyMode, opensslVerifyCallback);
     }
 
-    _sslContext = SSL_CTX_new(getSslMethod(sslProtocol));
-
-    if(_sslContext == 0)
+    //
+    // If the configuration defines a password, or the application has supplied
+    // a password prompt object, then register a password callback. Otherwise,
+    // let OpenSSL use its default behavior.
+    //
     {
-        ContextInitializationException contextInitEx(__FILE__, __LINE__);
-
-        contextInitEx.message = "unable to create ssl context\n" + sslGetErrors();
-
-        throw contextInitEx;
+	// TODO: Support quoted value?
+	string password = properties->getProperty(propPrefix + "Password");
+	if(!password.empty() || _instance->passwordPrompt())
+	{
+	    SSL_CTX_set_default_passwd_cb(_ctx, opensslPasswordCallback);
+	    SSL_CTX_set_default_passwd_cb_userdata(_ctx, this);
+	    _password = password;
+	}
     }
 
-    // Turn off session caching, supposedly fixes a problem with multithreading.
-    SSL_CTX_set_session_cache_mode(_sslContext, SSL_SESS_CACHE_OFF);
-}
-
-void
-IceSSL::Context::loadCertificateAuthority(const CertificateAuthority& certAuth)
-{
-    assert(_sslContext != 0);
-
-    string fileName = certAuth.getCAFileName();
-    string certPath = certAuth.getCAPath();
+    int passwordRetryMax = properties->getPropertyAsIntWithDefault(propPrefix + "PasswordRetryMax", 3);
 
-    const char* caFile = 0;
-    const char* caPath = 0;
-
-    // The following checks are required to send the expected values to the OpenSSL library.
-    // It does not like receiving "", but prefers NULLs.
-
-    if(!fileName.empty())
+    //
+    // Establish the location of CA certificates.
+    //
     {
-        caFile = fileName.c_str();
+	string caFile = properties->getProperty(propPrefix + "CertAuthFile");
+	string caDir = properties->getPropertyWithDefault(propPrefix + "CertAuthDir", _defaultDir);
+	const char* file = 0;
+	const char* dir = 0;
+	if(!caFile.empty())
+	{
+	    if(!checkPath(caFile, false))
+	    {
+		string msg = "IceSSL: CA certificate file not found:\n" + caFile;
+		if(_instance->securityTraceLevel() >= 1)
+		{
+		    _logger->trace(_instance->securityTraceCategory(), msg);
+		}
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = msg;
+		throw ex;
+	    }
+	    file = caFile.c_str();
+	}
+	if(!caDir.empty())
+	{
+	    if(!checkPath(caDir, true))
+	    {
+		string msg = "IceSSL: CA certificate directory not found:\n" + caDir;
+		if(_instance->securityTraceLevel() >= 1)
+		{
+		    _logger->trace(_instance->securityTraceCategory(), msg);
+		}
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = msg;
+		throw ex;
+	    }
+	    dir = caDir.c_str();
+	}
+	if(file || dir)
+	{
+	    //
+	    // The certificate may be stored in an encrypted file, so handle
+	    // password retries.
+	    //
+	    int count = 0;
+	    int err;
+	    while(count < passwordRetryMax)
+	    {
+		ERR_clear_error();
+		err = SSL_CTX_load_verify_locations(_ctx, file, dir);
+		if(err || !passwordError())
+		{
+		    break;
+		}
+		++count;
+	    }
+	    if(err == 0)
+	    {
+		string msg = "IceSSL: unable to establish CA certificates";
+		if(passwordError())
+		{
+		    msg += ":\ninvalid password";
+		}
+		else
+		{
+		    string err = _instance->sslErrors();
+		    if(!err.empty())
+		    {
+			msg += ":\n" + err;
+		    }
+		}
+		if(_instance->securityTraceLevel() >= 1)
+		{
+		    _logger->trace(_instance->securityTraceCategory(), msg);
+		}
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = msg;
+		throw ex;
+	    }
+	}
     }
 
-    if(!certPath.empty())
+    //
+    // Establish the certificate chains and private keys. One RSA certificate and
+    // one DSA certificate are allowed.
+    //
     {
-        caPath = certPath.c_str();
+#ifdef _WIN32
+	const string sep = ";";
+#else
+	const string sep = ":";
+#endif
+	string certFile = properties->getProperty(propPrefix + "CertFile");
+	string keyFile = properties->getProperty(propPrefix + "KeyFile");
+	vector<string>::size_type numCerts = 0;
+	if(!certFile.empty())
+	{
+	    vector<string> files;
+	    if(!splitString(certFile, sep, false, files) || files.size() > 2)
+	    {
+		string msg = "IceSSL: invalid value for " + propPrefix + "CertFile:\n" + certFile;
+		if(_instance->securityTraceLevel() >= 1)
+		{
+		    _logger->trace(_instance->securityTraceCategory(), msg);
+		}
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = msg;
+		throw ex;
+	    }
+	    numCerts = files.size();
+	    for(vector<string>::iterator p = files.begin(); p != files.end(); ++p)
+	    {
+		string file = *p;
+		if(!checkPath(file, false))
+		{
+		    string msg = "IceSSL: certificate file not found:\n" + file;
+		    if(_instance->securityTraceLevel() >= 1)
+		    {
+			_logger->trace(_instance->securityTraceCategory(), msg);
+		    }
+		    PluginInitializationException ex(__FILE__, __LINE__);
+		    ex.reason = msg;
+		    throw ex;
+		}
+		//
+		// The certificate may be stored in an encrypted file, so handle
+		// password retries.
+		//
+		int count = 0;
+		int err;
+		while(count < passwordRetryMax)
+		{
+		    ERR_clear_error();
+		    err = SSL_CTX_use_certificate_chain_file(_ctx, file.c_str());
+		    if(err || !passwordError())
+		    {
+			break;
+		    }
+		    ++count;
+		}
+		if(err == 0)
+		{
+		    string msg = "IceSSL: unable to load certificate chain from file " + file;
+		    if(passwordError())
+		    {
+			msg += ":\ninvalid password";
+		    }
+		    else
+		    {
+			string err = _instance->sslErrors();
+			if(!err.empty())
+			{
+			    msg += ":\n" + err;
+			}
+		    }
+		    if(_instance->securityTraceLevel() >= 1)
+		    {
+			_logger->trace(_instance->securityTraceCategory(), msg);
+		    }
+		    PluginInitializationException ex(__FILE__, __LINE__);
+		    ex.reason = msg;
+		    throw ex;
+		}
+	    }
+	}
+	if(keyFile.empty())
+	{
+	    keyFile = certFile; // Assume the certificate file also contains the private key.
+	}
+	if(!keyFile.empty())
+	{
+	    vector<string> files;
+	    if(!splitString(keyFile, sep, false, files) || files.size() > 2)
+	    {
+		string msg = "IceSSL: invalid value for " + propPrefix + "KeyFile:\n" + keyFile;
+		if(_instance->securityTraceLevel() >= 1)
+		{
+		    _logger->trace(_instance->securityTraceCategory(), msg);
+		}
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = msg;
+		throw ex;
+	    }
+	    if(files.size() != numCerts)
+	    {
+		string msg = "IceSSL: " + propPrefix + "KeyFile does not agree with " + propPrefix + "CertFile";
+		if(_instance->securityTraceLevel() >= 1)
+		{
+		    _logger->trace(_instance->securityTraceCategory(), msg);
+		}
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = msg;
+		throw ex;
+	    }
+	    for(vector<string>::iterator p = files.begin(); p != files.end(); ++p)
+	    {
+		string file = *p;
+		if(!checkPath(file, false))
+		{
+		    string msg = "IceSSL: key file not found:\n" + file;
+		    if(_instance->securityTraceLevel() >= 1)
+		    {
+			_logger->trace(_instance->securityTraceCategory(), msg);
+		    }
+		    PluginInitializationException ex(__FILE__, __LINE__);
+		    ex.reason = msg;
+		    throw ex;
+		}
+		//
+		// The private key may be stored in an encrypted file, so handle
+		// password retries.
+		//
+		int count = 0;
+		int err;
+		while(count < passwordRetryMax)
+		{
+		    ERR_clear_error();
+		    err = SSL_CTX_use_PrivateKey_file(_ctx, file.c_str(), SSL_FILETYPE_PEM);
+		    if(err || !passwordError())
+		    {
+			break;
+		    }
+		    ++count;
+		}
+		if(err == 0)
+		{
+		    string msg = "IceSSL: unable to load private key from file " + file;
+		    if(passwordError())
+		    {
+			msg += ":\ninvalid password";
+		    }
+		    else
+		    {
+			string err = _instance->sslErrors();
+			if(!err.empty())
+			{
+			    msg += ":\n" + err;
+			}
+		    }
+		    if(_instance->securityTraceLevel() >= 1)
+		    {
+			_logger->trace(_instance->securityTraceCategory(), msg);
+		    }
+		    PluginInitializationException ex(__FILE__, __LINE__);
+		    ex.reason = msg;
+		    throw ex;
+		}
+	    }
+	    if(!SSL_CTX_check_private_key(_ctx))
+	    {
+		string err = _instance->sslErrors();
+		string msg = "IceSSL: unable to validate private key(s):\n" + err;
+		if(_instance->securityTraceLevel() >= 1)
+		{
+		    _logger->trace(_instance->securityTraceCategory(), msg);
+		}
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = msg;
+		throw ex;
+	    }
+	}
     }
 
-    // SSL_CTX_set_default_passwd_cb(sslContext, passwordCallback);
-
-    // Check the Certificate Authority file(s).
-    int loadVerifyRet = SSL_CTX_load_verify_locations(_sslContext, caFile, caPath);
-
-    if(!loadVerifyRet)
-    { 
-        if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
-        {
-            Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-            out << "WRN unable to load certificate authorities.";
-        }
-    }
-    else
+    //
+    // Establish the cipher list.
+    //
     {
-        int setDefaultVerifyPathsRet = SSL_CTX_set_default_verify_paths(_sslContext);
+	string ciphers = properties->getProperty(propPrefix + "Ciphers");
+	if(!ciphers.empty())
+	{
+	    if(!SSL_CTX_set_cipher_list(_ctx, ciphers.c_str()))
+	    {
+		string err = _instance->sslErrors();
+		string msg = "IceSSL: unable to set ciphers using `" + ciphers + "':\n" + err;
+		if(_instance->securityTraceLevel() >= 1)
+		{
+		    _logger->trace(_instance->securityTraceCategory(), msg);
+		}
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = msg;
+		throw ex;
+	    }
+	}
+    }
 
-        if(!setDefaultVerifyPathsRet && (_traceLevels->security >= IceSSL::SECURITY_WARNINGS))
-        { 
-            Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-            out << "WRN unable to verify certificate authorities.";
-        }
+    //
+    // Establish the maximum verify depth.
+    //
+    {
+	int depth = properties->getPropertyAsIntWithDefault(propPrefix + "VerifyDepthMax", -1);
+	if(depth >= 0)
+	{
+	    SSL_CTX_set_verify_depth(_ctx, depth);
+	}
     }
 
-    // Now we add whatever override/addition that we wish to put into the trusted certificates list
-    string caCertBase64 = _communicator->getProperties()->getProperty(_caCertificateProperty);
-    if(!caCertBase64.empty())
+    //
+    // Diffie Hellman configuration.
+    //
     {
-         addTrustedCertificateBase64(caCertBase64);
+#ifndef OPENSSL_NO_DH
+	_dhParams = new DHParams;
+	SSL_CTX_set_options(_ctx, SSL_OP_SINGLE_DH_USE);
+	SSL_CTX_set_tmp_dh_callback(_ctx, opensslDHCallback);
+#endif
+	//
+	// Properties have the following form:
+	//
+	// ...DH.<keyLength>=file
+	//
+	const string dhPrefix = propPrefix + "DH.";
+	PropertyDict d = properties->getPropertiesForPrefix(dhPrefix);
+	if(!d.empty())
+	{
+#ifdef OPENSSL_NO_DH
+	    _logger->warning("IceSSL: OpenSSL is not configured for Diffie Hellman");
+#else
+	    for(PropertyDict::iterator p = d.begin(); p != d.end(); ++p)
+	    {
+		string s = p->first.substr(dhPrefix.size());
+		int keyLength = atoi(s.c_str());
+		if(keyLength > 0)
+		{
+		    string file = p->second;
+		    if(!checkPath(file, false))
+		    {
+			string msg = "IceSSL: DH parameter file not found:\n" + file;
+			if(_instance->securityTraceLevel() >= 1)
+			{
+			    _logger->trace(_instance->securityTraceCategory(), msg);
+			}
+			PluginInitializationException ex(__FILE__, __LINE__);
+			ex.reason = msg;
+			throw ex;
+		    }
+		    if(!_dhParams->add(keyLength, file))
+		    {
+			string msg = "IceSSL: unable to read DH parameter file " + file;
+			if(_instance->securityTraceLevel() >= 1)
+			{
+			    _logger->trace(_instance->securityTraceCategory(), msg);
+			}
+			PluginInitializationException ex(__FILE__, __LINE__);
+			ex.reason = msg;
+			throw ex;
+		    }
+		}
+	    }
+#endif
+	}
     }
 }
 
-void
-IceSSL::Context::setKeyCert(const CertificateDesc& certDesc,
-                            const string& privateProperty,
-                            const string& publicProperty)
+IceSSL::Context::~Context()
 {
-    string privateKey;
-    string publicKey;
-
-    if(!privateProperty.empty())
+    if(_ctx)
     {
-        privateKey = _communicator->getProperties()->getProperty(privateProperty);
+	SSL_CTX_free(_ctx);
     }
+}
 
-    if(!publicProperty.empty())
+SSL_CTX*
+IceSSL::Context::ctx() const
+{
+    return _ctx;
+}
+
+void
+IceSSL::Context::validatePeer(SSL* ssl, const string& address, bool incoming)
+{
+    long result = SSL_get_verify_result(ssl);
+    if(result != X509_V_OK)
     {
-        publicKey = _communicator->getProperties()->getProperty(publicProperty);
+	ostringstream ostr;
+	ostr << "IceSSL: certificate verification failed:\n" << X509_verify_cert_error_string(result);
+	string msg = ostr.str();
+	if(_instance->securityTraceLevel() >= 1)
+	{
+	    _logger->trace(_instance->securityTraceCategory(), msg);
+	}
+	SecurityException ex(__FILE__, __LINE__);
+	ex.reason = msg;
+	throw ex;
     }
 
-    if(!privateKey.empty() && !publicKey.empty())
+    X509* cert = SSL_get_peer_certificate(ssl);
+    try
     {
-        addKeyCert(privateKey, publicKey);
+	//
+	// Collect the dnsName and ipAddress values that appear in the peer's subjectAltName
+        // certificate extension.
+	//
+	vector<string> dnsNames, ipAddresses;
+	if(cert)
+	{
+	    GENERAL_NAMES* gens = reinterpret_cast<GENERAL_NAMES*>(X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0));
+	    int i;
+	    for(i = 0; i < sk_GENERAL_NAME_num(gens); ++i)
+	    {
+		GENERAL_NAME* gen = sk_GENERAL_NAME_value(gens, i);
+		if(gen->type == GEN_DNS)
+		{
+		    ASN1_IA5STRING* str = gen->d.dNSName;
+		    if(str && str->type == V_ASN1_IA5STRING && str->data && str->length > 0)
+		    {
+			string s = reinterpret_cast<const char*>(str->data);
+			dnsNames.push_back(s);
+		    }
+		}
+		else if(gen->type == GEN_IPADD)
+		{
+		    ASN1_OCTET_STRING* addr = gen->d.iPAddress;
+		    // TODO: Support IPv6 someday.
+		    if(addr && addr->type == V_ASN1_OCTET_STRING && addr->data && addr->length == 4)
+		    {
+			ostringstream ostr;
+			for(int j = 0; j < 4; ++j)
+			{
+			    if(j > 0)
+			    {
+				ostr << '.';
+			    }
+			    ostr << static_cast<int>(addr->data[j]);
+			}
+			ipAddresses.push_back(ostr.str());
+		    }
+		}
+	    }
+	    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	}
+
+	CertificateVerifierPtr verifier = _instance->certificateVerifier();
+
+	//
+	// Compare the peer's address against the dnsName and ipAddress values.
+	//
+	if(!address.empty())
+	{
+	    bool certNameOK = false;
+
+	    for(vector<string>::iterator p = ipAddresses.begin(); p != ipAddresses.end() && !certNameOK; ++p)
+	    {
+		if(address == *p)
+		{
+		    certNameOK = true;
+		}
+	    }
+
+	    if(!certNameOK && !dnsNames.empty())
+	    {
+		string host = address;
+		transform(host.begin(), host.end(), host.begin(), ::tolower);
+		for(vector<string>::iterator p = dnsNames.begin(); p != dnsNames.end() && !certNameOK; ++p)
+		{
+		    string s = *p;
+		    transform(s.begin(), s.end(), s.begin(), ::tolower);
+		    if(host == s)
+		    {
+			certNameOK = true;
+		    }
+		}
+	    }
+
+	    //
+	    // Log a message if the name comparison fails. If CheckCertName is defined,
+	    // we also raise an exception to abort the connection. Don't log a message
+	    // if CheckCertName is not defined and a verifier is present.
+	    //
+	    if(!certNameOK && (_checkCertName || (_instance->securityTraceLevel() >= 1 && !verifier)))
+	    {
+		ostringstream ostr;
+		ostr << "IceSSL: ";
+		if(!_checkCertName)
+		{
+		    ostr << "ignoring ";
+		}
+		ostr << "certificate validation failure:\npeer certificate does not contain `"
+		     << address << "' in its subjectAltName extension";
+		if(!dnsNames.empty())
+		{
+		    ostr << "\nDNS names found in certificate: ";
+		    for(vector<string>::iterator p = dnsNames.begin(); p != dnsNames.end(); ++p)
+		    {
+			if(p != dnsNames.begin())
+			{
+			    ostr << ", ";
+			}
+			ostr << *p;
+		    }
+		}
+		if(!ipAddresses.empty())
+		{
+		    ostr << "\nIP addresses found in certificate: ";
+		    for(vector<string>::iterator p = ipAddresses.begin(); p != ipAddresses.end(); ++p)
+		    {
+			if(p != ipAddresses.begin())
+			{
+			    ostr << ", ";
+			}
+			ostr << *p;
+		    }
+		}
+		string msg = ostr.str();
+		if(_instance->securityTraceLevel() >= 1)
+		{
+		    Trace out(_logger, _instance->securityTraceCategory());
+		    out << msg;
+		}
+		if(_checkCertName)
+		{
+		    SecurityException ex(__FILE__, __LINE__);
+		    ex.reason = msg;
+		    throw ex;
+		}
+	    }
+	}
+
+	if(verifier)
+	{
+	    VerifyInfo info;
+	    const_cast<bool&>(info.incoming) = incoming;
+	    info.cert = cert;
+	    info.ssl = ssl;
+	    const_cast<string&>(info.address) = address;
+	    const_cast<vector<string>&>(info.dnsNames) = dnsNames;
+	    const_cast<vector<string>&>(info.ipAddresses) = ipAddresses;
+	    verifier->verify(info);
+	}
     }
-    else if(certDesc.getKeySize() != 0)
+    catch(...)
     {
-        addKeyCert(certDesc.getPrivate(), certDesc.getPublic());
+	if(cert)
+	{
+	    X509_free(cert);
+	}
+	throw;
     }
-}
-
-void
-IceSSL::Context::checkKeyCert()
-{
-    assert(_sslContext != 0);
-
-    // Check to see if the Private and Public keys that have been
-    // set against the SSL context match up.
-    if(!SSL_CTX_check_private_key(_sslContext))
+    if(cert)
     {
-        CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__);
-
-        certKeyMatchEx.message = "private key does not match the certificate public key";
-        string sslError = sslGetErrors();
-
-        if(!sslError.empty())
-        {
-            certKeyMatchEx.message += "\n";
-            certKeyMatchEx.message += sslError;
-        }
-
-        throw certKeyMatchEx;
+	X509_free(cert);
     }
 }
 
-void
-IceSSL::Context::addTrustedCertificate(const RSAPublicKey& trustedCertificate)
+string
+IceSSL::Context::password(bool /*encrypting*/)
 {
-    if(_sslContext == 0)
+    PasswordPromptPtr prompt = _instance->passwordPrompt();
+    if(prompt)
     {
-        ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__);
-
-        contextConfigEx.message = "ssl context not configured";
-
-        throw contextConfigEx;
+	try
+	{
+	    return prompt->getPassword();
+	}
+	catch(...)
+	{
+	    //
+	    // Don't allow exceptions to cross an OpenSSL boundary.
+	    //
+	    return string();
+	}
     }
-
-    X509_STORE* certStore = SSL_CTX_get_cert_store(_sslContext);
-
-    assert(certStore != 0);
-
-    if(X509_STORE_add_cert(certStore, trustedCertificate.getX509PublicKey()) == 0)
+    else
     {
-        TrustedCertificateAddException trustEx(__FILE__, __LINE__);
-
-        trustEx.message = sslGetErrors();
-
-        throw trustEx;
+	return _password;
     }
 }
 
-void
-IceSSL::Context::addKeyCert(const CertificateFile& privateKey, const CertificateFile& publicCert)
+#ifndef OPENSSL_NO_DH
+DH*
+IceSSL::Context::dhParams(int keyLength)
 {
-    assert(_sslContext != 0);
+    return _dhParams->get(keyLength);
+}
+#endif
 
-    if(!publicCert.getFileName().empty())
+int
+IceSSL::Context::verifyCallback(int ok, SSL* ssl, X509_STORE_CTX* c)
+{
+    if(!ok && _instance->securityTraceLevel() >= 1)
     {
-	string publicCertFile = publicCert.getFileName();
-        const char* publicFile = publicCertFile.c_str();
-        int publicEncoding = publicCert.getEncoding();
-
-        string privCertFile = privateKey.getFileName();
-        const char* privKeyFile = privCertFile.c_str();
-        int privKeyFileType = privateKey.getEncoding();
-
-        // Set which Public Key file to use.
-        if(SSL_CTX_use_certificate_file(_sslContext, publicFile, publicEncoding) <= 0)
-        {
-            CertificateLoadException certLoadEx(__FILE__, __LINE__);
-
-            certLoadEx.message = "unable to load certificate from '";
-            certLoadEx.message += publicFile;
-            certLoadEx.message += "'\n";
-            certLoadEx.message += sslGetErrors();
-
-            throw certLoadEx;
-        }
-
-        if(privateKey.getFileName().empty())
-        {
-            if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
-            { 
-                Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-                out << "WRN no private key specified -- using the certificate";
-            }
-
-            privKeyFile = publicFile;
-            privKeyFileType = publicEncoding;
-        }
-
-        int retryCount = 0;
-        int pkLoadResult = 0;
-        int errCode = 0;
-
-        while(retryCount != _maxPassphraseTries)
-        {
-            // We ignore the errors and remove them from the stack.
-            string errorString = sslGetErrors();
-
-            // Set which Private Key file to use.
-            pkLoadResult = SSL_CTX_use_PrivateKey_file(_sslContext, privKeyFile, privKeyFileType);
-
-            if(pkLoadResult <= 0)
-            {
-                errCode = ERR_GET_REASON(ERR_peek_error());
-            }
-            else
-            {
-                // The load went fine - continue on.
-                break;
-            }
-
-            // PEM errors, most likely related to a bad passphrase.
-            if(errCode != PEM_R_BAD_PASSWORD_READ &&
-                errCode != PEM_R_BAD_DECRYPT &&
-                errCode != PEM_R_BAD_BASE64_DECODE)
-            {
-                // Other errors get dealt with below.
-                break;
-            }
-
-            cout << "Passphrase error!" << endl;
-
-            retryCount++;
-        }
-
-        if(pkLoadResult <= 0)
-        {
-            errCode = ERR_GET_REASON(ERR_peek_error());
-
-            // Note: Because OpenSSL currently (V0.9.6b) performs a check to see if the
-            //       key matches the private key when calling SSL_CTX_use_PrivateKey_file().
-            if(errCode == X509_R_KEY_VALUES_MISMATCH || errCode == X509_R_KEY_TYPE_MISMATCH)
-            {
-                CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__);
-
-                certKeyMatchEx.message = "private key does not match the certificate public key";
-                string sslError = sslGetErrors();
-
-                if(!sslError.empty())
-                {
-                    certKeyMatchEx.message += "\n";
-                    certKeyMatchEx.message += sslError;
-                }
-
-                throw certKeyMatchEx;
-            }
-            else
-            {
-                PrivateKeyLoadException pklEx(__FILE__, __LINE__);
-
-                pklEx.message = "unable to load private key from '";
-                pklEx.message += privKeyFile;
-                pklEx.message += "'\n";
-                pklEx.message += sslGetErrors();
-
-	        throw pklEx;
-            }
-        }
-
-        checkKeyCert();
+	X509* cert = X509_STORE_CTX_get_current_cert(c);
+	int err = X509_STORE_CTX_get_error(c);
+	char buf[256];
+
+	Trace out(_logger, _instance->securityTraceCategory());
+	out << "certificate verification failure\n";
+
+	X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
+	out << "issuer = " << buf << '\n';
+	X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
+	out << "subject = " << buf << '\n';
+	out << "depth = " << X509_STORE_CTX_get_error_depth(c) << '\n';
+	out << "error = " << X509_verify_cert_error_string(err) << '\n';
+	out << IceInternal::fdToString(SSL_get_fd(ssl));
     }
+    return ok;
 }
 
 void
-IceSSL::Context::addKeyCert(const RSAKeyPair& keyPair)
+IceSSL::Context::traceConnection(SSL* ssl, bool incoming)
 {
-    if(_sslContext == 0)
-    {
-        ContextNotConfiguredException contextConfigEx(__FILE__, __LINE__);
-
-        contextConfigEx.message = "ssl context not configured";
-
-        throw contextConfigEx;
-    }
-
-    // Note: Normally I would use an X509Janitor and RSAJanitor to ensure that
-    //       memory was being freed properly when exceptions are thrown, but
-    //       both SSL_CTX_use_certificate and SSL_CTX_use_RSAPrivateKey free
-    //       certificate/key memory regardless if the call succeeded.
-
-    // Set which Public Key file to use.
-    if(SSL_CTX_use_certificate(_sslContext, keyPair.getX509PublicKey()) <= 0)
+    Trace out(_logger, _instance->securityTraceCategory());
+    out << "SSL summary for " << (incoming ? "incoming" : "outgoing") << " connection\n";
+    SSL_CIPHER* cipher = SSL_get_current_cipher(ssl);
+    if(!cipher)
     {
-        CertificateLoadException certLoadEx(__FILE__, __LINE__);
-
-        certLoadEx.message = "unable to set certificate from memory";
-        string sslError = sslGetErrors();
-
-        if(!sslError.empty())
-        {
-            certLoadEx.message += "\n";
-            certLoadEx.message += sslError;
-        }
-
-        throw certLoadEx;
+	out << "unknown cipher\n";
     }
-
-    // Set which Private Key file to use.
-    if(SSL_CTX_use_RSAPrivateKey(_sslContext, keyPair.getRSAPrivateKey()) <= 0)
+    else
     {
-        int errCode = ERR_GET_REASON(ERR_peek_error());
-
-        // Note: Because OpenSSL currently (V0.9.6b) performs a check to see if the
-        //       key matches the private key when calling SSL_CTX_use_PrivateKey_file().
-        if(errCode == X509_R_KEY_VALUES_MISMATCH || errCode == X509_R_KEY_TYPE_MISMATCH)
-        {
-            CertificateKeyMatchException certKeyMatchEx(__FILE__, __LINE__);
-
-            certKeyMatchEx.message = "private key does not match the certificate public key";
-            string sslError = sslGetErrors();
-
-            if(!sslError.empty())
-            {
-                certKeyMatchEx.message += "\n";
-                certKeyMatchEx.message += sslError;
-            }
-
-            throw certKeyMatchEx;
-        }
-        else
-        {
-            PrivateKeyLoadException pklEx(__FILE__, __LINE__);
-
-            pklEx.message = "unable to set private key from memory";
-            string sslError = sslGetErrors();
-
-            if(!sslError.empty())
-            {
-                pklEx.message += "\n";
-                pklEx.message += sslError;
-            }
-
-            throw pklEx;
-        }
+	out << "cipher = " << SSL_CIPHER_get_name(cipher) << "\n";
+	out << "bits = " << SSL_CIPHER_get_bits(cipher, 0) << "\n";
+	out << "protocol = " << SSL_get_version(ssl) << "\n";
     }
-
-    checkKeyCert();
+    out << IceInternal::fdToString(SSL_get_fd(ssl));
 }
 
-void
-IceSSL::Context::addKeyCert(const Ice::ByteSeq& privateKey, const Ice::ByteSeq& publicKey)
+bool
+IceSSL::Context::checkPath(string& path, bool dir)
 {
-    Ice::ByteSeq privKey = privateKey;
-
-    if(privKey.empty())
+    //
+    // Check if file exists. If not, try prepending the default
+    // directory and check again. If the file is found, the
+    // string argument is modified and true is returned. Otherwise
+    // false is returned.
+    //
+#ifdef _WIN32
+    struct _stat st;
+    int err = ::_stat(path.c_str(), &st);
+#else
+    struct stat st;
+    int err = ::stat(path.c_str(), &st);
+#endif
+    if(err == 0)
     {
-        if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
-        { 
-            Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-            out << "WRN no private key specified -- using the certificate";
-        }
-
-        privKey = publicKey;
+	return dir ? S_ISDIR(st.st_mode) != 0 : S_ISREG(st.st_mode) != 0;
     }
 
-    // Make a key pair based on the DER encoded byte sequences.
-    RSAKeyPair rsaKeyPair(privKey, publicKey);
-    addKeyCert(rsaKeyPair);
-}
-
-void
-IceSSL::Context::addKeyCert(const string& privateKey, const string& publicKey)
-{
-    string privKey = privateKey;
-
-    if(privKey.empty())
+    if(!_defaultDir.empty())
     {
-        if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
-        { 
-            Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-            out << "WRN no private key specified -- using the certificate";
-        }
-
-        privKey = publicKey;
+#ifdef _WIN32
+	string s = _defaultDir + "\\" + path;
+	err = ::_stat(s.c_str(), &st);
+#else
+	string s = _defaultDir + "/" + path;
+	err = ::stat(s.c_str(), &st);
+#endif
+	if(err == 0 && ((!dir && S_ISREG(st.st_mode)) || (dir && S_ISDIR(st.st_mode))))
+	{
+	    path = s;
+	    return true;
+	}
     }
 
-    // Make a key pair based on the Base64 encoded strings.
-    RSAKeyPair rsaKeyPair(privKey, publicKey);
-    addKeyCert(rsaKeyPair);
-}
-
-SSL*
-IceSSL::Context::createSSLConnection(int socket)
-{
-    assert(_sslContext != 0);
-
-    SSL* sslConnection = SSL_new(_sslContext);
-    assert(sslConnection != 0);
-
-    SSL_clear(sslConnection);
-
-    SSL_set_fd(sslConnection, socket);
-
-    return sslConnection;
+    return false;
 }
 
 void
-IceSSL::Context::setCipherList(const string& cipherList)
+IceSSL::Context::parseProtocols(const string& val)
 {
-    assert(_sslContext != 0);
-
-    if(!cipherList.empty() && (!SSL_CTX_set_cipher_list(_sslContext, cipherList.c_str())) &&
-        (_traceLevels->security >= IceSSL::SECURITY_WARNINGS))
+    const string delim = ", ";
+    bool sslv3 = false, tlsv1 = false;
+    string::size_type pos = 0;
+    while(pos != string::npos)
     {
-        Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-        out << "WRN error setting cipher list " << cipherList << " -- using default list" << "\n";
-        out << sslGetErrors();
+	pos = val.find_first_not_of(delim, pos);
+	if(pos == string::npos)
+	{
+	    break;
+	}
+
+	string prot;
+	string::size_type end = val.find_first_of(delim, pos);
+	if(end == string::npos)
+	{
+	    prot = val.substr(pos);
+	}
+	else
+	{
+	    prot = val.substr(pos, end - pos);
+	}
+	pos = end;
+
+	if(prot == "ssl3" || prot == "sslv3")
+	{
+	    sslv3 = true;
+	}
+	else if(prot == "tls1" || prot == "tlsv1")
+	{
+	    tlsv1 = true;
+	}
+	else
+	{
+	    string msg = "IceSSL: unrecognized protocol `" + prot + "'";
+	    if(_instance->securityTraceLevel() >= 1)
+	    {
+		_logger->trace(_instance->securityTraceCategory(), msg);
+	    }
+	    PluginInitializationException ex(__FILE__, __LINE__);
+	    ex.reason = msg;
+	    throw ex;
+	}
     }
-}
-
-void
-IceSSL::Context::setDHParams(const BaseCertificates& baseCerts)
-{
-    DH* dh = 0;
-
-    string dhFile = baseCerts.getDHParams().getFileName();
-    int encoding = baseCerts.getDHParams().getEncoding();
 
-    // File type must be PEM - that's the only way we can load DH Params, apparently.
-    if((!dhFile.empty()) && (encoding == SSL_FILETYPE_PEM))
+    long opts = SSL_OP_NO_SSLv2; // SSLv2 is not supported.
+    if(!sslv3)
     {
-        dh = loadDHParam(dhFile.c_str());
+	opts |= SSL_OP_NO_SSLv3;
     }
-
-    if(dh == 0)
+    if(!tlsv1)
     {
-        if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
-        { 
-            Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-            out << "WRN Could not load Diffie-Hellman params, generating a temporary 512bit key.";
-        }
-
-        dh = getTempDH512();
+	opts |= SSL_OP_NO_TLSv1;
     }
+    SSL_CTX_set_options(_ctx, opts);
+}
 
-    if(dh != 0)
-    {
-        SSL_CTX_set_tmp_dh(_sslContext, dh);
+//
+// ClientContext.
+//
+IceSSL::ClientContext::ClientContext(const InstancePtr& instance, SSL_CTX* ctx) :
+    Context(instance, "IceSSL.Client.", ctx)
+{
+    PropertiesPtr properties = _instance->communicator()->getProperties();
 
-        DH_free(dh);
+    //
+    // CheckCertName determines whether we compare the name in a peer's
+    // certificate against its hostname.
+    //
+    {
+	_checkCertName = properties->getPropertyAsIntWithDefault("IceSSL.Client.CheckCertName", 0) > 0;
     }
 }
+
+//
+// ServerContext.
+//
+IceSSL::ServerContext::ServerContext(const InstancePtr& instance, SSL_CTX* ctx) :
+    Context(instance, "IceSSL.Server.", ctx)
+{
+    _checkCertName = false;
+}
diff --git a/cpp/src/IceSSL/Context.h b/cpp/src/IceSSL/Context.h
index d3f38050bf9..e002031f5e7 100644
--- a/cpp/src/IceSSL/Context.h
+++ b/cpp/src/IceSSL/Context.h
@@ -7,23 +7,12 @@
 //
 // **********************************************************************
 
-#ifndef ICESSL_CONTEXT_H
-#define ICESSL_CONTEXT_H
-
-#include <Ice/CommunicatorF.h>
-#include <IceSSL/TraceLevelsF.h>
-#include <IceSSL/SslTransceiverF.h>
-#include <IceSSL/ContextF.h>
-
-#include <Ice/BuiltinSequences.h>
-#include <IceSSL/OpenSSL.h>
-#include <IceSSL/CertificateVerifierOpenSSL.h>
-#include <IceSSL/GeneralConfig.h>
-#include <IceSSL/CertificateAuthority.h>
-#include <IceSSL/BaseCerts.h>
-#include <IceSSL/TempCerts.h>
-#include <IceSSL/RSAPublicKey.h>
-#include <IceSSL/RSAKeyPairF.h>
+#ifndef ICE_SSL_CONTEXT_H
+#define ICE_SSL_CONTEXT_H
+
+#include <InstanceF.h>
+#include <UtilF.h>
+#include <Ice/LoggerF.h>
 
 namespace IceSSL
 {
@@ -32,68 +21,55 @@ class Context : public IceUtil::Shared
 {
 public:
 
-    virtual ~Context();
-
-    bool isConfigured();
-
-    void cleanUp();
-
-    virtual void setCertificateVerifier(const CertificateVerifierPtr&);
-    virtual void addTrustedCertificateBase64(const std::string&);
-    virtual void addTrustedCertificate(const Ice::ByteSeq&);
-    virtual void setRSAKeysBase64(const std::string&, const std::string&);
-    virtual void setRSAKeys(const Ice::ByteSeq&, const Ice::ByteSeq&);
-    virtual void configure(const GeneralConfig&, const CertificateAuthority&, const BaseCertificates&);
-    virtual SslTransceiverPtr createTransceiver(int, const OpenSSLPluginIPtr&, int) = 0;
-
-protected:
-
-    Context(const TraceLevelsPtr&, const Ice::CommunicatorPtr&, const ContextType&);
-
-    SSL_METHOD* getSslMethod(SslProtocol);
-    void createContext(SslProtocol);
-
-    virtual void loadCertificateAuthority(const CertificateAuthority&);
-
-    void setKeyCert(const CertificateDesc&, const std::string&, const std::string&);
-
-    void checkKeyCert();
+    Context(const InstancePtr&, const std::string&, SSL_CTX*);
+    ~Context();
 
-    void addTrustedCertificate(const RSAPublicKey&);
+    SSL_CTX* ctx() const;
 
-    void addKeyCert(const CertificateFile&, const CertificateFile&);
+    void validatePeer(SSL*, const std::string&, bool);
 
-    void addKeyCert(const RSAKeyPair&);
+    std::string password(bool);
 
-    void addKeyCert(const Ice::ByteSeq&, const Ice::ByteSeq&);
-
-    void addKeyCert(const std::string&, const std::string&);
+#ifndef OPENSSL_NO_DH
+    DH* dhParams(int);
+#endif
 
-    SSL* createSSLConnection(int);
+    int verifyCallback(int, SSL*, X509_STORE_CTX*);
 
-    void setCipherList(const std::string&);
+    void traceConnection(SSL*, bool);
 
-    void setDHParams(const BaseCertificates&);
+protected:
 
-    TraceLevelsPtr _traceLevels;
-    Ice::CommunicatorPtr _communicator;
-    ContextType _contextType;
+    bool checkPath(std::string&, bool);
+    void parseProtocols(const std::string&);
+
+    InstancePtr _instance;
+    Ice::LoggerPtr _logger;
+    SSL_CTX* _ctx;
+    std::string _defaultDir;
+    bool _checkCertName;
+    std::string _password;
+#ifndef OPENSSL_NO_DH
+    DHParamsPtr _dhParams;
+#endif
+};
+typedef IceUtil::Handle<Context> ContextPtr;
 
-    std::string _rsaPrivateKeyProperty;
-    std::string _rsaPublicKeyProperty;
-    std::string _dsaPrivateKeyProperty;
-    std::string _dsaPublicKeyProperty;
-    std::string _caCertificateProperty;
-    std::string _passphraseRetriesProperty;
-    std::string _maxPassphraseRetriesDefault;
-    std::string _connectionHandshakeRetries;
+class ClientContext : public Context
+{
+public:
 
-    CertificateVerifierPtr _certificateVerifier;
+    ClientContext(const InstancePtr&, SSL_CTX*);
+};
+typedef IceUtil::Handle<ClientContext> ClientContextPtr;
 
-    SSL_CTX* _sslContext;
+class ServerContext : public Context
+{
+public:
 
-    int _maxPassphraseTries;
+    ServerContext(const InstancePtr&, SSL_CTX*);
 };
+typedef IceUtil::Handle<ServerContext> ServerContextPtr;
 
 }
 
diff --git a/cpp/src/IceSSL/ContextF.h b/cpp/src/IceSSL/ContextF.h
deleted file mode 100644
index 2e79a053a97..00000000000
--- a/cpp/src/IceSSL/ContextF.h
+++ /dev/null
@@ -1,31 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_CONTEXT_OPENSSL_F_H
-#define ICE_SSL_CONTEXT_OPENSSL_F_H
-
-#include <Ice/Handle.h>
-
-namespace IceSSL
-{
-
-class Context;
-typedef IceInternal::Handle<Context> ContextPtr;
-
-}
-
-namespace IceInternal
-{
-
-void incRef(::IceSSL::Context*);
-void decRef(::IceSSL::Context*);
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/Convert.cpp b/cpp/src/IceSSL/Convert.cpp
deleted file mode 100644
index bdfa65068f1..00000000000
--- a/cpp/src/IceSSL/Convert.cpp
+++ /dev/null
@@ -1,38 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceUtil/DisableWarnings.h>
-#include <IceUtil/Config.h>
-#include <IceSSL/Convert.h>
-#include <iterator>
-
-void
-IceSSL::ucharToByteSeq(unsigned char* ucharBuffer, int length, Ice::ByteSeq& destBuffer)
-{
-    assert(ucharBuffer != 0);
-    destBuffer.reserve(length);
-    std::copy(ucharBuffer, (ucharBuffer + length), std::back_inserter(destBuffer));
-}
-
-unsigned char*
-IceSSL::byteSeqToUChar(const Ice::ByteSeq& sequence)
-{
-    size_t seqSize = sequence.size();
-
-    assert(seqSize > 0);
-
-    unsigned char* ucharSeq = new unsigned char[seqSize];
-
-    assert(ucharSeq != 0);
-
-    unsigned char* ucharPtr = ucharSeq;
-    std::copy(sequence.begin(), sequence.end(), ucharPtr);
-
-    return ucharSeq;
-}
diff --git a/cpp/src/IceSSL/DHParams.cpp b/cpp/src/IceSSL/DHParams.cpp
deleted file mode 100644
index dd0e2496d76..00000000000
--- a/cpp/src/IceSSL/DHParams.cpp
+++ /dev/null
@@ -1,34 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/DHParams.h>
-
-void IceInternal::incRef(::IceSSL::DHParams* p) { p->__incRef(); }
-void IceInternal::decRef(::IceSSL::DHParams* p) { p->__decRef(); }
-
-IceSSL::DHParams::DHParams(DH* dhParams) :
-    _dhParams(dhParams)
-{
-    assert(_dhParams != 0);
-}
-
-IceSSL::DHParams::~DHParams()
-{
-    if(_dhParams != 0)
-    {
-        DH_free(_dhParams);
-    }
-}
-
-DH*
-IceSSL::DHParams::get() const
-{
-    return _dhParams;
-}
-
diff --git a/cpp/src/IceSSL/DHParams.h b/cpp/src/IceSSL/DHParams.h
deleted file mode 100644
index 5e24758aacc..00000000000
--- a/cpp/src/IceSSL/DHParams.h
+++ /dev/null
@@ -1,39 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_DH_PARAMS_H
-#define ICE_DH_PARAMS_H
-
-#include <IceUtil/Shared.h>
-#include <IceSSL/DHParamsF.h>
-#include <openssl/ssl.h>
-
-namespace IceSSL
-{
-
-class DHParams : public IceUtil::Shared
-{
-public:
-
-    // Construction from DH Params structure (simple initialization).
-    DHParams(DH*);
-
-    ~DHParams();
-
-    // Get the internal key structure as per the OpenSSL implementation.
-    DH* get() const;
-
-private:
-
-    DH* _dhParams;
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/DefaultCertificateVerifier.cpp b/cpp/src/IceSSL/DefaultCertificateVerifier.cpp
deleted file mode 100644
index 5f44957c600..00000000000
--- a/cpp/src/IceSSL/DefaultCertificateVerifier.cpp
+++ /dev/null
@@ -1,177 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Communicator.h>
-#include <Ice/Properties.h>
-#include <Ice/LoggerUtil.h>
-#include <IceSSL/OpenSSL.h>
-#include <IceSSL/DefaultCertificateVerifier.h>
-#include <IceSSL/OpenSSLUtils.h>
-#include <IceSSL/TraceLevels.h>
-
-#include <ostream>
-
-using namespace std;
-
-IceSSL::DefaultCertificateVerifier::DefaultCertificateVerifier(const IceSSL::TraceLevelsPtr& traceLevels,
-                                                               const Ice::CommunicatorPtr& communicator) :
-    _traceLevels(traceLevels),
-    _communicator(communicator)
-{
-}
-
-int
-IceSSL::DefaultCertificateVerifier::verify(int preVerifyOkay, X509_STORE_CTX* x509StoreContext, SSL* sslConnection)
-{
-    //
-    // Default verification steps.
-    //
-
-    int verifyError = X509_STORE_CTX_get_error(x509StoreContext);
-    int errorDepth = X509_STORE_CTX_get_error_depth(x509StoreContext);
-    int verifyDepth = SSL_get_verify_depth(sslConnection);
-
-    // A verify error has been encountered.
-    if(verifyError != X509_V_OK)
-    {
-        // We have a limited verify depth, and we have had to delve too deeply
-        // into the certificate chain to find an acceptable root certificate.
-        if((verifyDepth != -1) && (verifyDepth < errorDepth))
-        {
-            verifyError = X509_V_ERR_CERT_CHAIN_TOO_LONG;
-            X509_STORE_CTX_set_error(x509StoreContext, verifyError);
-        }
-
-        bool checkIgnoreValid = false;
-
-        switch(verifyError)
-        {
-            case X509_V_ERR_CERT_NOT_YET_VALID:
-            case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-            {
-                checkIgnoreValid = true;
-                break;
-            }
-
-            case X509_V_ERR_CERT_HAS_EXPIRED:
-            case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-            {
-                checkIgnoreValid = true;
-                break;
-            }
-
-            default :
-            {
-                // If we have any other errors, we bail out.
-                preVerifyOkay = 0;
-                break;
-            }
-        }
-
-        if(checkIgnoreValid)
-        {
-            ::Ice::PropertiesPtr properties = _communicator->getProperties();
-
-            switch(_contextType)
-            {
-                case Client :
-                {
-                    if(properties->getPropertyAsIntWithDefault("IceSSL.Client.IgnoreValidPeriod", 0) == 0)
-                    {
-                        // Unless we're told to ignore this result, we bail out.
-                        preVerifyOkay = 0;
-                    }
-                    else
-                    {
-                        preVerifyOkay = 1;
-                    }
-                    break;
-                }
-
-                case Server :
-                {
-                    if(properties->getPropertyAsIntWithDefault("IceSSL.Server.IgnoreValidPeriod", 0) == 0)
-                    {
-                        // Unless we're told to ignore this result, we bail out.
-                        preVerifyOkay = 0;
-                    }
-                    else
-                    {
-                        preVerifyOkay = 1;
-                    }
-                    break;
-                }
-
-                case ClientServer:
-                {
-                    if(properties->getPropertyAsIntWithDefault("IceSSL.Client.IgnoreValidPeriod", 0) == 0 && 
-                        properties->getPropertyAsIntWithDefault("IceSSL.Server.IgnoreValidPeriod", 0) == 0)
-                    {
-                        // Unless we're told to ignore this result, we bail out.
-                        preVerifyOkay = 0;
-                    }
-                    else
-                    {
-                        preVerifyOkay = 1;
-                    }
-                    break;
-                }
-            }
-        }
-    }
-
-    // Only if ICE_PROTOCOL level logging is on do we worry about this.
-    if(_traceLevels->security >= IceSSL::SECURITY_PROTOCOL)
-    {
-        char buf[256];
-
-        X509* err_cert = X509_STORE_CTX_get_current_cert(x509StoreContext);
-
-        X509_NAME_oneline(X509_get_subject_name(err_cert), buf, int(sizeof(buf)));
-
-	Ice::Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-
-        out << "depth = " << dec << errorDepth << ":" << buf << "\n";
-
-        if(!preVerifyOkay)
-        {
-            out << "verify error: num = " << verifyError << " : " 
-                << X509_verify_cert_error_string(verifyError) << "\n";
-
-        }
-
-        switch(verifyError)
-        {
-            case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-            {
-                X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, int(sizeof(buf)));
-                out << "issuer = " << buf << "\n";
-                break;
-            }
-
-            case X509_V_ERR_CERT_NOT_YET_VALID:
-            case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-            {
-                out << "notBefore = " << getASN1time(X509_get_notBefore(err_cert)) << "\n";
-                break;
-            }
-
-            case X509_V_ERR_CERT_HAS_EXPIRED:
-            case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-            {
-                out << "notAfter = " << getASN1time(X509_get_notAfter(err_cert)) << "\n";
-                break;
-            }
-        }
-
-        out << "verify return = " << preVerifyOkay << "\n";
-    }
-
-    return preVerifyOkay;
-}
diff --git a/cpp/src/IceSSL/DefaultCertificateVerifier.h b/cpp/src/IceSSL/DefaultCertificateVerifier.h
deleted file mode 100644
index 9a3e7058bb3..00000000000
--- a/cpp/src/IceSSL/DefaultCertificateVerifier.h
+++ /dev/null
@@ -1,36 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_DEFAULT_CERTIFICATE_VERIFIER_H
-#define ICE_SSL_DEFAULT_CERTIFICATE_VERIFIER_H
-
-#include <Ice/CommunicatorF.h>
-#include <IceSSL/TraceLevelsF.h>
-#include <IceSSL/CertificateVerifierOpenSSL.h>
-
-namespace IceSSL
-{
-
-class DefaultCertificateVerifier : public IceSSL::CertificateVerifierOpenSSL
-{
-public:
-
-    DefaultCertificateVerifier(const IceSSL::TraceLevelsPtr&, const Ice::CommunicatorPtr&);
-
-    virtual int verify(int, X509_STORE_CTX*, SSL*);
-
-private:
-
-    IceSSL::TraceLevelsPtr _traceLevels;
-    Ice::CommunicatorPtr _communicator;
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/SslEndpointI.cpp b/cpp/src/IceSSL/EndpointI.cpp
index 5478c2228e3..361ca90e3ae 100644
--- a/cpp/src/IceSSL/SslEndpointI.cpp
+++ b/cpp/src/IceSSL/EndpointI.cpp
@@ -7,23 +7,23 @@
 //
 // **********************************************************************
 
+#include <EndpointI.h>
+#include <AcceptorI.h>
+#include <ConnectorI.h>
+#include <TransceiverI.h>
+#include <Instance.h>
 #include <Ice/Network.h>
 #include <Ice/BasicStream.h>
 #include <Ice/LocalException.h>
-#include <Ice/ProtocolPluginFacade.h>
-#include <IceSSL/SslEndpointI.h>
-#include <IceSSL/SslAcceptor.h>
-#include <IceSSL/SslConnector.h>
-#include <IceSSL/SslTransceiver.h>
-#include <IceSSL/OpenSSLPluginI.h>
+#include <Ice/DefaultsAndOverrides.h>
 
 using namespace std;
 using namespace Ice;
-using namespace IceInternal;
+using namespace IceSSL;
 
-IceSSL::SslEndpointI::SslEndpointI(const OpenSSLPluginIPtr& plugin, const string& ho, Int po, Int ti,
-				   const string& conId, bool co, bool pub) :
-    _plugin(plugin),
+IceSSL::EndpointI::EndpointI(const InstancePtr& instance, const string& ho, Int po, Int ti, const string& conId,
+			     bool co, bool pub) :
+    _instance(instance),
     _host(ho),
     _port(po),
     _timeout(ti),
@@ -33,8 +33,8 @@ IceSSL::SslEndpointI::SslEndpointI(const OpenSSLPluginIPtr& plugin, const string
 {
 }
 
-IceSSL::SslEndpointI::SslEndpointI(const OpenSSLPluginIPtr& plugin, const string& str) :
-    _plugin(plugin),
+IceSSL::EndpointI::EndpointI(const InstancePtr& instance, const string& str) :
+    _instance(instance),
     _port(0),
     _timeout(-1),
     _compress(false),
@@ -141,11 +141,11 @@ IceSSL::SslEndpointI::SslEndpointI(const OpenSSLPluginIPtr& plugin, const string
 
     if(_host.empty())
     {
-        const_cast<string&>(_host) = _plugin->getProtocolPluginFacade()->getDefaultHost();
-        if(_host.empty())
-        {
+	const_cast<string&>(_host) = _instance->defaultHost();
+	if(_host.empty())
+	{
 	    const_cast<string&>(_host) = "0.0.0.0";
-        }
+	}
     }
     else if(_host == "*")
     {
@@ -153,8 +153,8 @@ IceSSL::SslEndpointI::SslEndpointI(const OpenSSLPluginIPtr& plugin, const string
     }
 }
 
-IceSSL::SslEndpointI::SslEndpointI(const OpenSSLPluginIPtr& plugin, BasicStream* s) :
-    _plugin(plugin),
+IceSSL::EndpointI::EndpointI(const InstancePtr& instance, IceInternal::BasicStream* s) :
+    _instance(instance),
     _port(0),
     _timeout(-1),
     _compress(false),
@@ -169,9 +169,9 @@ IceSSL::SslEndpointI::SslEndpointI(const OpenSSLPluginIPtr& plugin, BasicStream*
 }
 
 void
-IceSSL::SslEndpointI::streamWrite(BasicStream* s) const
+IceSSL::EndpointI::streamWrite(IceInternal::BasicStream* s) const
 {
-    s->write(SslEndpointType);
+    s->write(EndpointType);
     s->startWriteEncaps();
     s->write(_host);
     s->write(_port);
@@ -181,7 +181,7 @@ IceSSL::SslEndpointI::streamWrite(BasicStream* s) const
 }
 
 string
-IceSSL::SslEndpointI::toString() const
+IceSSL::EndpointI::toString() const
 {
     ostringstream s;
     s << "ssl -h " << _host << " -p " << _port;
@@ -197,147 +197,146 @@ IceSSL::SslEndpointI::toString() const
 }
 
 Short
-IceSSL::SslEndpointI::type() const
+IceSSL::EndpointI::type() const
 {
-    return SslEndpointType;
+    return EndpointType;
 }
 
 Int
-IceSSL::SslEndpointI::timeout() const
+IceSSL::EndpointI::timeout() const
 {
     return _timeout;
 }
 
-EndpointIPtr
-IceSSL::SslEndpointI::timeout(Int timeout) const
+IceInternal::EndpointIPtr
+IceSSL::EndpointI::timeout(Int timeout) const
 {
     if(timeout == _timeout)
     {
-	return const_cast<SslEndpointI*>(this);
+	return const_cast<EndpointI*>(this);
     }
     else
     {
-	return new SslEndpointI(_plugin, _host, _port, timeout, _connectionId, _compress, _publish);
+	return new EndpointI(_instance, _host, _port, timeout, _connectionId, _compress, _publish);
     }
 }
 
-EndpointIPtr
-IceSSL::SslEndpointI::connectionId(const string& connectionId) const
+IceInternal::EndpointIPtr
+IceSSL::EndpointI::connectionId(const string& connectionId) const
 {
     if(connectionId == _connectionId)
     {
-	return const_cast<SslEndpointI*>(this);
+	return const_cast<EndpointI*>(this);
     }
     else
     {
-	return new SslEndpointI(_plugin, _host, _port, _timeout, connectionId, _compress, _publish);
+	return new EndpointI(_instance, _host, _port, _timeout, connectionId, _compress, _publish);
     }
 }
 
 bool
-IceSSL::SslEndpointI::compress() const
+IceSSL::EndpointI::compress() const
 {
     return _compress;
 }
 
-EndpointIPtr
-IceSSL::SslEndpointI::compress(bool compress) const
+IceInternal::EndpointIPtr
+IceSSL::EndpointI::compress(bool compress) const
 {
     if(compress == _compress)
     {
-	return const_cast<SslEndpointI*>(this);
+	return const_cast<EndpointI*>(this);
     }
     else
     {
-	return new SslEndpointI(_plugin, _host, _port, _timeout, _connectionId, compress, _publish);
+	return new EndpointI(_instance, _host, _port, _timeout, _connectionId, compress, _publish);
     }
 }
 
 bool
-IceSSL::SslEndpointI::datagram() const
+IceSSL::EndpointI::datagram() const
 {
     return false;
 }
 
 bool
-IceSSL::SslEndpointI::secure() const
+IceSSL::EndpointI::secure() const
 {
     return true;
 }
 
 bool
-IceSSL::SslEndpointI::unknown() const
+IceSSL::EndpointI::unknown() const
 {
     return false;
 }
 
-TransceiverPtr
-IceSSL::SslEndpointI::clientTransceiver() const
+IceInternal::TransceiverPtr
+IceSSL::EndpointI::clientTransceiver() const
 {
     return 0;
 }
 
-TransceiverPtr
-IceSSL::SslEndpointI::serverTransceiver(EndpointIPtr& endp) const
+IceInternal::TransceiverPtr
+IceSSL::EndpointI::serverTransceiver(IceInternal::EndpointIPtr& endp) const
 {
-    endp = const_cast<SslEndpointI*>(this);
+    endp = const_cast<EndpointI*>(this);
     return 0;
 }
 
-ConnectorPtr
-IceSSL::SslEndpointI::connector() const
+IceInternal::ConnectorPtr
+IceSSL::EndpointI::connector() const
 {
-    return new SslConnector(_plugin, _host, _port);
+    return new ConnectorI(_instance, _host, _port);
 }
 
-AcceptorPtr
-IceSSL::SslEndpointI::acceptor(EndpointIPtr& endp) const
+IceInternal::AcceptorPtr
+IceSSL::EndpointI::acceptor(IceInternal::EndpointIPtr& endp) const
 {
-    SslAcceptor* p = new SslAcceptor(_plugin, _host, _port);
-    endp = new SslEndpointI(_plugin, _host, p->effectivePort(), _timeout, _connectionId, _compress, _publish);
+    AcceptorI* p = new AcceptorI(_instance, _host, _port);
+    endp = new EndpointI(_instance, _host, p->effectivePort(), _timeout, _connectionId, _compress, _publish);
     return p;
 }
 
-vector<EndpointIPtr>
-IceSSL::SslEndpointI::expand(bool includeLoopback) const
+vector<IceInternal::EndpointIPtr>
+IceSSL::EndpointI::expand(bool includeLoopback) const
 {
-    vector<EndpointIPtr> endps;
+    vector<IceInternal::EndpointIPtr> endps;
     if(_host == "0.0.0.0")
     {
-        vector<string> hosts = getLocalHosts();
-        for(unsigned int i = 0; i < hosts.size(); ++i)
-        {
+        vector<string> hosts = IceInternal::getLocalHosts();
+	for(unsigned int i = 0; i < hosts.size(); ++i)
+	{
 	    if(includeLoopback || hosts.size() == 1 || hosts[i] != "127.0.0.1")
 	    {
-                endps.push_back(new SslEndpointI(_plugin, hosts[i], _port, _timeout, _connectionId, _compress,
-					         hosts.size() == 1 || hosts[i] != "127.0.0.1"));
+	        endps.push_back(new EndpointI(_instance, hosts[i], _port, _timeout, _connectionId, _compress,
+	    				      hosts.size() == 1 || hosts[i] != "127.0.0.1"));
 	    }
-        }
+	}
     }
     else
     {
-        endps.push_back(const_cast<SslEndpointI*>(this));
+        endps.push_back(const_cast<EndpointI*>(this));
     }
     return endps;
-
 }
 
 bool
-IceSSL::SslEndpointI::publish() const
+IceSSL::EndpointI::publish() const
 {
     return _publish;
 }
 
 bool
-IceSSL::SslEndpointI::equivalent(const TransceiverPtr&) const
+IceSSL::EndpointI::equivalent(const IceInternal::TransceiverPtr&) const
 {
     return false;
 }
 
 bool
-IceSSL::SslEndpointI::equivalent(const AcceptorPtr& acceptor) const
+IceSSL::EndpointI::equivalent(const IceInternal::AcceptorPtr& acceptor) const
 {
-    const SslAcceptor* sslAcceptor = dynamic_cast<const SslAcceptor*>(acceptor.get());
+    const AcceptorI* sslAcceptor = dynamic_cast<const AcceptorI*>(acceptor.get());
     if(!sslAcceptor)
     {
 	return false;
@@ -346,9 +345,9 @@ IceSSL::SslEndpointI::equivalent(const AcceptorPtr& acceptor) const
 }
 
 bool
-IceSSL::SslEndpointI::operator==(const EndpointI& r) const
+IceSSL::EndpointI::operator==(const IceInternal::EndpointI& r) const
 {
-    const SslEndpointI* p = dynamic_cast<const SslEndpointI*>(&r);
+    const EndpointI* p = dynamic_cast<const EndpointI*>(&r);
     if(!p)
     {
 	return false;
@@ -388,30 +387,30 @@ IceSSL::SslEndpointI::operator==(const EndpointI& r) const
 	struct sockaddr_in raddr;
 	try
 	{
-	    getAddress(_host, _port, laddr);
-	    getAddress(p->_host, p->_port, raddr);
+	    IceInternal::getAddress(_host, _port, laddr);
+	    IceInternal::getAddress(p->_host, p->_port, raddr);
 	}
 	catch(const DNSException&)
 	{
 	    return false;
 	}
 
-	return compareAddress(laddr, raddr);
+	return IceInternal::compareAddress(laddr, raddr);
     }
 
     return true;
 }
 
 bool
-IceSSL::SslEndpointI::operator!=(const EndpointI& r) const
+IceSSL::EndpointI::operator!=(const IceInternal::EndpointI& r) const
 {
     return !operator==(r);
 }
 
 bool
-IceSSL::SslEndpointI::operator<(const EndpointI& r) const
+IceSSL::EndpointI::operator<(const IceInternal::EndpointI& r) const
 {
-    const SslEndpointI* p = dynamic_cast<const SslEndpointI*>(&r);
+    const EndpointI* p = dynamic_cast<const EndpointI*>(&r);
     if(!p)
     {
         return type() < r.type();
@@ -466,7 +465,7 @@ IceSSL::SslEndpointI::operator<(const EndpointI& r) const
 	struct sockaddr_in laddr;
 	try
 	{
-	    getAddress(_host, _port, laddr);
+	    IceInternal::getAddress(_host, _port, laddr);
 	}
 	catch(const DNSException&)
 	{
@@ -475,7 +474,7 @@ IceSSL::SslEndpointI::operator<(const EndpointI& r) const
 	struct sockaddr_in raddr;
 	try
 	{
-	    getAddress(p->_host, p->_port, raddr);
+	    IceInternal::getAddress(p->_host, p->_port, raddr);
 	}
 	catch(const DNSException&)
 	{
@@ -494,41 +493,41 @@ IceSSL::SslEndpointI::operator<(const EndpointI& r) const
     return false;
 }
 
-IceSSL::SslEndpointFactory::SslEndpointFactory(const OpenSSLPluginIPtr& plugin)
-    : _plugin(plugin)
+IceSSL::EndpointFactoryI::EndpointFactoryI(const InstancePtr& instance)
+    : _instance(instance)
 {
 }
 
-IceSSL::SslEndpointFactory::~SslEndpointFactory()
+IceSSL::EndpointFactoryI::~EndpointFactoryI()
 {
 }
 
 Short
-IceSSL::SslEndpointFactory::type() const
+IceSSL::EndpointFactoryI::type() const
 {
-    return SslEndpointType;
+    return EndpointType;
 }
 
 string
-IceSSL::SslEndpointFactory::protocol() const
+IceSSL::EndpointFactoryI::protocol() const
 {
     return "ssl";
 }
 
-EndpointIPtr
-IceSSL::SslEndpointFactory::create(const std::string& str) const
+IceInternal::EndpointIPtr
+IceSSL::EndpointFactoryI::create(const std::string& str) const
 {
-    return new SslEndpointI(_plugin, str);
+    return new EndpointI(_instance, str);
 }
 
-EndpointIPtr
-IceSSL::SslEndpointFactory::read(BasicStream* s) const
+IceInternal::EndpointIPtr
+IceSSL::EndpointFactoryI::read(IceInternal::BasicStream* s) const
 {
-    return new SslEndpointI(_plugin, s);
+    return new EndpointI(_instance, s);
 }
 
 void
-IceSSL::SslEndpointFactory::destroy()
+IceSSL::EndpointFactoryI::destroy()
 {
-    _plugin = 0;
+    _instance = 0;
 }
diff --git a/cpp/src/IceSSL/SslEndpointI.h b/cpp/src/IceSSL/EndpointI.h
index d4903bfd9d8..365bdb4d142 100644
--- a/cpp/src/IceSSL/SslEndpointI.h
+++ b/cpp/src/IceSSL/EndpointI.h
@@ -7,33 +7,32 @@
 //
 // **********************************************************************
 
-#ifndef ICE_SSL_ENDPOINT_H
-#define ICE_SSL_ENDPOINT_H
+#ifndef ICE_SSL_ENDPOINT_I_H
+#define ICE_SSL_ENDPOINT_I_H
 
 #include <Ice/EndpointI.h>
 #include <Ice/EndpointFactory.h>
-#include <IceSSL/OpenSSLPluginIF.h>
+#include <InstanceF.h>
 
 namespace IceSSL
 {
 
-const Ice::Short SslEndpointType = 2;
+const Ice::Short EndpointType = 2;
 
-class SslEndpointI : public IceInternal::EndpointI
+class EndpointI : public IceInternal::EndpointI
 {
 public:
 
-    SslEndpointI(const IceSSL::OpenSSLPluginIPtr&, const std::string&, Ice::Int, Ice::Int,
-		 const std::string&, bool, bool);
-    SslEndpointI(const IceSSL::OpenSSLPluginIPtr&, const std::string&);
-    SslEndpointI(const IceSSL::OpenSSLPluginIPtr&, IceInternal::BasicStream*);
+    EndpointI(const InstancePtr&, const std::string&, Ice::Int, Ice::Int, const std::string&, bool, bool);
+    EndpointI(const InstancePtr&, const std::string&);
+    EndpointI(const InstancePtr&, IceInternal::BasicStream*);
 
     virtual void streamWrite(IceInternal::BasicStream*) const;
     virtual std::string toString() const;
     virtual Ice::Short type() const;
     virtual Ice::Int timeout() const;
     virtual IceInternal::EndpointIPtr timeout(Ice::Int) const;
-    virtual IceInternal::EndpointIPtr connectionId(const std::string&) const;
+    virtual IceInternal::EndpointIPtr connectionId(const ::std::string&) const;
     virtual bool compress() const;
     virtual IceInternal::EndpointIPtr compress(bool) const;
     virtual bool datagram() const;
@@ -67,7 +66,7 @@ private:
     //
     // All members are const, because endpoints are immutable.
     //
-    const IceSSL::OpenSSLPluginIPtr _plugin;
+    const InstancePtr _instance;
     const std::string _host;
     const Ice::Int _port;
     const Ice::Int _timeout;
@@ -76,12 +75,11 @@ private:
     const bool _publish;
 };
 
-class SslEndpointFactory : public IceInternal::EndpointFactory
+class EndpointFactoryI : public IceInternal::EndpointFactory
 {
 public:
 
-    SslEndpointFactory(const IceSSL::OpenSSLPluginIPtr&);
-    virtual ~SslEndpointFactory();
+    virtual ~EndpointFactoryI();
 
     virtual Ice::Short type() const;
     virtual std::string protocol() const;
@@ -91,7 +89,10 @@ public:
 
 private:
 
-    IceSSL::OpenSSLPluginIPtr _plugin;
+    EndpointFactoryI(const InstancePtr&);
+    friend class Instance;
+
+    InstancePtr _instance;
 };
 
 }
diff --git a/cpp/src/IceSSL/GeneralConfig.cpp b/cpp/src/IceSSL/GeneralConfig.cpp
deleted file mode 100644
index 80144df87e0..00000000000
--- a/cpp/src/IceSSL/GeneralConfig.cpp
+++ /dev/null
@@ -1,175 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/GeneralConfig.h>
-
-#include <string>
-#include <algorithm>
-
-using namespace std;
-
-IceSSL::GeneralConfig::GeneralConfig()
-{
-    _sslVersion = SSL_V23;
-
-    _verifyMode = SSL_VERIFY_NONE;
-
-    // Unlimited verifcation depth.
-    _verifyDepth = -1;
-
-    _context = "";
-    _cipherList = "";
-    _randomBytesFiles = "";
-}
-
-IceSSL::SslProtocol
-IceSSL::GeneralConfig::getProtocol() const
-{
-    return _sslVersion;
-}
-
-int
-IceSSL::GeneralConfig::getVerifyMode() const
-{
-    return _verifyMode;
-}
-
-int
-IceSSL::GeneralConfig::getVerifyDepth() const
-{
-    return _verifyDepth;
-}
-
-std::string
-IceSSL::GeneralConfig::getContext() const
-{
-    return _context;
-}
-
-std::string
-IceSSL::GeneralConfig::getCipherList() const
-{
-    return _cipherList;
-}
-
-std::string
-IceSSL::GeneralConfig::getRandomBytesFiles() const
-{
-    return _randomBytesFiles;
-}
-
-void
-IceSSL::GeneralConfig::set(const string& name, const string& value)
-{
-    if(name.compare("version") == 0)
-    {
-        parseVersion(value);
-    }
-    else if(name.compare("cipherlist") == 0)
-    {
-        _cipherList = value;
-    }
-    else if(name.compare("context") == 0)
-    {
-        _context = value;
-    }
-    else if(name.compare("verifymode") == 0)
-    {
-        parseVerifyMode(value);
-    }
-    else if(name.compare("verifydepth") == 0)
-    {
-        _verifyDepth = atoi(value.c_str());
-    }
-    else if(name.compare("randombytes") == 0)
-    {
-        _randomBytesFiles = value;
-    }
-    return;
-}
-
-//
-// Protected Methods
-//
-
-void
-IceSSL::GeneralConfig::parseVersion(const string& value)
-{
-    if(value.compare("SSLv23") == 0)
-    {
-        _sslVersion = SSL_V23;
-    }
-    else if(value.compare("SSLv3") == 0)
-    {
-        _sslVersion = SSL_V3;
-    }
-    else if(value.compare("TLSv1") == 0)
-    {
-        _sslVersion = TLS_V1;
-    }
-
-    return;
-}
-
-void
-IceSSL::GeneralConfig::parseVerifyMode(const string& value)
-{
-    const string delim = " |\t\n\r";
-
-    string s(value);
-    transform(s.begin(), s.end(), s.begin(), ::tolower);
-
-    string::size_type beg;
-    string::size_type end = 0;
-
-    while(true)
-    {
-	beg = s.find_first_not_of(delim, end);
-
-        if(beg == string::npos)
-	{
-	    break;
-	}
-	
-	end = s.find_first_of(delim, beg);
-
-        if(end == string::npos)
-	{
-	    end = s.length();
-	}
-
-        string option = s.substr(beg, end - beg);
-
-        if(option.compare("none") == 0)
-        {
-            _verifyMode |= SSL_VERIFY_NONE;
-        }
-        else if(option.compare("peer") == 0)
-        {
-            _verifyMode |= SSL_VERIFY_PEER;
-        }
-        else if(option.compare("fail_no_cert") == 0)
-        {
-            _verifyMode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-        }
-        else if(option.compare("client_once") == 0)
-        {
-            _verifyMode |= SSL_VERIFY_CLIENT_ONCE;
-        }
-    }
-
-    // Both SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE require
-    // that SSL_VERIFY_PEER be set, otherwise it's an error.
-    if((_verifyMode != SSL_VERIFY_NONE) && !(_verifyMode & SSL_VERIFY_PEER))
-    {
-        _verifyMode = SSL_VERIFY_NONE;
-    }
-
-    return;
-}
diff --git a/cpp/src/IceSSL/GeneralConfig.h b/cpp/src/IceSSL/GeneralConfig.h
deleted file mode 100644
index 7d33d79be3d..00000000000
--- a/cpp/src/IceSSL/GeneralConfig.h
+++ /dev/null
@@ -1,65 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_GENERAL_CONFIG_H
-#define ICE_SSL_GENERAL_CONFIG_H
-
-#include <IceSSL/OpenSSL.h>
-
-namespace IceSSL
-{
-
-class GeneralConfig
-{
-public:
-
-    GeneralConfig();
-
-    SslProtocol getProtocol() const;
-    int getVerifyMode() const;
-    int getVerifyDepth() const;
-
-    std::string getContext() const;
-    std::string getCipherList() const;
-    std::string getRandomBytesFiles() const;
-
-    // General method - it will figure out how to properly parse the data.
-    void set(const std::string&, const std::string&);
-
-protected:
-
-    SslProtocol _sslVersion;
-
-    int _verifyMode;
-    int _verifyDepth;
-
-    std::string _context;
-    std::string _cipherList;
-    std::string _randomBytesFiles;
-
-    void parseVersion(const std::string&);
-    void parseVerifyMode(const std::string&);
-};
-
-template<class Stream> inline
-Stream& operator << (Stream& target, const GeneralConfig& generalConfig)
-{
-    target << "Protocol:     " << generalConfig.getProtocol() << "\n";
-    target << "Verify Mode:  " << generalConfig.getVerifyMode() << "\n";
-    target << "Verify Depth: " << generalConfig.getVerifyDepth() << "\n";
-    target << "Context:      " << generalConfig.getContext() << "\n";
-    target << "Cipher List:  " << generalConfig.getCipherList() << "\n";
-    target << "Random Bytes: " << generalConfig.getRandomBytesFiles() << "\n";
-
-    return target;
-}
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/Instance.cpp b/cpp/src/IceSSL/Instance.cpp
new file mode 100644
index 00000000000..015e4b53f57
--- /dev/null
+++ b/cpp/src/IceSSL/Instance.cpp
@@ -0,0 +1,222 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <Instance.h>
+#include <EndpointI.h>
+#include <Ice/Communicator.h>
+#include <Ice/LocalException.h>
+#include <Ice/Logger.h>
+#include <Ice/Properties.h>
+#include <Ice/ProtocolPluginFacade.h>
+
+#include <openssl/err.h>
+
+using namespace std;
+using namespace Ice;
+using namespace IceSSL;
+
+void IceSSL::incRef(Instance* p) { p->__incRef(); }
+void IceSSL::decRef(Instance* p) { p->__decRef(); }
+
+IceSSL::Instance::Instance(const CommunicatorPtr& communicator)
+{
+    __setNoDelete(true);
+
+    PropertiesPtr properties = communicator->getProperties();
+
+    _facade = getProtocolPluginFacade(communicator);
+    _securityTraceLevel = properties->getPropertyAsInt("IceSSL.Trace.Security");
+    _securityTraceCategory = "Security";
+
+    //
+    // Create the client and server contexts. We always create both, even
+    // if only one is used.
+    //
+    // If IceSSL.DelayInit=1, postpone the creation of the contexts until
+    // the application manually initializes the plugin.
+    //
+    if(properties->getPropertyAsInt("IceSSL.DelayInit") == 0)
+    {
+	_clientContext = new ClientContext(this, 0);
+	_serverContext = new ServerContext(this, 0);
+    }
+
+    //
+    // Register the endpoint factory.
+    //
+    _facade->addEndpointFactory(new EndpointFactoryI(this));
+
+    __setNoDelete(false);
+}
+
+void
+IceSSL::Instance::initialize(SSL_CTX* clientContext, SSL_CTX* serverContext)
+{
+    if(_clientContext)
+    {
+	SecurityException ex(__FILE__, __LINE__);
+	ex.reason = "plugin is already initialized";
+	throw ex;
+    }
+    else
+    {
+	_clientContext = new ClientContext(this, clientContext);
+	_serverContext = new ServerContext(this, serverContext);
+    }
+}
+
+void
+IceSSL::Instance::setCertificateVerifier(const CertificateVerifierPtr& verifier)
+{
+    _verifier = verifier;
+}
+
+void
+IceSSL::Instance::setPasswordPrompt(const PasswordPromptPtr& prompt)
+{
+    _prompt = prompt;
+}
+
+CommunicatorPtr
+IceSSL::Instance::communicator() const
+{
+    return _facade->getCommunicator();
+}
+
+string
+IceSSL::Instance::defaultHost() const
+{
+    return _facade->getDefaultHost();
+}
+
+int
+IceSSL::Instance::networkTraceLevel() const
+{
+    return _facade->getNetworkTraceLevel();
+}
+
+string
+IceSSL::Instance::networkTraceCategory() const
+{
+    return _facade->getNetworkTraceCategory();
+}
+
+int
+IceSSL::Instance::securityTraceLevel() const
+{
+    return _securityTraceLevel;
+}
+
+string
+IceSSL::Instance::securityTraceCategory() const
+{
+    return _securityTraceCategory;
+}
+
+ClientContextPtr
+IceSSL::Instance::clientContext() const
+{
+    if(!_clientContext)
+    {
+	PluginInitializationException ex(__FILE__, __LINE__);
+	ex.reason = "IceSSL: plugin is not fully initialized";
+	throw ex;
+    }
+    return _clientContext;
+}
+
+ServerContextPtr
+IceSSL::Instance::serverContext() const
+{
+    if(!_serverContext)
+    {
+	PluginInitializationException ex(__FILE__, __LINE__);
+	ex.reason = "IceSSL: plugin is not fully initialized";
+	throw ex;
+    }
+    return _serverContext;
+}
+
+CertificateVerifierPtr
+IceSSL::Instance::certificateVerifier() const
+{
+    return _verifier;
+}
+
+PasswordPromptPtr
+IceSSL::Instance::passwordPrompt() const
+{
+    return _prompt;
+}
+
+string
+IceSSL::Instance::sslErrors() const
+{
+    ostringstream ostr;
+
+    const unsigned long threadId = CRYPTO_thread_id();
+
+    const char* file;
+    const char* data;
+    int line;
+    int flags;
+    unsigned long err;
+    int count = 0;
+    while((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0)
+    {
+	if(count > 0)
+	{
+	    ostr << endl;
+	}
+
+	if(_securityTraceLevel > 0)
+	{
+	    if(count > 0)
+	    {
+		ostr << endl;
+	    }
+
+	    char buf[200];
+	    ERR_error_string_n(err, buf, sizeof(buf));
+
+	    ostr << "Thread ID: " << threadId << endl;
+	    ostr << "Error #:   " << err << endl;
+	    ostr << "Message:   " << buf << endl;
+	    ostr << "Location:  " << file << ", " << line;
+	    if(flags & ERR_TXT_STRING)
+	    {
+		ostr << endl;
+		ostr << "Data:      " << data;
+	    }
+	}
+	else
+	{
+	    const char* reason = ERR_reason_error_string(err);
+	    ostr << (reason == NULL ? "unknown reason" : reason);
+	    if(flags & ERR_TXT_STRING)
+	    {
+		ostr << ": " << data;
+	    }
+	}
+
+	++count;
+    }
+
+    ERR_clear_error();
+
+    return ostr.str();
+}
+
+void
+IceSSL::Instance::destroy()
+{
+    _facade = 0;
+    _clientContext = 0;
+    _serverContext = 0;
+}
diff --git a/cpp/src/IceSSL/Instance.h b/cpp/src/IceSSL/Instance.h
new file mode 100644
index 00000000000..03b99a3b1e9
--- /dev/null
+++ b/cpp/src/IceSSL/Instance.h
@@ -0,0 +1,62 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_INSTANCE_H
+#define ICE_SSL_INSTANCE_H
+
+#include <InstanceF.h>
+#include <Context.h>
+#include <Ice/CommunicatorF.h>
+#include <Ice/ProtocolPluginFacadeF.h>
+#include <IceSSL/Plugin.h>
+
+namespace IceSSL
+{
+
+class Instance : public IceUtil::Shared
+{
+public:
+
+    Instance(const Ice::CommunicatorPtr&);
+
+    void initialize(SSL_CTX*, SSL_CTX*);
+    void setCertificateVerifier(const CertificateVerifierPtr&);
+    void setPasswordPrompt(const PasswordPromptPtr&);
+
+    Ice::CommunicatorPtr communicator() const;
+    std::string defaultHost() const;
+    int networkTraceLevel() const;
+    std::string networkTraceCategory() const;
+    int securityTraceLevel() const;
+    std::string securityTraceCategory() const;
+
+    ClientContextPtr clientContext() const;
+    ServerContextPtr serverContext() const;
+
+    CertificateVerifierPtr certificateVerifier() const;
+    PasswordPromptPtr passwordPrompt() const;
+
+    std::string sslErrors() const;
+
+    void destroy();
+
+private:
+
+    IceInternal::ProtocolPluginFacadePtr _facade;
+    int _securityTraceLevel;
+    std::string _securityTraceCategory;
+    ClientContextPtr _clientContext;
+    ServerContextPtr _serverContext;
+    CertificateVerifierPtr _verifier;
+    PasswordPromptPtr _prompt;
+};
+
+}
+
+#endif
diff --git a/cpp/src/IceSSL/Convert.h b/cpp/src/IceSSL/InstanceF.h
index 10c55885f31..d6d6dc35879 100644
--- a/cpp/src/IceSSL/Convert.h
+++ b/cpp/src/IceSSL/InstanceF.h
@@ -7,19 +7,19 @@
 //
 // **********************************************************************
 
-#ifndef ICE_SSL_CONVERT_H
-#define ICE_SSL_CONVERT_H
+#ifndef ICE_SSL_INSTANCE_F_H
+#define ICE_SSL_INSTANCE_F_H
 
-#include <Ice/BuiltinSequences.h>
+#include <Ice/Handle.h>
 
 namespace IceSSL
 {
 
-void ucharToByteSeq(unsigned char*, int, Ice::ByteSeq&);
-
-unsigned char* byteSeqToUChar(const Ice::ByteSeq&);
+class Instance;
+void incRef(Instance*);
+void decRef(Instance*);
+typedef IceInternal::Handle<Instance> InstancePtr;
 
 }
 
 #endif
-
diff --git a/cpp/src/IceSSL/Makefile b/cpp/src/IceSSL/Makefile
index 582a5f662ef..f918d2d33ff 100644
--- a/cpp/src/IceSSL/Makefile
+++ b/cpp/src/IceSSL/Makefile
@@ -15,56 +15,24 @@ LIBNAME		= $(call mklibname,IceSSL)
 
 TARGETS		= $(call mklibtargets,$(libdir)/$(LIBFILENAME),$(libdir)/$(SONAME),$(libdir)/$(LIBNAME))
 
-OBJS		= BaseCerts.o \
-                  CertificateAuthority.o \
-                  CertificateDesc.o \
-                  CertificateVerifierF.o \
-                  CertificateVerifier.o \
-                  CertificateVerifierOpenSSL.o \
-                  ClientContext.o \
-                  ConfigParser.o \
-                  Context.o \
-                  Convert.o \
-                  DefaultCertificateVerifier.o \
-                  DHParams.o \
-                  Exception.o \
-                  GeneralConfig.o \
-                  OpenSSLJanitors.o \
-                  OpenSSLPluginI.o \
-                  OpenSSLUtils.o \
-	   	  PluginF.o \
-	  	  Plugin.o \
-                  RSACertificateGen.o \
-                  RSAKeyPair.o \
-                  RSAPrivateKey.o \
-                  RSAPublicKey.o \
-                  ServerContext.o \
-                  SingleCertificateVerifier.o \
-                  SslAcceptor.o \
-                  SslConnector.o \
-                  SslEndpointI.o \
-                  SslException.o \
-		  SslTransceiver.o \
-                  TempCerts.o \
-                  TraceLevels.o
+OBJS		= AcceptorI.o \
+		  Context.o \
+                  ConnectorI.o \
+                  EndpointI.o \
+                  Instance.o \
+                  PluginI.o \
+                  TransceiverI.o \
+                  Util.o
 
 SRCS		= $(OBJS:.o=.cpp)
 
-SLICE_SRCS	= $(SDIR)/Exception.ice \
-		  $(SDIR)/PluginF.ice \
-		  $(SDIR)/Plugin.ice \
-	 	  $(SDIR)/CertificateVerifierF.ice \
-	 	  $(SDIR)/CertificateVerifier.ice
-
 HDIR		= $(includedir)/IceSSL
-SDIR		= $(slicedir)/IceSSL
 
 include $(top_srcdir)/config/Make.rules
 
-CPPFLAGS	:= -I.. $(CPPFLAGS) -DICE_SSL_API_EXPORTS $(OPENSSL_FLAGS)
-SLICE2CPPFLAGS	:= --ice --include-dir IceSSL --dll-export ICE_SSL_API $(SLICE2CPPFLAGS)
+CPPFLAGS	:= -I. -I.. $(CPPFLAGS) -DICE_SSL_API_EXPORTS $(OPENSSL_FLAGS)
 
-LINKWITH        := $(EXPAT_RPATH_LINK) -lIceXML $(BZIP2_RPATH_LINK) -lIce -lIceUtil $(OPENSSL_LIBS) $(CXXLIBS)
+LINKWITH        := $(BZIP2_RPATH_LINK) -lIce -lIceUtil $(OPENSSL_LIBS) $(CXXLIBS)
 
 $(libdir)/$(LIBFILENAME): $(OBJS)
 	rm -f $@
diff --git a/cpp/src/IceSSL/OpenSSL.h b/cpp/src/IceSSL/OpenSSL.h
deleted file mode 100644
index 63fdcc7f448..00000000000
--- a/cpp/src/IceSSL/OpenSSL.h
+++ /dev/null
@@ -1,37 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_OPENSSL_H
-#define ICE_OPENSSL_H
-
-#include <IceUtil/Config.h>
-#include <openssl/ssl.h>
-
-namespace IceSSL
-{
-
-typedef enum
-{
-    NO_SECURITY_TRACE = 0,
-    SECURITY_WARNINGS,
-    SECURITY_PARSE_WARNINGS,
-    SECURITY_PROTOCOL,
-    SECURITY_PROTOCOL_DEBUG
-} SecurityTraceLevel;
-
-enum SslProtocol
-{
-    SSL_V23 = 1,    // Speak SSLv3 and TLSv1
-    SSL_V3,         // Only speak SSLv3
-    TLS_V1          // Only speak TLSv1
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/OpenSSLJanitors.cpp b/cpp/src/IceSSL/OpenSSLJanitors.cpp
deleted file mode 100644
index 7938506d8ce..00000000000
--- a/cpp/src/IceSSL/OpenSSLJanitors.cpp
+++ /dev/null
@@ -1,141 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/OpenSSLJanitors.h>
-
-IceSSL::RSAJanitor::RSAJanitor(RSA* rsa) :
-                            _rsa(rsa)
-{
-    assert(_rsa != 0);
-}
-
-IceSSL::RSAJanitor::~RSAJanitor()
-{
-    if(_rsa)
-    {
-        RSA_free(_rsa);
-    }
-}
-
-void
-IceSSL::RSAJanitor::clear()
-{
-    _rsa = 0;
-}
-
-RSA*
-IceSSL::RSAJanitor::get() const
-{
-    return _rsa;
-}
-
-IceSSL::EVP_PKEYJanitor::EVP_PKEYJanitor(EVP_PKEY* evp_pkey) :
-                                 _evp_pkey(evp_pkey)
-{
-    assert(_evp_pkey != 0);
-}
-
-IceSSL::EVP_PKEYJanitor::~EVP_PKEYJanitor()
-{
-    if(_evp_pkey)
-    {
-        EVP_PKEY_free(_evp_pkey);
-    }
-}
-
-void
-IceSSL::EVP_PKEYJanitor::clear()
-{
-    _evp_pkey = 0;
-}
-
-EVP_PKEY*
-IceSSL::EVP_PKEYJanitor::get() const
-{
-    return _evp_pkey;
-}
-
-IceSSL::X509_REQJanitor::X509_REQJanitor(X509_REQ* x509_req) :
-                                 _x509_req(x509_req)
-{
-    assert(_x509_req != 0);
-}
-
-IceSSL::X509_REQJanitor::~X509_REQJanitor()
-{
-    if(_x509_req)
-    {
-        X509_REQ_free(_x509_req);
-    }
-}
-
-void
-IceSSL::X509_REQJanitor::clear()
-{
-    _x509_req = 0;
-}
-
-X509_REQ*
-IceSSL::X509_REQJanitor::get() const
-{
-    return _x509_req;
-}
-
-IceSSL::X509Janitor::X509Janitor(X509* x509) :
-                             _x509(x509)
-{
-    assert(_x509 != 0);
-}
-
-IceSSL::X509Janitor::~X509Janitor()
-{
-    if(_x509)
-    {
-        X509_free(_x509);
-    }
-}
-
-void
-IceSSL::X509Janitor::clear()
-{
-    _x509 = 0;
-}
-
-X509*
-IceSSL::X509Janitor::get() const
-{
-    return _x509;
-}
-
-IceSSL::BIOJanitor::BIOJanitor(BIO* bio) :
-                            _bio(bio)
-{
-    assert(_bio != 0);
-}
-
-IceSSL::BIOJanitor::~BIOJanitor()
-{
-    if(_bio)
-    {
-        BIO_free(_bio);
-    }
-}
-
-void
-IceSSL::BIOJanitor::clear()
-{
-    _bio = 0;
-}
-
-BIO*
-IceSSL::BIOJanitor::get() const
-{
-    return _bio;
-}
-
diff --git a/cpp/src/IceSSL/OpenSSLJanitors.h b/cpp/src/IceSSL/OpenSSLJanitors.h
deleted file mode 100644
index 4a1e32342b1..00000000000
--- a/cpp/src/IceSSL/OpenSSLJanitors.h
+++ /dev/null
@@ -1,96 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_JANITORS_H
-#define ICE_SSL_JANITORS_H
-
-#include <IceUtil/Config.h>
-#include <openssl/ssl.h>
-
-namespace IceSSL
-{
-
-class RSAJanitor
-{
-public:
-
-    RSAJanitor(RSA*);
-    ~RSAJanitor();
-
-    void clear();
-    RSA* get() const;
-
-private:
-
-    RSA* _rsa;
-};
-
-class EVP_PKEYJanitor
-{
-public:
-
-    EVP_PKEYJanitor(EVP_PKEY*);
-    ~EVP_PKEYJanitor();
-
-    void clear();
-    EVP_PKEY* get() const;
-
-private:
-
-    EVP_PKEY* _evp_pkey;
-};
-
-class X509_REQJanitor
-{
-public:
-
-    X509_REQJanitor(X509_REQ*);
-    ~X509_REQJanitor();
-
-    void clear();
-    X509_REQ* get() const;
-
-private:
-
-    X509_REQ* _x509_req;
-};
-
-class X509Janitor
-{
-public:
-
-    X509Janitor(X509*);
-    ~X509Janitor();
-
-    void clear();
-    X509* get() const;
-
-private:
-
-    X509* _x509;
-};
-
-class BIOJanitor
-{
-public:
-
-    BIOJanitor(BIO*);
-    ~BIOJanitor();
-
-    void clear();
-    BIO* get() const;
-
-private:
-
-    BIO* _bio;
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/OpenSSLPluginI.cpp b/cpp/src/IceSSL/OpenSSLPluginI.cpp
deleted file mode 100644
index 0aa77040dd0..00000000000
--- a/cpp/src/IceSSL/OpenSSLPluginI.cpp
+++ /dev/null
@@ -1,937 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceUtil/DisableWarnings.h>
-
-#include <IceSSL/OpenSSLPluginI.h>
-
-#include <Ice/LoggerUtil.h>
-#include <Ice/Properties.h>
-#include <Ice/ProtocolPluginFacade.h>
-#include <Ice/Communicator.h>
-#include <Ice/LocalException.h>
-
-#include <IceSSL/TraceLevels.h>
-#include <IceSSL/Exception.h>
-#include <IceSSL/ConfigParser.h>
-#include <IceSSL/OpenSSLJanitors.h>
-#include <IceSSL/OpenSSLUtils.h>
-#include <IceSSL/SslTransceiver.h>
-#include <IceSSL/DefaultCertificateVerifier.h>
-#include <IceSSL/SingleCertificateVerifier.h>
-#include <IceSSL/SslEndpointI.h>
-#include <IceSSL/RSAPrivateKey.h>
-#include <IceSSL/DHParams.h>
-
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
-#include <openssl/engine.h>
-#endif
-
-#include <sstream>
-
-#define OPENSSL_THREAD_DEFINES
-#include <openssl/opensslconf.h>
-#if OPENSSL_VERSION_NUMBER < 0x0090700fL || defined(__FreeBSD__)
-#   if !defined(THREADS)
-#      error "Thread support not enabled"
-#   endif
-#else
-#   if !defined(OPENSSL_THREADS)
-#      error "Thread support not enabled"
-#   endif
-#endif
-
-using namespace std;
-using namespace Ice;
-using namespace IceSSL;
-
-void IceInternal::incRef(OpenSSLPluginI* p) { p->__incRef(); }
-void IceInternal::decRef(OpenSSLPluginI* p) { p->__decRef(); }
-
-static IceUtil::StaticMutex staticMutex = ICE_STATIC_MUTEX_INITIALIZER;
-static int instanceCount = 0;
-
-//
-// Plugin factory function
-//
-extern "C"
-{
-
-ICE_SSL_API Ice::Plugin*
-create(const CommunicatorPtr& communicator, const string& name, const StringSeq& args)
-{
-    IceInternal::ProtocolPluginFacadePtr facade = IceInternal::getProtocolPluginFacade(communicator);
-
-    OpenSSLPluginI* plugin = new OpenSSLPluginI(facade);
-    try
-    {
-        plugin->configure();
-
-        //
-        // Install the SSL endpoint factory
-        //
-        IceInternal::EndpointFactoryPtr sslEndpointFactory = new SslEndpointFactory(plugin);
-        facade->addEndpointFactory(sslEndpointFactory);
-    }
-    catch(const Exception& ex)
-    {
-        Ice::PluginPtr ptr = plugin; // Reclaim the plug-in instance
-
-        Error out(communicator->getLogger());
-        out << "exception in IceSSL plug-in:\n" << ex;
-
-        // Can't throw from an extern "C" function
-        return 0;
-    }
-    catch(...)
-    {
-        Ice::PluginPtr ptr = plugin; // Reclaim the plug-in instance
-
-        Error out(communicator->getLogger());
-        out << "unknown exception in IceSSL plug-in";
-
-        // Can't throw from an extern "C" function
-        return 0;
-    }
-
-    return plugin;
-}
-
-}
-
-
-//
-// Thread safety implementation for OpenSSL
-//
-namespace IceSSL
-{
-
-class SslLockKeeper
-{
-public:
-
-    SslLockKeeper();
-    ~SslLockKeeper();
-
-    IceUtil::Mutex sslLocks[CRYPTO_NUM_LOCKS];
-
-};
-
-SslLockKeeper lockKeeper;
-
-}
-
-extern "C"
-{
-    
-static void lockingCallback(int mode, int type, const char *file, int line)
-{
-    if(mode & CRYPTO_LOCK)
-    {
-        lockKeeper.sslLocks[type].lock();
-    }
-    else
-    {
-        lockKeeper.sslLocks[type].unlock();
-    }
-}
-
-static unsigned long
-idFunction()
-{
-#if defined(_WIN32)
-    return static_cast<unsigned long>(GetCurrentThreadId());
-#elif defined(__FreeBSD__) || defined(__APPLE__) || defined(__osf1__)
-    //
-    // On FreeBSD, pthread_t is a pointer to a per-thread structure
-    // 
-    return reinterpret_cast<unsigned long>(pthread_self());
-#elif (defined(__linux) || defined(__sun) || defined(__hpux)) || defined(_AIX)
-    //
-    // On Linux, Solaris, HP-UX and AIX, pthread_t is an integer
-    //
-    return static_cast<unsigned long>(pthread_self());
-#else
-#   error "Unknown platform"
-#endif
-}
-}
-
-IceSSL::SslLockKeeper::SslLockKeeper()
-{
-    CRYPTO_set_id_callback(idFunction);
-    CRYPTO_set_locking_callback(lockingCallback);
-}
-
-IceSSL::SslLockKeeper::~SslLockKeeper()
-{
-    CRYPTO_set_locking_callback(0);
-    CRYPTO_set_id_callback(0);
-}
-
-//
-// Public Methods
-//
-//
-IceSSL::OpenSSLPluginI::OpenSSLPluginI(const IceInternal::ProtocolPluginFacadePtr& protocolPluginFacade) :
-    _protocolPluginFacade(protocolPluginFacade),
-    _traceLevels(new TraceLevels(_protocolPluginFacade)),
-    _properties(_protocolPluginFacade->getCommunicator()->getProperties()),
-    _memDebug(_properties->getPropertyAsIntWithDefault("IceSSL.MemoryDebug", 0)),
-    _serverContext(new TraceLevels(protocolPluginFacade), protocolPluginFacade->getCommunicator()),
-    _clientContext(new TraceLevels(protocolPluginFacade), protocolPluginFacade->getCommunicator()),
-    _randSeeded(0)
-{
-    //
-    // It is possible for multiple instances of OpenSSLPluginI to be created
-    // (one for each communicator). We use a mutex-protected counter to know
-    // when to initialize and clean up OpenSSL.
-    //
-    IceUtil::StaticMutex::Lock sync(staticMutex);
-    if(instanceCount == 0)
-    {
-	if(_memDebug != 0)
-	{
-	    CRYPTO_malloc_debug_init();
-	    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-	    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-	}
-	else
-	{
-	    CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-	}
-
-	SSL_library_init();
-
-	SSL_load_error_strings();
-
-	OpenSSL_add_ssl_algorithms();
-    }
-    ++instanceCount;
-}
-
-IceSSL::OpenSSLPluginI::~OpenSSLPluginI()
-{
-    _serverContext.cleanUp();
-    _clientContext.cleanUp();
-
-    unregisterThreads();
-
-    IceUtil::StaticMutex::Lock sync(staticMutex);
-    if(--instanceCount == 0)
-    {
-#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
-	ENGINE_cleanup();
-	CRYPTO_cleanup_all_ex_data();
-#endif
-
-	// TODO: Introduces a 72byte memory leak, if we kidnap the code from OpenSSL 0.9.7a for
-	//       ENGINE_cleanup(), we can fix that.
-
-	ERR_free_strings();
-	ERR_remove_state(0);
-
-	EVP_cleanup();
-
-	if(_memDebug != 0)
-	{
-	    CRYPTO_mem_leaks_fp(stderr);
-	}
-    }
-}
-
-SslTransceiverPtr
-IceSSL::OpenSSLPluginI::createServerTransceiver(int socket, int timeout)
-{
-    IceUtil::RecMutex::Lock sync(_configMutex);
-
-    // Configure the context if need be.
-    if(!isConfigured(IceSSL::Server))
-    {
-        configure(IceSSL::Server);
-    }
-
-    SslTransceiverPtr transceiver;
-
-    return _serverContext.createTransceiver(socket, this, timeout);
-}
-
-SslTransceiverPtr
-IceSSL::OpenSSLPluginI::createClientTransceiver(int socket, int timeout)
-{
-    IceUtil::RecMutex::Lock sync(_configMutex);
-
-    // Configure the context if need be.
-    if(!isConfigured(IceSSL::Client))
-    {
-        configure(IceSSL::Client);
-    }
-
-    SslTransceiverPtr transceiver;
-
-    return _clientContext.createTransceiver(socket, this, timeout);
-}
-
-bool
-IceSSL::OpenSSLPluginI::isConfigured(ContextType contextType)
-{
-    IceUtil::RecMutex::Lock sync(_configMutex);
-
-    bool retCode = false;
-
-    switch(contextType)
-    {
-        case Client :
-        {
-            retCode = _clientContext.isConfigured();
-            break;
-        }
-
-        case Server :
-        {
-            retCode = _serverContext.isConfigured();
-            break;
-        }
-
-        case ClientServer :
-        {
-            retCode = _clientContext.isConfigured() && _serverContext.isConfigured();
-            break;
-        }
-    }
-
-    return retCode;
-}
-
-void
-IceSSL::OpenSSLPluginI::configure()
-{
-    string clientConfigFile = _properties->getProperty("IceSSL.Client.Config");
-    string serverConfigFile = _properties->getProperty("IceSSL.Server.Config");
-    
-    bool clientConfig = (clientConfigFile.empty() ? false : true);
-    bool serverConfig = (serverConfigFile.empty() ? false : true);
-
-    if(clientConfig && serverConfig)
-    {
-        configure(ClientServer);
-    }
-    else if(clientConfig)
-    {
-        configure(Client);
-    }
-    else if(serverConfig)
-    {
-        configure(Server);
-    }
-}
-
-void
-IceSSL::OpenSSLPluginI::configure(ContextType contextType)
-{
-    IceUtil::RecMutex::Lock sync(_configMutex);
-
-    switch(contextType)
-    {
-        case Client :
-        {
-            string configFile = _properties->getProperty("IceSSL.Client.Config");
-            string certPath   = _properties->getProperty("IceSSL.Client.CertPath");
-            loadConfig(Client, configFile, certPath);
-            break;
-        }
-
-        case Server :
-        {
-            string configFile = _properties->getProperty("IceSSL.Server.Config");
-            string certPath   = _properties->getProperty("IceSSL.Server.CertPath");
-            loadConfig(Server, configFile, certPath);
-            break;
-        }
-
-        case ClientServer :
-        {
-            string clientConfigFile = _properties->getProperty("IceSSL.Client.Config");
-            string clientCertPath   = _properties->getProperty("IceSSL.Client.CertPath");
-            string serverConfigFile = _properties->getProperty("IceSSL.Server.Config");
-            string serverCertPath   = _properties->getProperty("IceSSL.Server.CertPath");
-
-            // Short cut, so that we only have to load the file once.
-            if((clientConfigFile == serverConfigFile) && (clientCertPath == serverCertPath))
-            {
-                loadConfig(ClientServer, clientConfigFile, clientCertPath);
-            }
-            else
-            {
-                loadConfig(Client, clientConfigFile, clientCertPath);
-                loadConfig(Server, serverConfigFile, serverCertPath);
-            }
-            break;
-        }
-    }
-}
-
-void
-IceSSL::OpenSSLPluginI::loadConfig(ContextType contextType,
-				   const string& configFile,
-				   const string& certPath)
-{
-    if(configFile.empty())
-    {
-        ConfigurationLoadingException configEx(__FILE__, __LINE__);
-
-        string contextString;
-
-        switch(contextType)
-        {
-            case Client :
-            {
-                contextString = "client";
-                break;
-            }
-
-            case Server :
-            {
-                contextString = "server";
-                break;
-            }
-
-            case ClientServer :
-            {
-                contextString = "client/server";
-                break;
-            }
-        }
-
-        configEx.message = "no ssl configuration file specified for ";
-        configEx.message += contextString;
-
-        throw configEx;
-    }
-
-    ConfigParser sslConfig(configFile, certPath, _traceLevels, getLogger());
-
-    // Actually parse the file now.
-    sslConfig.process();
-
-    if((contextType == Client || contextType == ClientServer))
-    {
-        GeneralConfig clientGeneral;
-        CertificateAuthority clientCertAuth;
-        BaseCertificates clientBaseCerts;
-
-        // Walk the parse tree, get the Client configuration.
-        if(sslConfig.loadClientConfig(clientGeneral, clientCertAuth, clientBaseCerts))
-        {
-            initRandSystem(clientGeneral.getRandomBytesFiles());
-
-            _clientContext.configure(clientGeneral, clientCertAuth, clientBaseCerts);
-        }
-    }
-
-    if((contextType == Server || contextType == ClientServer))
-    {
-        GeneralConfig serverGeneral;
-        CertificateAuthority serverCertAuth;
-        BaseCertificates serverBaseCerts;
-        TempCertificates serverTempCerts;
-
-        // Walk the parse tree, get the Server configuration.
-        if(sslConfig.loadServerConfig(serverGeneral, serverCertAuth, serverBaseCerts, serverTempCerts))
-        {
-            initRandSystem(serverGeneral.getRandomBytesFiles());
-
-            loadTempCerts(serverTempCerts);
-
-            _serverContext.configure(serverGeneral, serverCertAuth, serverBaseCerts);
-
-            if(_traceLevels->security >= SECURITY_PROTOCOL)
-            {
-                Trace out(getLogger(), _traceLevels->securityCat);
-
-                out << "temporary certificates (server)\n";
-                out << "-------------------------------\n";
-                out << serverTempCerts << "\n";
-            }
-        }
-    }
-}
-
-RSA*
-IceSSL::OpenSSLPluginI::getRSAKey(int isExport, int keyLength)
-{
-    IceUtil::Mutex::Lock sync(_tempRSAKeysMutex);
-
-    RSA* rsa_tmp = 0;
-
-    RSAMap::iterator retVal = _tempRSAKeys.find(keyLength);
-
-    // Does the key already exist?
-    if(retVal != _tempRSAKeys.end())
-    {
-        // Yes!  Use it.
-        rsa_tmp = (*retVal).second->get();
-
-        assert(rsa_tmp != 0);
-    }
-    else
-    {
-        const RSACertMap::iterator& it = _tempRSAFileMap.find(keyLength);
-
-        // First we try to load a private and public key from specified files
-        if(it != _tempRSAFileMap.end())
-        {
-            CertificateDesc& rsaKeyCert = (*it).second;
-
-            const string& privKeyFile = rsaKeyCert.getPrivate().getFileName();
-            const string& pubCertFile = rsaKeyCert.getPublic().getFileName();
-
-            RSA* rsaCert = 0;
-            RSA* rsaKey = 0;
-            BIO* bio = 0;
-
-            if((bio = BIO_new_file(pubCertFile.c_str(), "r")) != 0)
-            {
-                BIOJanitor bioJanitor(bio);
-
-                rsaCert = PEM_read_bio_RSAPublicKey(bio, 0, 0, 0);
-            }
-
-            if(rsaCert != 0)
-            {
-                if((bio = BIO_new_file(privKeyFile.c_str(), "r")) != 0)
-                {
-                    BIOJanitor bioJanitor(bio);
-
-                    rsaKey = PEM_read_bio_RSAPrivateKey(bio, &rsaCert, 0, 0);
-                }
-            }
-
-            // Now, if all was well, the Certificate and Key should both be loaded into
-            // rsaCert. We check to ensure that both are not 0, because if either are,
-            // one of the reads failed.
-
-            if((rsaCert != 0) && (rsaKey != 0))
-            {
-                rsa_tmp = rsaCert;
-            }
-            else
-            {
-                if(rsaCert != 0)
-                {
-                    RSA_free(rsaCert);
-                    rsaCert = 0;
-                }
-            }
-        }
-
-        // Couldn't load file, last ditch effort - generate a key on the fly.
-        if(rsa_tmp == 0)
-        {
-            rsa_tmp = RSA_generate_key(keyLength, RSA_F4, 0, 0);
-        }
-
-        // Save in our temporary key cache.
-        if(rsa_tmp != 0)
-        {
-            _tempRSAKeys[keyLength] = new RSAPrivateKey(rsa_tmp);
-        }
-        else if(_traceLevels->security >= SECURITY_WARNINGS)
-        {
-            Trace out(getLogger(), _traceLevels->securityCat);
-            out << "WRN Unable to obtain a " << dec << keyLength << "-bit RSA key.\n";
-        }
-    }
-
-    return rsa_tmp;
-}
-
-DH*
-IceSSL::OpenSSLPluginI::getDHParams(int isExport, int keyLength)
-{
-    IceUtil::Mutex::Lock sync(_tempDHKeysMutex);
-
-    DH* dh_tmp = 0;
-
-    const DHMap::iterator& retVal = _tempDHKeys.find(keyLength);
-
-    // Does the key already exist?
-    if(retVal != _tempDHKeys.end())
-    {
-        // Yes!  Use it.
-        dh_tmp = (*retVal).second->get();
-    }
-    else
-    {
-        const DHParamsMap::iterator& it = _tempDHParamsFileMap.find(keyLength);
-
-        // First we try to load params from specified files
-        if(it != _tempDHParamsFileMap.end())
-        {
-            DiffieHellmanParamsFile& dhParamsFile = (*it).second;
-
-            string dhFile = dhParamsFile.getFileName();
-
-            dh_tmp = loadDHParam(dhFile.c_str());
-        }
-
-        // If that doesn't work, use a compiled-in group.
-        if(dh_tmp == 0)
-        {
-            switch(keyLength)
-            {
-                case 512 :
-                {
-                    dh_tmp = getTempDH512();
-                    break;
-                }
-        
-                case 1024 :
-                {
-                    dh_tmp = getTempDH1024();
-                    break;
-                }
-
-                case 2048 :
-                {
-                    dh_tmp = getTempDH2048();
-                    break;
-                }
-
-                case 4096 :
-                {
-                    dh_tmp = getTempDH4096();
-                    break;
-                }
-            }
-        }
-
-        if(dh_tmp != 0)
-        {
-            // Cache the dh params for quick lookup - no
-            // extra processing required then.
-            _tempDHKeys[keyLength] = new DHParams(dh_tmp);
-        }
-        else if(_traceLevels->security >= SECURITY_WARNINGS)
-        {
-            Trace out(getLogger(), _traceLevels->securityCat);
-            out << "WRN Unable to obtain a " << dec << keyLength << "-bit Diffie-Hellman parameter group.\n";
-        }
-    }
-
-    return dh_tmp;
-}
-
-void
-IceSSL::OpenSSLPluginI::setCertificateVerifier(ContextType contextType,
-                                               const CertificateVerifierPtr& verifier)
-{
-    IceUtil::RecMutex::Lock sync(_configMutex);
-
-    IceSSL::CertificateVerifierOpenSSLPtr castVerifier;
-    castVerifier = CertificateVerifierOpenSSLPtr::dynamicCast(verifier);
-
-    if(!castVerifier.get())
-    {
-        CertificateVerifierTypeException cvtEx(__FILE__, __LINE__);
-        throw cvtEx;
-    }
-
-    castVerifier->setContext(contextType);
-
-    if(contextType == Client || contextType == ClientServer)
-    {
-        _clientContext.setCertificateVerifier(castVerifier);
-    }
-
-    if(contextType == Server || contextType == ClientServer)
-    {
-        _serverContext.setCertificateVerifier(castVerifier);
-    }
-}
-
-void
-IceSSL::OpenSSLPluginI::addTrustedCertificateBase64(ContextType contextType, const string& certString)
-{
-    IceUtil::RecMutex::Lock sync(_configMutex);
-
-    if(contextType == Client || contextType == ClientServer)
-    {
-        _clientContext.addTrustedCertificateBase64(certString);
-    }
-
-    if(contextType == Server || contextType == ClientServer)
-    {
-        _serverContext.addTrustedCertificateBase64(certString);
-    }
-}
-
-void
-IceSSL::OpenSSLPluginI::addTrustedCertificate(ContextType contextType, const Ice::ByteSeq& certSeq)
-{
-    IceUtil::RecMutex::Lock sync(_configMutex);
-
-    if(contextType == Client || contextType == ClientServer)
-    {
-        _clientContext.addTrustedCertificate(certSeq);
-    }
-
-    if(contextType == Server || contextType == ClientServer)
-    {
-        _serverContext.addTrustedCertificate(certSeq);
-    }
-}
-
-void
-IceSSL::OpenSSLPluginI::setRSAKeysBase64(ContextType contextType, const string& privateKey, const string& publicKey)
-{
-    IceUtil::RecMutex::Lock sync(_configMutex);
-
-    if(contextType == Client || contextType == ClientServer)
-    {
-        _clientContext.setRSAKeysBase64(privateKey, publicKey);
-    }
-
-    if(contextType == Server || contextType == ClientServer)
-    {
-        _serverContext.setRSAKeysBase64(privateKey, publicKey);
-    }
-}
-
-void
-IceSSL::OpenSSLPluginI::setRSAKeys(ContextType contextType,
-				   const ByteSeq& privateKey,
-				   const ByteSeq& publicKey)
-{
-    IceUtil::RecMutex::Lock sync(_configMutex);
-
-    if(contextType == Client || contextType == ClientServer)
-    {
-        _clientContext.setRSAKeys(privateKey, publicKey);
-    }
-
-    if(contextType == Server || contextType == ClientServer)
-    {
-        _serverContext.setRSAKeys(privateKey, publicKey);
-    }
-}
-
-CertificateVerifierPtr
-IceSSL::OpenSSLPluginI::getDefaultCertVerifier()
-{
-    return new DefaultCertificateVerifier(getTraceLevels(), _protocolPluginFacade->getCommunicator());
-}
-
-CertificateVerifierPtr
-IceSSL::OpenSSLPluginI::getSingleCertVerifier(const ByteSeq& certSeq)
-{
-    return new SingleCertificateVerifier(certSeq);
-}
-
-void
-IceSSL::OpenSSLPluginI::destroy()
-{
-}
-
-TraceLevelsPtr
-IceSSL::OpenSSLPluginI::getTraceLevels() const
-{
-    return _traceLevels;
-}
-
-LoggerPtr
-IceSSL::OpenSSLPluginI::getLogger() const
-{
-    //
-    // Don't cache the logger object. It might not be set on the
-    // communicator when the plug-in is initialized.
-    //
-    return _protocolPluginFacade->getCommunicator()->getLogger();
-}
-
-StatsPtr
-IceSSL::OpenSSLPluginI::getStats() const
-{
-    //
-    // Don't cache the stats object. It might not be set on the
-    // communicator when the plug-in is initialized.
-    //
-    try
-    {
-	return _protocolPluginFacade->getCommunicator()->getStats();
-    }
-    catch(const CommunicatorDestroyedException&)
-    {
-	return 0;
-    }
-}
-
-PropertiesPtr
-IceSSL::OpenSSLPluginI::getProperties() const
-{
-    return _properties;
-}
-
-IceInternal::ProtocolPluginFacadePtr
-IceSSL::OpenSSLPluginI::getProtocolPluginFacade() const
-{
-    return _protocolPluginFacade;
-}
-
-//
-// Private
-//
-
-int
-IceSSL::OpenSSLPluginI::seedRand()
-{
-#ifdef WINDOWS
-    RAND_screen();
-#endif
-
-    char buffer[1024];
-    const char* file = RAND_file_name(buffer, sizeof(buffer));
-
-    if(file == 0)
-    {
-        return 0;
-    }
-    
-    return RAND_load_file(file, -1);
-}
-
-long
-IceSSL::OpenSSLPluginI::loadRandFiles(const string& names)
-{
-    if(!names.empty())
-    {
-        return 0;
-    }
-
-    long tot = 0;
-    int egd;
-
-    // Make a modifiable copy of the string.
-    char* namesString = new char[names.length() + 1];
-    assert(namesString != 0);
-
-    strcpy(namesString, names.c_str());
-
-#ifdef _WIN32
-    const char* seps = ";";
-#else
-    const char* seps = ":";
-#endif
-
-    char* token = strtok(namesString, seps);
-
-    while(token != 0)
-    {
-        egd = RAND_egd(token);
-
-        if(egd > 0)
-        {
-            tot += egd;
-        }
-        else
-        {
-            tot += RAND_load_file(token, -1);
-        }
-
-        token = strtok(0, seps);
-    }
-
-    if(tot > 512)
-    {
-        _randSeeded = 1;
-    }
-
-    delete []namesString;
-
-    return tot;
-}
-
-void
-IceSSL::OpenSSLPluginI::initRandSystem(const string& randBytesFiles)
-{
-    if(_randSeeded)
-    {
-        return;
-    }
-
-    long randBytesLoaded = seedRand();
-
-    if(!randBytesFiles.empty())
-    {
-        randBytesLoaded += loadRandFiles(randBytesFiles);
-    }
-
-    if(!randBytesLoaded && !RAND_status() && (_traceLevels->security >= SECURITY_WARNINGS))
-    {
-        // In this case, there are two options open to us - specify a random data file using the
-        // RANDFILE environment variable, or specify additional random data files in the
-        // SSL configuration file.
-        Trace out(getLogger(), _traceLevels->securityCat);
-        out << "WRN there is a lack of random data, consider specifying additional random data files";
-    }
-
-    _randSeeded = (randBytesLoaded > 0 ? 1 : 0);
-}
-
-void
-IceSSL::OpenSSLPluginI::loadTempCerts(TempCertificates& tempCerts)
-{
-    RSAVector::iterator iRSA = tempCerts.getRSACerts().begin();
-    RSAVector::iterator eRSA = tempCerts.getRSACerts().end();
-
-    while(iRSA != eRSA)
-    {
-        _tempRSAFileMap[(*iRSA).getKeySize()] = *iRSA;
-        iRSA++;
-    }
-
-    DHVector::iterator iDHP = tempCerts.getDHParams().begin();
-    DHVector::iterator eDHP = tempCerts.getDHParams().end();
-
-    while(iDHP != eDHP)
-    {
-        _tempDHParamsFileMap[(*iDHP).getKeySize()] = *iDHP;
-        iDHP++;
-    }
-}
-
-//
-// Note: These two methods are used to remember each thread that uses the IceSSL plugin,
-//       and then clean up the thread-specific error queue on plugin shutdown.
-//
-
-void
-IceSSL::OpenSSLPluginI::registerThread()
-{
-    unsigned long threadID = idFunction();
-
-    IceUtil::Mutex::Lock sync(_threadIdCacheMutex);
-
-    if(find(_threadIdCache.begin(), _threadIdCache.end(), threadID) == _threadIdCache.end())
-    {
-        _threadIdCache.push_back(threadID);
-    }
-}
-
-void
-IceSSL::OpenSSLPluginI::unregisterThreads()
-{
-    IceUtil::Mutex::Lock sync(_threadIdCacheMutex);
-
-    for_each(_threadIdCache.begin(), _threadIdCache.end(), ERR_remove_state);
-}
-
diff --git a/cpp/src/IceSSL/OpenSSLPluginI.h b/cpp/src/IceSSL/OpenSSLPluginI.h
deleted file mode 100644
index 57f2c91c1f4..00000000000
--- a/cpp/src/IceSSL/OpenSSLPluginI.h
+++ /dev/null
@@ -1,140 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_OPENSSL_PLUGIN_I_H
-#define ICE_SSL_OPENSSL_PLUGIN_I_H
-
-#include <IceUtil/RecMutex.h>
-
-#include <Ice/LoggerF.h>
-#include <Ice/StatsF.h>
-#include <Ice/PropertiesF.h>
-#include <Ice/ProtocolPluginFacadeF.h>
-
-#include <IceSSL/OpenSSLPluginIF.h>
-#include <IceSSL/CertificateVerifierF.h>
-#include <IceSSL/TraceLevelsF.h>
-#include <IceSSL/SslTransceiverF.h>
-#include <IceSSL/RSAPrivateKeyF.h>
-
-#include <IceSSL/Plugin.h>
-#include <IceSSL/CertificateDesc.h>
-#include <IceSSL/CertificateAuthority.h>
-#include <IceSSL/BaseCerts.h>
-#include <IceSSL/TempCerts.h>
-#include <IceSSL/ServerContext.h>
-#include <IceSSL/ClientContext.h>
-#include <IceSSL/DHParamsF.h>
-
-#include <openssl/ssl.h>
-
-namespace IceSSL
-{
-
-typedef std::map<int,RSAPrivateKeyPtr> RSAMap;
-typedef std::map<int,DHParamsPtr> DHMap;
-
-typedef std::map<int,CertificateDesc> RSACertMap;
-typedef std::map<int,DiffieHellmanParamsFile> DHParamsMap;
-
-class OpenSSLPluginI : public Plugin
-{
-public:
-
-    OpenSSLPluginI(const IceInternal::ProtocolPluginFacadePtr&);
-    virtual ~OpenSSLPluginI();
-
-    SslTransceiverPtr createServerTransceiver(int, int);
-    SslTransceiverPtr createClientTransceiver(int, int);
-
-    virtual bool isConfigured(ContextType);
-    virtual void configure();
-    virtual void configure(ContextType);
-    virtual void loadConfig(ContextType, const ::std::string&, const ::std::string&);
-
-    // Returns the desired RSA Key, or creates it if not already created.
-    // This is public because the tmpRSACallback must be able to access it.
-    RSA* getRSAKey(int, int);
-
-    // Returns the desired DH Params. If the Params do not already exist, and the key
-    // requested is a 512bit or 1024bit key, we use the compiled-in temporary params.
-    // If the key is some other length, we read the desired key, based on length,
-    // from a DH Param file. 
-    // This is public because the tmpDHCallback must be able to access it.
-    DH* getDHParams(int, int);
-
-    virtual void setCertificateVerifier(ContextType, const CertificateVerifierPtr&);
-    virtual void addTrustedCertificateBase64(ContextType, const std::string&);
-    virtual void addTrustedCertificate(ContextType, const Ice::ByteSeq&);
-    virtual void setRSAKeysBase64(ContextType, const std::string&, const std::string&);
-    virtual void setRSAKeys(ContextType, const ::Ice::ByteSeq&, const ::Ice::ByteSeq&);
-
-    virtual IceSSL::CertificateVerifierPtr getDefaultCertVerifier();
-    virtual IceSSL::CertificateVerifierPtr getSingleCertVerifier(const Ice::ByteSeq&);
-    virtual void destroy();
-
-    TraceLevelsPtr getTraceLevels() const;
-    Ice::LoggerPtr getLogger() const;
-    Ice::StatsPtr getStats() const;
-    Ice::PropertiesPtr getProperties() const;
-    IceInternal::ProtocolPluginFacadePtr getProtocolPluginFacade() const;
-
-private:
-
-    const IceInternal::ProtocolPluginFacadePtr _protocolPluginFacade;
-    const TraceLevelsPtr _traceLevels;
-    const Ice::PropertiesPtr _properties;
-    const int _memDebug;
-
-    IceSSL::ServerContext _serverContext;
-    IceSSL::ClientContext _clientContext;
-    
-    // Mutex to ensure synchronization of calls to configure
-    // the contexts and calls to create connections.
-    IceUtil::RecMutex _configMutex;
-
-    // Keep a cache of all temporary RSA keys.
-    RSAMap _tempRSAKeys;
-    IceUtil::Mutex _tempRSAKeysMutex;
-
-    // Keep a cache of all temporary Diffie-Hellman keys.
-    DHMap _tempDHKeys;
-    IceUtil::Mutex _tempDHKeysMutex;
-
-    // Maps of all temporary keying information.
-    // The files themselves will not be loaded until
-    // needed.
-    RSACertMap _tempRSAFileMap;
-    DHParamsMap _tempDHParamsFileMap;
-
-    // Flag as to whether the Random Number system has been seeded.
-    int _randSeeded;
-
-    // Cryptographic Random Number System related routines.
-    int seedRand();
-    long loadRandFiles(const std::string&);
-    void initRandSystem(const std::string&);
-
-    // Load the temporary (ephemeral) certificates for Server operations.
-    void loadTempCerts(TempCertificates&);
-
-    friend class SslTransceiver;
-    friend class SslClientTransceiver;
-    friend class SslServerTransceiver;
-
-    IceUtil::Mutex _threadIdCacheMutex;
-    std::vector<unsigned long> _threadIdCache;
-
-    void registerThread();
-    void unregisterThreads();
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/OpenSSLPluginIF.h b/cpp/src/IceSSL/OpenSSLPluginIF.h
deleted file mode 100644
index de7212ea018..00000000000
--- a/cpp/src/IceSSL/OpenSSLPluginIF.h
+++ /dev/null
@@ -1,31 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_OPENSSL_PLUGIN_I_F_H
-#define ICE_SSL_OPENSSL_PLUGIN_I_F_H
-
-#include <Ice/Handle.h>
-
-namespace IceSSL
-{
-
-class OpenSSLPluginI;
-typedef IceInternal::Handle<OpenSSLPluginI> OpenSSLPluginIPtr;
-
-}
-
-namespace IceInternal
-{
-
-void incRef(IceSSL::OpenSSLPluginI*);
-void decRef(IceSSL::OpenSSLPluginI*);
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/OpenSSLUtils.cpp b/cpp/src/IceSSL/OpenSSLUtils.cpp
deleted file mode 100644
index 52c0154ba62..00000000000
--- a/cpp/src/IceSSL/OpenSSLUtils.cpp
+++ /dev/null
@@ -1,519 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceUtil/DisableWarnings.h>
-#include <IceUtil/StaticMutex.h>
-#include <IceSSL/OpenSSLPluginI.h>
-#include <IceSSL/OpenSSLUtils.h>
-#include <IceSSL/SslTransceiver.h>
-
-#include <openssl/err.h>
-
-using namespace std;
-
-// The following arrays are compiled-in diffie hellman group parameters.
-// These are used when OpenSSL opts to use ephemeral diffie-hellman keys
-// and no group parameters have been supplied in the SSL configuration
-// files.  These are known strong primes, distributed with the OpenSSL
-// library in the files dh512.pem, dh1024.pem, dh2048.pem and dh4096.pem.
-// They are not keys themselves, but the basis for generating DH keys
-// on the fly.
-
-static unsigned char dh512_p[] =
-{
-    0xF5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
-    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
-    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
-    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
-    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
-    0xE9,0x2A,0x05,0x5F,
-};
-
-static unsigned char dh512_g[] = { 0x02, };
-
-static unsigned char dh1024_p[] =
-{
-    0xF4,0x88,0xFD,0x58,0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,
-    0x91,0x07,0x36,0x6B,0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,
-    0x88,0xB3,0x1C,0x7C,0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,
-    0x43,0xF0,0xA5,0x5B,0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,
-    0x38,0xD3,0x34,0xFD,0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,
-    0xDE,0x33,0x21,0x2C,0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,
-    0x18,0x11,0x8D,0x7C,0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,
-    0x19,0xC8,0x07,0x29,0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,
-    0xD0,0x0A,0x50,0x9B,0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,
-    0x41,0x9F,0x9C,0x7C,0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,
-    0xA2,0x5E,0xC3,0x55,0xE9,0x2F,0x78,0xC7,
-};
-
-static unsigned char dh1024_g[] = { 0x02, };
-
-static unsigned char dh2048_p[] =
-{
-    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
-    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
-    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
-    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
-    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
-    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
-    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
-    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
-    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
-    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
-    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
-    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
-    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
-    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
-    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
-    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
-    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
-    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
-    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
-    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
-    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
-    0xE9,0x32,0x0B,0x3B,
-};
-
-static unsigned char dh2048_g[] = { 0x02, };
-
-static unsigned char dh4096_p[] =
-{
-    0xFA,0x14,0x72,0x52,0xC1,0x4D,0xE1,0x5A,0x49,0xD4,0xEF,0x09,
-    0x2D,0xC0,0xA8,0xFD,0x55,0xAB,0xD7,0xD9,0x37,0x04,0x28,0x09,
-    0xE2,0xE9,0x3E,0x77,0xE2,0xA1,0x7A,0x18,0xDD,0x46,0xA3,0x43,
-    0x37,0x23,0x90,0x97,0xF3,0x0E,0xC9,0x03,0x50,0x7D,0x65,0xCF,
-    0x78,0x62,0xA6,0x3A,0x62,0x22,0x83,0xA1,0x2F,0xFE,0x79,0xBA,
-    0x35,0xFF,0x59,0xD8,0x1D,0x61,0xDD,0x1E,0x21,0x13,0x17,0xFE,
-    0xCD,0x38,0x87,0x9E,0xF5,0x4F,0x79,0x10,0x61,0x8D,0xD4,0x22,
-    0xF3,0x5A,0xED,0x5D,0xEA,0x21,0xE9,0x33,0x6B,0x48,0x12,0x0A,
-    0x20,0x77,0xD4,0x25,0x60,0x61,0xDE,0xF6,0xB4,0x4F,0x1C,0x63,
-    0x40,0x8B,0x3A,0x21,0x93,0x8B,0x79,0x53,0x51,0x2C,0xCA,0xB3,
-    0x7B,0x29,0x56,0xA8,0xC7,0xF8,0xF4,0x7B,0x08,0x5E,0xA6,0xDC,
-    0xA2,0x45,0x12,0x56,0xDD,0x41,0x92,0xF2,0xDD,0x5B,0x8F,0x23,
-    0xF0,0xF3,0xEF,0xE4,0x3B,0x0A,0x44,0xDD,0xED,0x96,0x84,0xF1,
-    0xA8,0x32,0x46,0xA3,0xDB,0x4A,0xBE,0x3D,0x45,0xBA,0x4E,0xF8,
-    0x03,0xE5,0xDD,0x6B,0x59,0x0D,0x84,0x1E,0xCA,0x16,0x5A,0x8C,
-    0xC8,0xDF,0x7C,0x54,0x44,0xC4,0x27,0xA7,0x3B,0x2A,0x97,0xCE,
-    0xA3,0x7D,0x26,0x9C,0xAD,0xF4,0xC2,0xAC,0x37,0x4B,0xC3,0xAD,
-    0x68,0x84,0x7F,0x99,0xA6,0x17,0xEF,0x6B,0x46,0x3A,0x7A,0x36,
-    0x7A,0x11,0x43,0x92,0xAD,0xE9,0x9C,0xFB,0x44,0x6C,0x3D,0x82,
-    0x49,0xCC,0x5C,0x6A,0x52,0x42,0xF8,0x42,0xFB,0x44,0xF9,0x39,
-    0x73,0xFB,0x60,0x79,0x3B,0xC2,0x9E,0x0B,0xDC,0xD4,0xA6,0x67,
-    0xF7,0x66,0x3F,0xFC,0x42,0x3B,0x1B,0xDB,0x4F,0x66,0xDC,0xA5,
-    0x8F,0x66,0xF9,0xEA,0xC1,0xED,0x31,0xFB,0x48,0xA1,0x82,0x7D,
-    0xF8,0xE0,0xCC,0xB1,0xC7,0x03,0xE4,0xF8,0xB3,0xFE,0xB7,0xA3,
-    0x13,0x73,0xA6,0x7B,0xC1,0x0E,0x39,0xC7,0x94,0x48,0x26,0x00,
-    0x85,0x79,0xFC,0x6F,0x7A,0xAF,0xC5,0x52,0x35,0x75,0xD7,0x75,
-    0xA4,0x40,0xFA,0x14,0x74,0x61,0x16,0xF2,0xEB,0x67,0x11,0x6F,
-    0x04,0x43,0x3D,0x11,0x14,0x4C,0xA7,0x94,0x2A,0x39,0xA1,0xC9,
-    0x90,0xCF,0x83,0xC6,0xFF,0x02,0x8F,0xA3,0x2A,0xAC,0x26,0xDF,
-    0x0B,0x8B,0xBE,0x64,0x4A,0xF1,0xA1,0xDC,0xEE,0xBA,0xC8,0x03,
-    0x82,0xF6,0x62,0x2C,0x5D,0xB6,0xBB,0x13,0x19,0x6E,0x86,0xC5,
-    0x5B,0x2B,0x5E,0x3A,0xF3,0xB3,0x28,0x6B,0x70,0x71,0x3A,0x8E,
-    0xFF,0x5C,0x15,0xE6,0x02,0xA4,0xCE,0xED,0x59,0x56,0xCC,0x15,
-    0x51,0x07,0x79,0x1A,0x0F,0x25,0x26,0x27,0x30,0xA9,0x15,0xB2,
-    0xC8,0xD4,0x5C,0xCC,0x30,0xE8,0x1B,0xD8,0xD5,0x0F,0x19,0xA8,
-    0x80,0xA4,0xC7,0x01,0xAA,0x8B,0xBA,0x53,0xBB,0x47,0xC2,0x1F,
-    0x6B,0x54,0xB0,0x17,0x60,0xED,0x79,0x21,0x95,0xB6,0x05,0x84,
-    0x37,0xC8,0x03,0xA4,0xDD,0xD1,0x06,0x69,0x8F,0x4C,0x39,0xE0,
-    0xC8,0x5D,0x83,0x1D,0xBE,0x6A,0x9A,0x99,0xF3,0x9F,0x0B,0x45,
-    0x29,0xD4,0xCB,0x29,0x66,0xEE,0x1E,0x7E,0x3D,0xD7,0x13,0x4E,
-    0xDB,0x90,0x90,0x58,0xCB,0x5E,0x9B,0xCD,0x2E,0x2B,0x0F,0xA9,
-    0x4E,0x78,0xAC,0x05,0x11,0x7F,0xE3,0x9E,0x27,0xD4,0x99,0xE1,
-    0xB9,0xBD,0x78,0xE1,0x84,0x41,0xA0,0xDF,
-};
-
-static unsigned char dh4096_g[] = { 0x02, };
-
-// Ensures that the sslGetErrors() function is synchronized.
-static IceUtil::StaticMutex sslErrorsMutex = ICE_STATIC_MUTEX_INITIALIZER;
-
-//
-// NOTE: The following (mon, getGeneralizedTime, getUTCTime and getASN1time)
-//       are routines that have been abducted from the OpenSSL X509 library,
-//       and modified to work with the STL basic_string template.
-
-static const char* mon[12]=
-{
-    "Jan","Feb","Mar","Apr","May","Jun",
-    "Jul","Aug","Sep","Oct","Nov","Dec"
-};
-
-string
-IceSSL::getGeneralizedTime(ASN1_GENERALIZEDTIME *tm)
-{
-    assert(tm != 0);
-
-    char buf[30];
-    int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
-    int i = tm->length;
-
-    char* v = (char *) tm->data;
-
-    if(i < 12)
-    {
-        goto err;
-    }
-
-    if(v[i-1] == 'Z')
-    {
-        gmt=1;
-    }
-
-    for(i=0; i<12; i++)
-    {
-        if((v[i] > '9') || (v[i] < '0'))
-        {
-            goto err;
-        }
-    }
-
-    y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + (v[2] - '0') * 10 + (v[3] - '0');
-    M = (v[4] - '0') * 10 + (v[5] - '0');
-
-    if((M > 12) || (M < 1))
-    {
-        goto err;
-    }
-
-    d = (v[6] - '0') * 10 + (v[7] - '0');
-    h = (v[8] - '0') * 10 + (v[9] - '0');
-    m = (v[10] - '0') * 10 + (v[11] - '0');
-
-    if((v[12] >= '0') && (v[12] <= '9') &&
-        (v[13] >= '0') && (v[13] <= '9'))
-    {
-        s = (v[12] - '0') * 10 + (v[13] - '0');
-    }
-
-    sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y, (gmt)?" GMT":"");
-    return string(buf);
-
-err:
-    return string("Bad time value");
-}
-
-string
-IceSSL::getUTCTime(ASN1_UTCTIME *tm)
-{
-    assert(tm != 0);
-
-    char buf[30];
-    int gmt = 0, y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
-
-    int i = tm->length;
-    char* v = (char *) tm->data;
-
-    if(i < 10)
-    { 
-        goto err;
-    }
-
-    if(v[i-1] == 'Z')
-    {
-        gmt=1;
-    }
-
-    for(i = 0; i < 10; i++)
-    {
-        if((v[i] > '9') || (v[i] < '0'))
-        {
-            goto err;
-        }
-    }
-
-    y = (v[0] - '0') * 10 + (v[1] - '0');
-
-    if(y < 50)
-    {
-        y+=100;
-    }
-
-    M = (v[2] - '0') * 10 + (v[3] - '0');
-
-    if((M > 12) || (M < 1))
-    {
-        goto err;
-    }
-
-    d = (v[4] - '0') * 10 + (v[5] - '0');
-    h = (v[6] - '0') * 10 + (v[7] - '0');
-    m = (v[8] - '0') * 10 + (v[9] - '0');
-
-    if((v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
-    {
-        s = (v[10] - '0') * 10 + (v[11] - '0');
-    }
-
-    sprintf(buf, "%s %2d %02d:%02d:%02d %d%s", mon[M-1], d, h, m, s, y+1900, (gmt)?" GMT":"");
-    return string(buf);
-
-err:
-    return string("Bad time value");
-}
-
-string
-IceSSL::getASN1time(ASN1_TIME *tm)
-{
-    assert(tm != 0);
-
-    string theTime;
-
-    switch(tm->type)
-    {
-        case V_ASN1_UTCTIME :
-        {
-            theTime = getUTCTime(tm);
-            break;
-        }
-
-        case V_ASN1_GENERALIZEDTIME :
-        {
-	    theTime = getGeneralizedTime(tm);
-            break;
-        }
-
-        default :
-        {
-            theTime = "Bad time value";
-            break;
-        }
-    }
-
-    return theTime;
-}
-
-DH*
-IceSSL::loadDHParam(const char* dhfile)
-{
-    assert(dhfile != 0);
-
-    DH* ret = 0;
-    BIO* bio = BIO_new_file(dhfile,"r");
-
-    if(bio != 0)
-    {
-        ret = PEM_read_bio_DHparams(bio, 0, 0, 0);
-        BIO_free(bio);
-    }
-
-    return ret;
-}
-
-DH*
-IceSSL::getTempDH(unsigned char* p, int plen, unsigned char* g, int glen)
-{
-    assert(p != 0);
-    assert(g != 0);
-
-    DH* dh = DH_new();
-
-    if(dh != 0)
-    {
-        dh->p = BN_bin2bn(p, plen, 0);
-
-        dh->g = BN_bin2bn(g, glen, 0);
-
-        if((dh->p == 0) || (dh->g == 0))
-        {
-            // Note: Clears both p and g if they are not NULL.
-            DH_free(dh);
-            dh = 0;
-        }
-    }
-
-    return dh;
-}
-
-DH*
-IceSSL::getTempDH512()
-{
-    return getTempDH(dh512_p, (int) sizeof(dh512_p), dh512_g, (int) sizeof(dh512_g));
-}
-
-DH*
-IceSSL::getTempDH1024()
-{
-    return getTempDH(dh1024_p, (int) sizeof(dh1024_p), dh1024_g, (int) sizeof(dh1024_g));
-}
-
-DH*
-IceSSL::getTempDH2048()
-{
-    return getTempDH(dh2048_p, (int) sizeof(dh2048_p), dh2048_g, (int) sizeof(dh2048_g));
-}
-
-DH*
-IceSSL::getTempDH4096()
-{
-    return getTempDH(dh4096_p, (int) sizeof(dh4096_p), dh4096_g, (int) sizeof(dh4096_g));
-}
-
-string
-IceSSL::sslGetErrors()
-{
-    IceUtil::StaticMutex::Lock sync(sslErrorsMutex);
-    
-    string errorMessage;
-    char buf[200];
-    char bigBuffer[1024];
-    const char* file = 0;
-    const char* data = 0;
-    int line = 0;
-    int flags = 0;
-    unsigned long errorCode = 0;
-    int errorNum = 1;
-
-    unsigned long es = CRYPTO_thread_id();
-
-    while((errorCode = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0)
-    {
-        sprintf(bigBuffer,"%6d - Thread ID: %lu\n", errorNum, es);
-        errorMessage += bigBuffer;
-
-        sprintf(bigBuffer,"%6d - Error:     %lu\n", errorNum, errorCode);
-        errorMessage += bigBuffer;
-
-        // Request an error from the OpenSSL library
-        ERR_error_string_n(errorCode, buf, sizeof(buf));
-        sprintf(bigBuffer,"%6d - Message:   %s\n", errorNum, buf);
-        errorMessage += bigBuffer;
-
-        sprintf(bigBuffer,"%6d - Location:  %s, %d\n", errorNum, file, line);
-        errorMessage += bigBuffer;
-
-        if(flags & ERR_TXT_STRING)
-        {
-            sprintf(bigBuffer,"%6d - Data:      %s\n", errorNum, data);
-            errorMessage += bigBuffer;
-        }
-
-        errorNum++;
-    }
-
-    ERR_clear_error();
-
-    return errorMessage;
-}
-
-static const char* errorStrings[] =
-{
-    "Unable to get issuer's certificate.",
-    "Unable to get certificate revocation list.",
-    "Unable to decrypt certificate signature.",
-    "Unable to decrypt certificate revocation list signature.",
-    "Unable to decode issuer's public key.",
-    "Certificate signature failure.",
-    "Certificate revocation list signature failure.",
-    "Certificate not yet valid.",
-    "Certificate has expired.",
-    "Certificate revocation list not yet valid.",
-    "Certificate revocation list has expired.",
-    "Error in certificate's \"not before\" field",
-    "Error in certificate's \"not after\" field",
-    "Error in the certificate revocation list's \"last update\" field",
-    "Error in the certificate revocation list's \"next update\" field",
-    "Out of memory failure.",
-    "Encountered a zero-depth self-signed certificate.",
-    "Encountered self-signed certificate in the certificate chain.",
-    "Unable to get issuer certificate locally.",
-    "Unable to verify leaf signature.",
-    "Certificate chain too long.",
-    "Certificate has been revoked.",
-    "Invalid certificate authority.",
-    "Certificate Authority path length exceeded.",
-    "Invalid certificate purpose.",
-    "Certificate is untrusted.",
-    "Certificate is rejected.",
-    "Subject and Issuer do not match.",
-    "AKID/SKID mismatch.",
-    "AKID and Issuer Serial mismatch.",
-    "Key usage precludes certifiicate signing.",
-    "Application verification."
-};
-
-string
-IceSSL::getVerificationError(long errorCode)
-{
-    string errString;
-
-    if(errorCode > X509_V_ERR_KEYUSAGE_NO_CERTSIGN)
-    {
-        if(errorCode == X509_V_ERR_APPLICATION_VERIFICATION)
-        {
-	    errString = "Application Verification error.";
-        }
-	else
-        {
-            ostringstream errStream;
-	    errStream << "Unknown error code: " << dec << errorCode << "."; 
-	    errString = errStream.str();
-        }
-    }
-    else
-    {
-        errorCode -= 2;
-	errString = errorStrings[errorCode];
-    }
-
-    return errString;
-}
-
-extern "C"
-{
-
-RSA*
-tmpRSACallback(SSL* sslConnection, int isExport, int keyLength)
-{
-    assert(sslConnection != 0);
-
-    void* p = SSL_get_ex_data(sslConnection, 0);
-    assert(p != 0);
-    IceSSL::OpenSSLPluginI* openSslPlugin = static_cast<IceSSL::OpenSSLPluginI*>(p);
-    assert(openSslPlugin != 0);
-
-    return openSslPlugin->getRSAKey(isExport, keyLength);
-}
-
-DH*
-tmpDHCallback(SSL* sslConnection, int isExport, int keyLength)
-{
-    assert(sslConnection != 0);
-
-    void* p = SSL_get_ex_data(sslConnection, 0);
-    assert(p != 0);
-    IceSSL::OpenSSLPluginI* openSslPlugin = static_cast<IceSSL::OpenSSLPluginI*>(p);
-
-    assert(openSslPlugin != 0);
-
-    return openSslPlugin->getDHParams(isExport, keyLength);
-}
-
-// verifyCallback - Certificate Verification callback function.
-int
-verifyCallback(int ok, X509_STORE_CTX* ctx)
-{
-    assert(ctx != 0);
-
-    // Tricky method to get access to our connection.  I would use
-    // SSL_get_ex_data() to get the Connection object, if only I had
-    // some way to retrieve the index of the object in this function.
-    // Hence, we have to invent our own reference system here.
-    SSL* sslConnection = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
-    assert(sslConnection != 0);
-
-    IceSSL::SslTransceiverPtr transceiver = IceSSL::SslTransceiver::getTransceiver(sslConnection);
-    assert(transceiver != 0);
-
-    // Call the connection, get it to perform the verification.
-    return transceiver->verifyCertificate(ok, ctx);
-}
-
-}
diff --git a/cpp/src/IceSSL/OpenSSLUtils.h b/cpp/src/IceSSL/OpenSSLUtils.h
deleted file mode 100644
index 3bba800d54e..00000000000
--- a/cpp/src/IceSSL/OpenSSLUtils.h
+++ /dev/null
@@ -1,49 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceUtil/Config.h>
-
-#include <openssl/ssl.h>
-
-namespace IceSSL
-{
-
-std::string getGeneralizedTime(ASN1_GENERALIZEDTIME*);
-
-std::string getUTCTime(ASN1_UTCTIME*);
-
-std::string getASN1time(ASN1_TIME*);
-
-DH* loadDHParam(const char*);
-
-DH* getTempDH(unsigned char*, int, unsigned char*, int);
-
-DH* getTempDH512();
-DH* getTempDH1024();
-DH* getTempDH2048();
-DH* getTempDH4096();
-
-std::string sslGetErrors();
-
-std::string getVerificationError(long);
-
-}
-
-extern "C"
-{
-
-RSA* tmpRSACallback(SSL*, int, int);
-
-DH* tmpDHCallback(SSL*, int, int);
-
-int verifyCallback(int, X509_STORE_CTX*);
-
-int passwordCallback(char*, int, int, void*);
-
-}
diff --git a/cpp/src/IceSSL/PluginI.cpp b/cpp/src/IceSSL/PluginI.cpp
new file mode 100644
index 00000000000..f3a10359b2d
--- /dev/null
+++ b/cpp/src/IceSSL/PluginI.cpp
@@ -0,0 +1,260 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <PluginI.h>
+#include <Instance.h>
+#include <Util.h>
+#include <Ice/BuiltinSequences.h>
+#include <Ice/Communicator.h>
+#include <Ice/LocalException.h>
+#include <Ice/Logger.h>
+#include <Ice/Properties.h>
+#include <IceUtil/StaticMutex.h>
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/ssl.h>
+
+using namespace std;
+using namespace Ice;
+using namespace IceSSL;
+
+#ifndef ICE_SSL_API
+#   ifdef ICE_SSL_API_EXPORTS
+#       define ICE_SSL_API ICE_DECLSPEC_EXPORT
+#    else
+#       define ICE_SSL_API ICE_DECLSPEC_IMPORT
+#    endif
+#endif
+
+//
+// Plugin factory function.
+//
+extern "C"
+{
+
+ICE_SSL_API Ice::Plugin*
+create(const CommunicatorPtr& communicator, const string& name, const StringSeq& args)
+{
+    PluginI* plugin = new PluginI(communicator);
+    return plugin;
+}
+
+}
+
+static IceUtil::StaticMutex staticMutex = ICE_STATIC_MUTEX_INITIALIZER;
+static int instanceCount = 0;
+static IceUtil::Mutex* locks = 0;
+
+//
+// OpenSSL mutex callback.
+//
+static void opensslLockCallback(int mode, int n, const char* file, int line)
+{
+    if(mode & CRYPTO_LOCK)
+    {
+	locks[n].lock();
+    }
+    else
+    {
+	locks[n].unlock();
+    }
+}
+
+//
+// OpenSSL thread id callback.
+//
+static unsigned long
+opensslThreadIdCallback()
+{
+#if defined(_WIN32)
+    return static_cast<unsigned long>(GetCurrentThreadId());
+#elif defined(__FreeBSD__) || defined(__APPLE__) || defined(__osf1__)
+    //
+    // On some platforms, pthread_t is a pointer to a per-thread structure.
+    // 
+    return reinterpret_cast<unsigned long>(pthread_self());
+#elif (defined(__linux) || defined(__sun) || defined(__hpux)) || defined(_AIX)
+    //
+    // On Linux, Solaris, HP-UX and AIX, pthread_t is an integer.
+    //
+    return static_cast<unsigned long>(pthread_self());
+#else
+#   error "Unknown platform"
+#endif
+}
+
+//
+// VerifyInfo constructor.
+//
+IceSSL::VerifyInfo::VerifyInfo() :
+    incoming(false),
+    cert(0),
+    ssl(0)
+{
+}
+
+//
+// Plugin implementation.
+//
+IceSSL::PluginI::PluginI(const Ice::CommunicatorPtr& communicator)
+{
+    setupSSL(communicator);
+
+    _instance = new Instance(communicator);
+}
+
+void
+IceSSL::PluginI::destroy()
+{
+    _instance->destroy();
+    _instance = 0;
+
+    cleanupSSL();
+}
+
+void
+IceSSL::PluginI::initialize(SSL_CTX* clientContext, SSL_CTX* serverContext)
+{
+    _instance->initialize(clientContext, serverContext);
+}
+
+void
+IceSSL::PluginI::setCertificateVerifier(const CertificateVerifierPtr& verifier)
+{
+    _instance->setCertificateVerifier(verifier);
+}
+
+void
+IceSSL::PluginI::setPasswordPrompt(const PasswordPromptPtr& prompt)
+{
+    _instance->setPasswordPrompt(prompt);
+}
+
+SSL_CTX*
+IceSSL::PluginI::clientContext()
+{
+    return _instance->clientContext()->ctx();
+}
+
+SSL_CTX*
+IceSSL::PluginI::serverContext()
+{
+    return _instance->serverContext()->ctx();
+}
+
+void
+IceSSL::PluginI::setupSSL(const CommunicatorPtr& communicator)
+{
+    //
+    // Initialize OpenSSL.
+    //
+    IceUtil::StaticMutex::Lock sync(staticMutex);
+    instanceCount++;
+
+    if(instanceCount == 1)
+    {
+	PropertiesPtr properties = communicator->getProperties();
+
+	//
+	// Create the mutexes and set the callbacks.
+	//
+	locks = new IceUtil::Mutex[CRYPTO_num_locks()];
+	CRYPTO_set_locking_callback(opensslLockCallback);
+	CRYPTO_set_id_callback(opensslThreadIdCallback);
+
+	//
+	// Load human-readable error messages.
+	//
+	SSL_load_error_strings();
+
+	//
+	// Initialize the SSL library.
+	//
+	SSL_library_init();
+
+	//
+	// Initialize the PRNG.
+	//
+#ifdef WINDOWS
+	RAND_screen(); // Uses data from the screen if possible.
+#endif
+	char randFile[1024];
+	if(RAND_file_name(randFile, sizeof(randFile))) // Gets the name of a default seed file.
+	{
+	    RAND_load_file(randFile, 1024);
+	}
+	string randFiles = properties->getProperty("IceSSL.Random");
+	if(!randFiles.empty())
+	{
+	    vector<string> files;
+#ifdef _WIN32
+	    const string sep = ";";
+#else
+	    const string sep = ":";
+#endif
+	    if(!splitString(randFiles, sep, false, files))
+	    {
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = "IceSSL: invalid value for IceSSL.Random:\n" + randFiles;
+		throw ex;
+	    }
+	    for(vector<string>::iterator p = files.begin(); p != files.end(); ++p)
+	    {
+		if(!RAND_load_file(p->c_str(), 1024))
+		{
+		    PluginInitializationException ex(__FILE__, __LINE__);
+		    ex.reason = "IceSSL: unable to load entropy data from " + *p;
+		    throw ex;
+		}
+	    }
+	}
+#ifndef _WIN32
+	//
+	// The Entropy Gathering Daemon (EGD) is not available on Windows.
+	// The file should be a Unix domain socket for the daemon.
+	//
+	string entropyDaemon = properties->getProperty("IceSSL.EntropyDaemon");
+	if(!entropyDaemon.empty())
+	{
+	    if(RAND_egd(entropyDaemon.c_str()) <= 0)
+	    {
+		PluginInitializationException ex(__FILE__, __LINE__);
+		ex.reason = "IceSSL: EGD failure using file " + entropyDaemon;
+		throw ex;
+	    }
+	}
+#endif
+	if(!RAND_status())
+	{
+	    communicator->getLogger()->warning("IceSSL: insufficient data to initialize PRNG");
+	}
+    }
+}
+
+void
+IceSSL::PluginI::cleanupSSL()
+{
+    IceUtil::StaticMutex::Lock sync(staticMutex);
+
+    if(--instanceCount == 0)
+    {
+	CRYPTO_set_locking_callback(0);
+	CRYPTO_set_id_callback(0);
+	delete[] locks;
+	locks = 0;
+
+	CRYPTO_cleanup_all_ex_data();
+	RAND_cleanup();
+	ERR_free_strings();
+	EVP_cleanup();
+    }
+}
diff --git a/cpp/src/IceSSL/PluginI.h b/cpp/src/IceSSL/PluginI.h
new file mode 100644
index 00000000000..8da74a0667a
--- /dev/null
+++ b/cpp/src/IceSSL/PluginI.h
@@ -0,0 +1,46 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_PLUGIN_I_H
+#define ICE_SSL_PLUGIN_I_H
+
+#include <IceSSL/Plugin.h>
+#include <InstanceF.h>
+#include <Ice/CommunicatorF.h>
+#include <Ice/Plugin.h>
+
+namespace IceSSL
+{
+
+class PluginI : public IceSSL::Plugin
+{
+public:
+
+    PluginI(const Ice::CommunicatorPtr&);
+
+    virtual void destroy();
+
+    virtual void initialize(SSL_CTX* = 0, SSL_CTX* = 0);
+    virtual void setCertificateVerifier(const CertificateVerifierPtr&);
+    virtual void setPasswordPrompt(const PasswordPromptPtr&);
+
+    virtual SSL_CTX* clientContext();
+    virtual SSL_CTX* serverContext();
+
+private:
+
+    void setupSSL(const Ice::CommunicatorPtr&);
+    void cleanupSSL();
+
+    InstancePtr _instance;
+};
+
+}
+
+#endif
diff --git a/cpp/src/IceSSL/RSACertificateGen.cpp b/cpp/src/IceSSL/RSACertificateGen.cpp
deleted file mode 100644
index 46cfde37851..00000000000
--- a/cpp/src/IceSSL/RSACertificateGen.cpp
+++ /dev/null
@@ -1,375 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceUtil/Config.h>
-#include <IceSSL/RSACertificateGen.h>
-#include <IceSSL/OpenSSLJanitors.h>
-#include <IceSSL/RSAKeyPair.h>
-#include <IceSSL/RSAPrivateKey.h>
-#include <IceSSL/RSAPublicKey.h>
-#include <IceSSL/Exception.h>
-#include <IceSSL/OpenSSLUtils.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-using std::string;
-using std::back_inserter;
-
-IceSSL::RSACertificateGenContext::RSACertificateGenContext() :
-    _modulusLength(0),
-    _secondsValid(0),
-    _issuedAdjustment(0)
-{
-}
-
-IceSSL::RSACertificateGenContext::~RSACertificateGenContext()
-{
-}
-
-long
-IceSSL::RSACertificateGenContext::minutesToSeconds(long minutes)
-{
-    return minutes * 60L;
-}
-
-long
-IceSSL::RSACertificateGenContext::hoursToSeconds(long hours)
-{
-    return minutesToSeconds(hours * 60L);
-}
-
-long
-IceSSL::RSACertificateGenContext::daysToSeconds(long days)
-{
-    return hoursToSeconds(days * 24L);
-}
-
-long
-IceSSL::RSACertificateGenContext::weeksToSeconds(long weeks)
-{
-    return daysToSeconds(weeks * 7L);
-}
-
-long
-IceSSL::RSACertificateGenContext::yearsToSeconds(long years)
-{
-    return weeksToSeconds(years * 365L);
-}
-
-void
-IceSSL::RSACertificateGenContext::setCountry(const string& country)
-{
-    _country = country;
-}
-
-void
-IceSSL::RSACertificateGenContext::setStateProvince(const string& stateProvince)
-{
-    _stateProvince = stateProvince;
-}
-
-void
-IceSSL::RSACertificateGenContext::setLocality(const string& locality)
-{
-    _locality = locality;
-}
-
-void
-IceSSL::RSACertificateGenContext::setOrganization(const string& organization)
-{
-    _organization = organization;
-}
-
-void
-IceSSL::RSACertificateGenContext::setOrgainizationalUnit(const string& organizationalUnit)
-{
-    _organizationalUnit = organizationalUnit;
-}
-
-void
-IceSSL::RSACertificateGenContext::setCommonName(const string& commonName)
-{
-    _commonName = commonName;
-}
-
-void
-IceSSL::RSACertificateGenContext::setBitStrength(int bitStrength)
-{
-    _modulusLength = bitStrength;
-}
-
-void
-IceSSL::RSACertificateGenContext::setSecondsValid(long secondsValid)
-{
-    _secondsValid = secondsValid;
-}
-
-void
-IceSSL::RSACertificateGenContext::setIssuedAdjustment(long issuedAdjustment)
-{
-    _issuedAdjustment = issuedAdjustment;
-}
-
-unsigned char*
-IceSSL::RSACertificateGenContext::getCountry() const
-{
-    unsigned char* country = reinterpret_cast<unsigned char *>(const_cast<char*>(_country.c_str()));
-
-    assert(country != 0);
-
-    return country;
-}
-
-unsigned char*
-IceSSL::RSACertificateGenContext::getStateProvince() const
-{
-    unsigned char* stateProvince =  reinterpret_cast<unsigned char *>(const_cast<char*>(_stateProvince.c_str()));
-
-    assert(stateProvince != 0);
-
-    return stateProvince;
-}
-
-unsigned char*
-IceSSL::RSACertificateGenContext::getLocality() const
-{
-    unsigned char* locality = reinterpret_cast<unsigned char *>(const_cast<char*>(_locality.c_str()));
-
-    assert(locality != 0);
-
-    return locality;
-}
-
-unsigned char*
-IceSSL::RSACertificateGenContext::getOrganization() const
-{
-    unsigned char* organization = reinterpret_cast<unsigned char *>(const_cast<char*>(_organization.c_str()));
-
-    assert(organization != 0);
-
-    return organization;
-}
-
-unsigned char*
-IceSSL::RSACertificateGenContext::getOrganizationalUnit() const
-{
-    unsigned char* orgUnit = reinterpret_cast<unsigned char *>(const_cast<char*>(_organizationalUnit.c_str()));
-
-    assert(orgUnit != 0);
-
-    return orgUnit;
-}
-
-unsigned char*
-IceSSL::RSACertificateGenContext::getCommonName() const
-{
-    unsigned char* commonName = reinterpret_cast<unsigned char *>(const_cast<char*>(_commonName.c_str()));
-
-    assert(commonName != 0);
-
-    return commonName;
-}
-
-int
-IceSSL::RSACertificateGenContext::getModulusLength() const
-{
-    return _modulusLength;
-}
-
-long
-IceSSL::RSACertificateGenContext::getSecondsValid() const
-{
-    return _secondsValid;
-}
-
-long
-IceSSL::RSACertificateGenContext::getIssuedAdjustment() const
-{
-    return _issuedAdjustment;
-}
-
-IceSSL::RSACertificateGen::RSACertificateGen()
-{
-    ERR_load_crypto_strings();
-}
-
-IceSSL::RSACertificateGen::~RSACertificateGen()
-{
-}
-
-IceSSL::RSAKeyPairPtr
-IceSSL::RSACertificateGen::generate(const RSACertificateGenContext& context)
-{
-    // Generate an RSA key pair.
-    RSAJanitor rsaJanitor(RSA_generate_key(context.getModulusLength(), RSA_F4, 0, 0));
-    RSA* rsaKeyPair = rsaJanitor.get();
-
-    assert(rsaKeyPair != 0);
-
-    EVP_PKEYJanitor evpPkeyJanitor(EVP_PKEY_new());
-    EVP_PKEY* pkey = evpPkeyJanitor.get();
-    assert(pkey != 0);
-    EVP_PKEY_assign_RSA(pkey, rsaKeyPair);
-
-    // The RSA structure now belongs (temporarily) to the EVP_PKEY
-    rsaJanitor.clear();
-
-    // Create a signing request
-    X509_REQJanitor x509ReqJanitor(X509_REQ_new());
-    X509_REQ* signingRequest = x509ReqJanitor.get();
-    assert(signingRequest != 0);
-
-    X509Janitor x509Janitor(X509_new());
-    X509* x509SelfSigned = x509Janitor.get();
-    assert(x509SelfSigned != 0);
-
-    // Set version to V3.
-#ifdef NDEBUG // Avoid compiler warnings when compiling with optimization.
-    X509_set_version(x509SelfSigned, 2);
-#else
-    assert(X509_set_version(x509SelfSigned, 2) != 0);
-#endif
-
-    ASN1_INTEGER_set(X509_get_serialNumber(x509SelfSigned), 0);
-
-    // NOTE: This is wierd.  It looks like, for some reason, that the typedef of
-    // X509_NAME gets lost in this code module.  I am using the straight struct
-    // here because X509_NAME isn't here.
-
-    // X509_NAME* subjectName = X509_REQ_get_subject_name(signingRequest);
-    struct X509_name_st* subjectName = X509_REQ_get_subject_name(signingRequest);
-
-    // Set valid time period.
-    X509_gmtime_adj(X509_get_notBefore(x509SelfSigned), context.getIssuedAdjustment());
-    X509_gmtime_adj(X509_get_notAfter(x509SelfSigned), context.getSecondsValid());
-
-    // Set up subject/issuer Distinguished Name (DN).
-    X509_NAME_add_entry_by_txt(subjectName, const_cast<char*>("C"), MBSTRING_ASC, context.getCountry(),
-        -1, -1, 0);
-    X509_NAME_add_entry_by_txt(subjectName, const_cast<char*>("ST"), MBSTRING_ASC, context.getStateProvince(),
-        -1, -1, 0);
-    X509_NAME_add_entry_by_txt(subjectName, const_cast<char*>("L"), MBSTRING_ASC, context.getLocality(),
-        -1, -1, 0);
-    X509_NAME_add_entry_by_txt(subjectName, const_cast<char*>("O"), MBSTRING_ASC, context.getOrganization(),
-        -1, -1, 0);
-    X509_NAME_add_entry_by_txt(subjectName, const_cast<char*>("OU"), MBSTRING_ASC, context.getOrganizationalUnit(),
-        -1, -1, 0);
-    X509_NAME_add_entry_by_txt(subjectName, const_cast<char*>("CN"), MBSTRING_ASC, context.getCommonName(),
-        -1, -1, 0);
-
-    // Self signed - set issuer and subject names identical
-    X509_set_issuer_name(x509SelfSigned, subjectName);
-    X509_set_subject_name(x509SelfSigned, subjectName);
-
-    // Set the public key in the self signed certificate from the request.
-    X509_set_pubkey(x509SelfSigned, pkey);
-
-    // Sign the public key using an MD5 digest.
-    if(!X509_sign(x509SelfSigned, pkey, EVP_md5()))
-    {
-        throw IceSSL::CertificateSigningException(__FILE__, __LINE__);
-    }
-
-    // Verify the Signature (paranoia).
-    if(!X509_REQ_verify(signingRequest, pkey))
-    {
-        throw IceSSL::CertificateSignatureException(__FILE__, __LINE__);
-    }
-
-    // Nasty Hack: Getting the pkey to let go of our rsaKeyPair - we own that now.
-    //             Checked this out, though, and there are no current issues (0.9.7a) with doing this.
-    pkey->pkey.ptr = 0;
-
-    RSAPrivateKeyPtr privKeyPtr = new RSAPrivateKey(rsaKeyPair);
-    RSAPublicKeyPtr pubKeyPtr = new RSAPublicKey(x509SelfSigned);
-    RSAKeyPair* keyPairPtr = new RSAKeyPair(privKeyPtr, pubKeyPtr);
-
-    // Do not let the janitors clean up, we're keeping the keys for ourselves.
-    rsaJanitor.clear();
-    x509Janitor.clear();
-
-    return keyPairPtr;
-}
-
-IceSSL::RSAKeyPairPtr
-IceSSL::RSACertificateGen::loadKeyPair(const std::string& keyFile, const std::string& certFile)
-{
-    //
-    // Read in the X509 Certificate Structure
-    //
-    BIOJanitor certBIO(BIO_new_file(certFile.c_str(), "r"));
-    if(certBIO.get() == 0)
-    {
-        IceSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
-
-        certLoadEx.message = "unable to load certificate from '";
-        certLoadEx.message += certFile;
-        certLoadEx.message += "'\n";
-        certLoadEx.message += sslGetErrors();
-
-        throw certLoadEx;
-    }
-
-    X509Janitor x509Janitor(PEM_read_bio_X509(certBIO.get(), 0, 0, 0));
-
-    if(x509Janitor.get() == 0)
-    {
-        IceSSL::CertificateLoadException certLoadEx(__FILE__, __LINE__);
-
-        certLoadEx.message = "unable to load certificate from '";
-        certLoadEx.message += certFile;
-        certLoadEx.message += "'\n";
-        certLoadEx.message += sslGetErrors();
-
-        throw certLoadEx;
-    }
-
-    //
-    // Read in the RSA Private Key Structure
-    //
-    BIOJanitor keyBIO(BIO_new_file(keyFile.c_str(), "r"));
-    if(keyBIO.get() == 0)
-    {
-        IceSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
-
-        pklEx.message = "unable to load private key from '";
-        pklEx.message += keyFile;
-        pklEx.message += "'\n";
-        pklEx.message += sslGetErrors();
-
-        throw pklEx;
-    }
-
-    RSAJanitor rsaJanitor(PEM_read_bio_RSAPrivateKey(keyBIO.get(), 0, 0, 0));
-
-    if(rsaJanitor.get() == 0)
-    {
-        IceSSL::PrivateKeyLoadException pklEx(__FILE__, __LINE__);
-
-        pklEx.message = "unable to load private key from '";
-        pklEx.message += keyFile;
-        pklEx.message += "'\n";
-        pklEx.message += sslGetErrors();
-
-        throw pklEx;
-    }
-
-    //
-    // Construct our RSAKeyPair
-    //
-    RSAPrivateKeyPtr privKeyPtr = new RSAPrivateKey(rsaJanitor.get());
-    RSAPublicKeyPtr pubKeyPtr = new RSAPublicKey(x509Janitor.get());
-    RSAKeyPairPtr keyPairPtr = new RSAKeyPair(privKeyPtr, pubKeyPtr);
-
-    // Do not let the janitors clean up, we're keeping these keys.
-    rsaJanitor.clear();
-    x509Janitor.clear();
-
-    return keyPairPtr;
-}
diff --git a/cpp/src/IceSSL/RSAKeyPair.cpp b/cpp/src/IceSSL/RSAKeyPair.cpp
deleted file mode 100644
index 334ed4c2556..00000000000
--- a/cpp/src/IceSSL/RSAKeyPair.cpp
+++ /dev/null
@@ -1,86 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceUtil/Config.h>
-#include <IceUtil/Base64.h>
-#include <IceSSL/RSAKeyPair.h>
-#include <IceSSL/RSAPrivateKey.h>
-#include <IceSSL/RSAPublicKey.h>
-#include <assert.h>
-
-void IceInternal::incRef(::IceSSL::RSAKeyPair* p) { p->__incRef(); }
-void IceInternal::decRef(::IceSSL::RSAKeyPair* p) { p->__decRef(); }
-
-using std::back_inserter;
-using std::string;
-using Ice::ByteSeq;
-using IceUtil::Base64;
-
-IceSSL::RSAKeyPair::RSAKeyPair(const string& key, const string& cert) :
-    _privateKey(new RSAPrivateKey(key)),
-    _publicKey(new RSAPublicKey(cert))
-{
-    assert(_privateKey != 0);
-    assert(_publicKey != 0);
-}
-
-IceSSL::RSAKeyPair::RSAKeyPair(const ByteSeq& keySeq, const ByteSeq& certSeq) :
-    _privateKey(new RSAPrivateKey(keySeq)),
-    _publicKey(new RSAPublicKey(certSeq))
-{
-    assert(_privateKey != 0);
-    assert(_publicKey != 0);
-}
-
-IceSSL::RSAKeyPair::~RSAKeyPair()
-{
-}
-
-void
-IceSSL::RSAKeyPair::keyToBase64(string& b64Key)
-{
-    _privateKey->keyToBase64(b64Key);
-}
-
-void
-IceSSL::RSAKeyPair::certToBase64(string& b64Cert)
-{
-    _publicKey->certToBase64(b64Cert);
-}
-
-void
-IceSSL::RSAKeyPair::keyToByteSeq(ByteSeq& keySeq)
-{
-    _privateKey->keyToByteSeq(keySeq);
-}
-
-void
-IceSSL::RSAKeyPair::certToByteSeq(ByteSeq& certSeq)
-{
-    _publicKey->certToByteSeq(certSeq);
-}
-
-RSA*
-IceSSL::RSAKeyPair::getRSAPrivateKey() const
-{
-    return _privateKey->get();
-}
-
-X509*
-IceSSL::RSAKeyPair::getX509PublicKey() const
-{
-    return _publicKey->getX509PublicKey();
-}
-
-IceSSL::RSAKeyPair::RSAKeyPair(const RSAPrivateKeyPtr& rsa, const RSAPublicKeyPtr& x509) :
-    _privateKey(rsa),
-    _publicKey(x509)
-{
-}
-
diff --git a/cpp/src/IceSSL/RSAPrivateKey.cpp b/cpp/src/IceSSL/RSAPrivateKey.cpp
deleted file mode 100644
index 2cd9934c915..00000000000
--- a/cpp/src/IceSSL/RSAPrivateKey.cpp
+++ /dev/null
@@ -1,123 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceUtil/Config.h>
-#include <IceUtil/Base64.h>
-#include <IceSSL/RSAPrivateKey.h>
-#include <IceSSL/Convert.h>
-#include <IceSSL/OpenSSLUtils.h>
-#include <IceSSL/Exception.h>
-#include <assert.h>
-
-void IceInternal::incRef(::IceSSL::RSAPrivateKey* p) { p->__incRef(); }
-void IceInternal::decRef(::IceSSL::RSAPrivateKey* p) { p->__decRef(); }
-
-using std::back_inserter;
-using std::string;
-using Ice::ByteSeq;
-using IceUtil::Base64;
-
-IceSSL::RSAPrivateKey::RSAPrivateKey(const string& key)
-{
-    assert(!key.empty());
-
-    _privateKey = 0;
-    
-    ByteSeq keySeq = Base64::decode(key);
-
-    byteSeqToKey(keySeq);
-}
-
-IceSSL::RSAPrivateKey::RSAPrivateKey(const ByteSeq& keySeq)
-{
-    assert(!keySeq.empty());
-
-    _privateKey = 0;
-    
-    byteSeqToKey(keySeq);
-}
-
-IceSSL::RSAPrivateKey::RSAPrivateKey(RSA* rsa) :
-                               _privateKey(rsa)
-{
-    assert(_privateKey != 0);
-}
-
-IceSSL::RSAPrivateKey::~RSAPrivateKey()
-{
-    if(_privateKey != 0)
-    {
-        RSA_free(_privateKey);
-    }
-}
-
-void
-IceSSL::RSAPrivateKey::keyToBase64(string& b64Key)
-{
-    ByteSeq keySeq;
-    keyToByteSeq(keySeq);
-    b64Key = Base64::encode(keySeq);
-}
-
-void
-IceSSL::RSAPrivateKey::keyToByteSeq(ByteSeq& keySeq)
-{
-    assert(_privateKey);
-
-    // Output the Private Key to a char buffer
-    unsigned int privKeySize = i2d_RSAPrivateKey(_privateKey, 0);
-
-    assert(privKeySize > 0);
-
-    unsigned char* privateKeyBuffer = new unsigned char[privKeySize];
-    assert(privateKeyBuffer != 0);
-
-    // We have to do this because i2d_RSAPrivateKey changes the pointer.
-    unsigned char* privKeyBuff = privateKeyBuffer;
-    i2d_RSAPrivateKey(_privateKey, &privKeyBuff);
-
-    IceSSL::ucharToByteSeq(privateKeyBuffer, privKeySize, keySeq);
-
-    delete [] privateKeyBuffer;
-}
-
-RSA*
-IceSSL::RSAPrivateKey::get() const
-{
-    return _privateKey;
-}
-
-void
-IceSSL::RSAPrivateKey::byteSeqToKey(const ByteSeq& keySeq)
-{
-    unsigned char* privateKeyBuffer = byteSeqToUChar(keySeq);
-    assert(privateKeyBuffer != 0);
-
-    unsigned char* privKeyBuff = privateKeyBuffer;
-    unsigned char** privKeyBuffpp = &privKeyBuff;
-    RSA** rsapp = &_privateKey;
-
-#if OPENSSL_VERSION_NUMBER < 0x0090700fL
-    _privateKey = d2i_RSAPrivateKey(rsapp, privKeyBuffpp, (long)keySeq.size());
-#else
-    _privateKey = d2i_RSAPrivateKey(rsapp, (const unsigned char **)privKeyBuffpp, (long)keySeq.size());
-#endif
-
-    delete [] privateKeyBuffer;
-
-    if(_privateKey == 0)
-    {
-        IceSSL::PrivateKeyParseException pkParseException(__FILE__, __LINE__);
-
-        pkParseException.message = "unable to parse provided private key\n" + sslGetErrors();
-
-        throw pkParseException;
-    }
-}
-
diff --git a/cpp/src/IceSSL/RSAPublicKey.cpp b/cpp/src/IceSSL/RSAPublicKey.cpp
deleted file mode 100644
index 88374c66593..00000000000
--- a/cpp/src/IceSSL/RSAPublicKey.cpp
+++ /dev/null
@@ -1,124 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceUtil/Config.h>
-#include <IceUtil/Base64.h>
-#include <IceSSL/RSAPublicKey.h>
-#include <IceSSL/Convert.h>
-#include <IceSSL/OpenSSLUtils.h>
-#include <IceSSL/Exception.h>
-#include <assert.h>
-
-void IceInternal::incRef(::IceSSL::RSAPublicKey* p) { p->__incRef(); }
-void IceInternal::decRef(::IceSSL::RSAPublicKey* p) { p->__decRef(); }
-
-using std::back_inserter;
-using std::string;
-using Ice::ByteSeq;
-using IceUtil::Base64;
-
-IceSSL::RSAPublicKey::RSAPublicKey(const string& cert)
-{
-    assert(!cert.empty());
-
-    _publicKey = 0;
-
-    ByteSeq certSeq = Base64::decode(cert);
-
-    byteSeqToCert(certSeq);
-}
-
-IceSSL::RSAPublicKey::RSAPublicKey(const ByteSeq& certSeq)
-{
-    assert(!certSeq.empty());
-
-    _publicKey = 0;
-
-    byteSeqToCert(certSeq);
-}
-
-IceSSL::RSAPublicKey::~RSAPublicKey()
-{
-    if(_publicKey != 0)
-    {
-        X509_free(_publicKey);
-    }
-}
-
-void
-IceSSL::RSAPublicKey::certToBase64(string& b64Cert)
-{
-    ByteSeq certSeq;
-    certToByteSeq(certSeq);
-    b64Cert = Base64::encode(certSeq);
-}
-
-void
-IceSSL::RSAPublicKey::certToByteSeq(ByteSeq& certSeq)
-{
-    assert(_publicKey);
-
-    // Output the Public Key to a char buffer
-    unsigned int pubKeySize = i2d_X509(_publicKey, 0);
-
-    assert(pubKeySize > 0);
-
-    unsigned char* publicKeyBuffer = new unsigned char[pubKeySize];
-    assert(publicKeyBuffer != 0);
-
-    // We have to do this because i2d_X509_PUBKEY changes the pointer.
-    unsigned char* pubKeyBuff = publicKeyBuffer;
-    i2d_X509(_publicKey, &pubKeyBuff);
-
-    IceSSL::ucharToByteSeq(publicKeyBuffer, pubKeySize, certSeq);
-
-    delete []publicKeyBuffer;
-}
-
-X509*
-IceSSL::RSAPublicKey::getX509PublicKey() const
-{
-    return _publicKey;
-}
-
-IceSSL::RSAPublicKey::RSAPublicKey(X509* x509) :
-                              _publicKey(x509)
-{
-}
-
-void
-IceSSL::RSAPublicKey::byteSeqToCert(const ByteSeq& certSeq)
-{
-    const unsigned char* publicKeyBuffer = byteSeqToUChar(certSeq);
-    assert(publicKeyBuffer != 0);
-
-    // We have to do this because d2i_X509 changes the pointer.
-    const unsigned char* pubKeyBuff = publicKeyBuffer;
-    const unsigned char** pubKeyBuffpp = &pubKeyBuff;
-
-    X509** x509pp = &_publicKey;
-#if OPENSSL_VERSION_NUMBER < 0x0090800fL 
-    _publicKey = d2i_X509(x509pp, const_cast<unsigned char**>(pubKeyBuffpp), (long)certSeq.size());
-#else
-    _publicKey = d2i_X509(x509pp, pubKeyBuffpp, (long)certSeq.size());
-#endif
-			  
-    delete [] const_cast<unsigned char*>(publicKeyBuffer);
-
-    if(_publicKey == 0)
-    {
-        IceSSL::CertificateParseException certParseException(__FILE__, __LINE__);
-
-        certParseException.message = "unable to parse provided public key\n" + sslGetErrors();
-
-        throw certParseException;
-    }
-}
-
-
diff --git a/cpp/src/IceSSL/ServerContext.cpp b/cpp/src/IceSSL/ServerContext.cpp
deleted file mode 100644
index 5dbfb57f4d7..00000000000
--- a/cpp/src/IceSSL/ServerContext.cpp
+++ /dev/null
@@ -1,131 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Communicator.h>
-#include <Ice/LoggerUtil.h>
-
-#include <IceSSL/Exception.h>
-#include <IceSSL/ServerContext.h>
-#include <IceSSL/SslTransceiver.h>
-#include <IceSSL/OpenSSLUtils.h>
-#include <IceSSL/TraceLevels.h>
-
-using namespace std;
-using namespace Ice;
-
-void
-IceSSL::ServerContext::configure(const GeneralConfig& generalConfig,
-                                 const CertificateAuthority& certificateAuthority,
-                                 const BaseCertificates& baseCertificates)
-{
-    Context::configure(generalConfig, certificateAuthority, baseCertificates);
-
-    assert(_sslContext != 0);
-
-    // On servers, Attempt to use non-export (strong) encryption
-    // first.  This option does not always work, and in the OpenSSL
-    // documentation is declared as 'broken'.
-    // SSL_CTX_set_options(_sslContext, SSL_OP_NON_EXPORT_FIRST);
-
-    // Always use a new DH key when using Diffie-Hellman key agreement.
-    SSL_CTX_set_options(_sslContext, SSL_OP_SINGLE_DH_USE);
-
-    // Set the RSA Callback routine in case we need to build a temporary (ephemeral) RSA key.
-    SSL_CTX_set_tmp_rsa_callback(_sslContext, tmpRSACallback);
-
-    // Set the DH Callback routine in case we need a temporary (ephemeral) DH key.
-    SSL_CTX_set_tmp_dh_callback(_sslContext, tmpDHCallback);
-
-    loadCertificateAuthority(certificateAuthority);
-
-    // Set the session context for the SSL system [SERVER ONLY].
-    string connectionContext = generalConfig.getContext();
-    SSL_CTX_set_session_id_context(_sslContext,
-                                   reinterpret_cast<const unsigned char *>(connectionContext.c_str()),
-                                   (unsigned int) connectionContext.size());
-
-    if(_traceLevels->security >= SECURITY_PROTOCOL)
-    {
-        Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-
-        out << "\n";
-        out << "general configuration (server)\n";
-        out << "------------------------------\n";
-	IceSSL::operator<<(out, generalConfig);
-        out << "\n\n";
-
-        out << "CA file: " << certificateAuthority.getCAFileName() << "\n";
-        out << "CA path: " << certificateAuthority.getCAPath() << "\n";
-
-        out << "base certificates (server)\n";
-        out << "--------------------------\n";
-	IceSSL::operator<<(out, baseCertificates);
-        out << "\n\n";
-    }
-}
-
-IceSSL::SslTransceiverPtr 
-IceSSL::ServerContext::createTransceiver(int socket, const OpenSSLPluginIPtr& plugin, int timeout)
-{
-    if(_sslContext == 0)
-    {
-        ContextNotConfiguredException contextEx(__FILE__, __LINE__);
-
-        throw contextEx;
-    }
-
-    SSL* ssl = createSSLConnection(socket);
-    return new SslTransceiver(IceSSL::Server, plugin, socket, _certificateVerifier, ssl, timeout);
-}
-
-//
-// Protected
-//
-
-IceSSL::ServerContext::ServerContext(const TraceLevelsPtr& traceLevels, const CommunicatorPtr& communicator) :
-    Context(traceLevels, communicator, Server)
-{
-    _rsaPrivateKeyProperty = "IceSSL.Server.Overrides.RSA.PrivateKey";
-    _rsaPublicKeyProperty  = "IceSSL.Server.Overrides.RSA.Certificate";
-    _dsaPrivateKeyProperty = "IceSSL.Server.Overrides.DSA.PrivateKey";
-    _dsaPublicKeyProperty  = "IceSSL.Server.Overrides.DSA.Certificate";
-    _caCertificateProperty = "IceSSL.Server.Overrides.CACertificate";
-    _passphraseRetriesProperty = "IceSSL.Server.Passphrase.Retries";
-}
-
-void
-IceSSL::ServerContext::loadCertificateAuthority(const CertificateAuthority& certAuth)
-{
-    assert(_sslContext != 0);
-
-    Context::loadCertificateAuthority(certAuth);
-
-    string caFile = certAuth.getCAFileName();
-
-    if(caFile.empty())
-    {
-        return;
-    }
-
-    STACK_OF(X509_NAME)* certNames = SSL_load_client_CA_file(caFile.c_str());
-
-    if(certNames == 0)
-    {
-        if(_traceLevels->security >= SECURITY_WARNINGS)
-        {
-            Trace out(_communicator->getLogger(), _traceLevels->securityCat);
-            out << "WRN unable to load certificate authorities certificate names from " << caFile << "\n";
-            out << sslGetErrors();
-        }
-    }
-    else
-    {
-        SSL_CTX_set_client_CA_list(_sslContext, certNames);
-    }
-}
diff --git a/cpp/src/IceSSL/ServerContext.h b/cpp/src/IceSSL/ServerContext.h
deleted file mode 100644
index 30899bb77d2..00000000000
--- a/cpp/src/IceSSL/ServerContext.h
+++ /dev/null
@@ -1,40 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICESSL_SERVER_CONTEXT_H
-#define ICESSL_SERVER_CONTEXT_H
-
-#include <IceSSL/OpenSSLPluginIF.h>
-#include <IceSSL/Context.h>
-
-namespace IceSSL
-{
-
-class ServerContext : public Context
-{
-public:
-
-    virtual void configure(const GeneralConfig&,
-                           const CertificateAuthority&,
-                           const BaseCertificates&);
-
-    SslTransceiverPtr createTransceiver(int, const OpenSSLPluginIPtr&, int);
-
-protected:
-
-    ServerContext(const TraceLevelsPtr&, const Ice::CommunicatorPtr&);
-
-    virtual void loadCertificateAuthority(const CertificateAuthority& certAuth);
-
-    friend class OpenSSLPluginI;
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/SingleCertificateVerifier.cpp b/cpp/src/IceSSL/SingleCertificateVerifier.cpp
deleted file mode 100644
index b0b87f5ba8f..00000000000
--- a/cpp/src/IceSSL/SingleCertificateVerifier.cpp
+++ /dev/null
@@ -1,110 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/SingleCertificateVerifier.h>
-#include <IceSSL/Convert.h>
-#include <openssl/err.h>
-#include <algorithm>
-#include <iostream>
-
-using namespace std;
-using Ice::ByteSeq;
-
-IceSSL::SingleCertificateVerifier::SingleCertificateVerifier(const ByteSeq& publicKey) :
-                                           _publicKey(publicKey)
-{
-}
-
-int
-IceSSL::SingleCertificateVerifier::verify(int preVerifyOkay,
-                                          X509_STORE_CTX* x509StoreContext,
-                                          SSL* sslConnection)
-{
-    // For getting the CA certificate
-    X509* trustedCert = 0;
-    X509_OBJECT trustedObject;
-
-    // Get the peer certificate offered by whoever we're talking to.
-    X509* peerCertificate = x509StoreContext->cert;
-
-    // We only bother to do the rest of this if we have something to verify.
-    if(peerCertificate)
-    {
-        // Get the subject name (Not a memory leak, this is how this is used).
-        X509_NAME* peerCertName = X509_get_subject_name(peerCertificate);
-
-        // The Trusted Certificate by the same name.
-        int retCode = X509_STORE_get_by_subject(x509StoreContext,
-                                                X509_LU_X509,
-                                                peerCertName,
-                                                &trustedObject);
-
-        switch(retCode)
-        {
-            case X509_LU_X509:
-            {
-                trustedCert = trustedObject.data.x509;
-                break;
-            }
-    
-            case X509_LU_RETRY:
-            {
-                // Log the error properly.
-                X509err(X509_F_X509_VERIFY_CERT, X509_R_SHOULD_RETRY);
-
-                // Drop through intended.
-            }
-    
-            default :
-            {
-                // Regardless of error, if we can't look up the trusted
-                // certificate, then we fail out.
-
-                preVerifyOkay = 0;
-                break;
-            }
-        }
-    }
-
-    // Compare, only if we have both.
-    if(trustedCert)
-    {
-        ByteSeq peerByteSeq;
-        toByteSeq(peerCertificate, peerByteSeq);
-
-        ByteSeq trustedByteSeq;
-        toByteSeq(trustedCert, trustedByteSeq);
-
-        // The presented certificate must exactly match one that is in
-        // the certificate store, and that must be the expected certificate.
-
-        preVerifyOkay = (peerByteSeq == trustedByteSeq) &&
-                        (_publicKey == peerByteSeq);
-
-        X509_OBJECT_free_contents(&trustedObject);
-    }
-
-    return preVerifyOkay;
-}
-
-void
-IceSSL::SingleCertificateVerifier::toByteSeq(X509* certificate,
-                                             ByteSeq& certByteSeq)
-{
-    // Convert the X509 to a unsigned char buffer.
-    unsigned int certSize = i2d_X509(certificate, 0);
-    unsigned char* certBuffer = new unsigned char[certSize];
-    unsigned char* certPtr = certBuffer;
-    i2d_X509(certificate, &certPtr);
-
-    // Yet another conversion to a ByteSeq (easy comparison this way).
-    IceSSL::ucharToByteSeq(certBuffer, certSize, certByteSeq);
-    delete []certBuffer;
-}
-
diff --git a/cpp/src/IceSSL/SingleCertificateVerifier.h b/cpp/src/IceSSL/SingleCertificateVerifier.h
deleted file mode 100644
index 9b560d4ef7c..00000000000
--- a/cpp/src/IceSSL/SingleCertificateVerifier.h
+++ /dev/null
@@ -1,37 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_SINGLE_CERTIFICATE_VERIFIER_H
-#define ICE_SSL_SINGLE_CERTIFICATE_VERIFIER_H
-
-#include <Ice/BuiltinSequences.h>
-#include <IceSSL/CertificateVerifierOpenSSL.h>
-
-namespace IceSSL
-{
-
-class SingleCertificateVerifier : public IceSSL::CertificateVerifierOpenSSL
-{
-public:
-
-    SingleCertificateVerifier(const Ice::ByteSeq&);
-
-    virtual int verify(int, X509_STORE_CTX*, SSL*);
-
-    void toByteSeq(X509*, Ice::ByteSeq&);
-
-protected:
-
-    Ice::ByteSeq _publicKey;
-};
-
-}
-
-#endif
-
diff --git a/cpp/src/IceSSL/SslAcceptor.cpp b/cpp/src/IceSSL/SslAcceptor.cpp
deleted file mode 100644
index 019dc3f7eb7..00000000000
--- a/cpp/src/IceSSL/SslAcceptor.cpp
+++ /dev/null
@@ -1,140 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/LoggerUtil.h>
-#include <Ice/Network.h>
-
-#include <IceSSL/OpenSSLPluginI.h>
-#include <IceSSL/SslAcceptor.h>
-#include <IceSSL/SslTransceiver.h>
-#include <IceSSL/TraceLevels.h>
-
-using namespace std;
-using namespace Ice;
-using namespace IceInternal;
-
-SOCKET
-IceSSL::SslAcceptor::fd()
-{
-    return _fd;
-}
-
-void
-IceSSL::SslAcceptor::close()
-{
-    if(_traceLevels->network >= 1)
-    {
-	Trace out(_logger, _traceLevels->networkCat);
-	out << "stopping to accept ssl connections at " << toString();
-    }
-
-    SOCKET fd = _fd;
-    _fd = INVALID_SOCKET;
-    closeSocket(fd);
-}
-
-void
-IceSSL::SslAcceptor::listen()
-{
-    try
-    {
-	doListen(_fd, _backlog);
-    }
-    catch(...)
-    {
-	_fd = INVALID_SOCKET;
-	throw;
-    }
-
-    if(_traceLevels->network >= 1)
-    {
-	Trace out(_logger, _traceLevels->networkCat);
-	out << "accepting ssl connections at " << toString();
-    }
-}
-
-TransceiverPtr
-IceSSL::SslAcceptor::accept(int timeout)
-{
-    SOCKET fd = doAccept(_fd, timeout);
-    setBlock(fd, false);
-
-    if(_traceLevels->network >= 1)
-    {
-	Trace out(_logger, _traceLevels->networkCat);
-	out << "accepted ssl connection\n" << fdToString(fd);
-    }
-
-    return _plugin->createServerTransceiver(
-	static_cast<int>(fd), timeout);
-}
-
-void
-IceSSL::SslAcceptor::connectToSelf()
-{
-    SOCKET fd = createSocket(false);
-    setBlock(fd, false);
-    doConnect(fd, _addr, -1);
-    closeSocket(fd);
-}
-
-string
-IceSSL::SslAcceptor::toString() const
-{
-    return addrToString(_addr);
-}
-
-bool
-IceSSL::SslAcceptor::equivalent(const string& host, int port) const
-{
-    struct sockaddr_in addr;
-    getAddress(host, port, addr);
-    return compareAddress(addr, _addr);
-}
-
-int
-IceSSL::SslAcceptor::effectivePort()
-{
-    return ntohs(_addr.sin_port);
-}
-
-IceSSL::SslAcceptor::SslAcceptor(const OpenSSLPluginIPtr& plugin, const string& host, int port) :
-    _plugin(plugin),
-    _traceLevels(plugin->getTraceLevels()),
-    _logger(plugin->getLogger()),
-    _backlog(0)
-{
-    if(_backlog <= 0)
-    {
-        _backlog = 5;
-    }
-
-    try
-    {
-	_fd = createSocket(false);
-	setBlock(_fd, false);
-	getAddress(host, port, _addr);
-	if(_traceLevels->network >= 2)
-	{
-	    Trace out(_logger, _traceLevels->networkCat);
-	    out << "attempting to bind to ssl socket " << toString();
-	}
-	doBind(_fd, _addr);
-    }
-    catch(...)
-    {
-	_fd = INVALID_SOCKET;
-	throw;
-    }
-}
-
-IceSSL::SslAcceptor::~SslAcceptor()
-{
-    assert(_fd == INVALID_SOCKET);
-}
diff --git a/cpp/src/IceSSL/SslConnector.cpp b/cpp/src/IceSSL/SslConnector.cpp
deleted file mode 100644
index 9d4377a7418..00000000000
--- a/cpp/src/IceSSL/SslConnector.cpp
+++ /dev/null
@@ -1,61 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Network.h>
-#include <Ice/LoggerUtil.h>
-
-#include <IceSSL/OpenSSLPluginI.h>
-#include <IceSSL/SslConnector.h>
-#include <IceSSL/SslTransceiver.h>
-#include <IceSSL/TraceLevels.h>
-
-using namespace std;
-using namespace Ice;
-using namespace IceInternal;
-
-TransceiverPtr
-IceSSL::SslConnector::connect(int timeout)
-{
-    if(_traceLevels->network >= 2)
-    {
-	Trace out(_logger, _traceLevels->networkCat);
-	out << "trying to establish ssl connection to " << toString();
-    }
-
-    SOCKET fd = createSocket(false);
-    setBlock(fd, false);
-    doConnect(fd, _addr, timeout);
-
-    if(_traceLevels->network >= 1)
-    {
-	Trace out(_logger, _traceLevels->networkCat);
-	out << "ssl connection established\n" << fdToString(fd);
-    }
-
-    return _plugin->createClientTransceiver(
-	static_cast<int>(fd), timeout);
-}
-
-string
-IceSSL::SslConnector::toString() const
-{
-    return addrToString(_addr);
-}
-
-IceSSL::SslConnector::SslConnector(const OpenSSLPluginIPtr& plugin, const string& host, int port) :
-    _plugin(plugin),
-    _traceLevels(plugin->getTraceLevels()),
-    _logger(plugin->getLogger())
-{
-    getAddress(host, port, _addr);
-}
-
-IceSSL::SslConnector::~SslConnector()
-{
-}
diff --git a/cpp/src/IceSSL/SslException.cpp b/cpp/src/IceSSL/SslException.cpp
deleted file mode 100644
index c4835041a12..00000000000
--- a/cpp/src/IceSSL/SslException.cpp
+++ /dev/null
@@ -1,144 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/LocalException.h>
-#include <IceSSL/Exception.h>
-
-using namespace std;
-using namespace Ice;
-
-void
-IceSSL::SslException::ice_print(ostream& out) const
-{
-    Exception::ice_print(out);
-    if(!message.empty())
-    {
-        out << ":\n" << message;
-    }
-}
-
-void
-IceSSL::ConfigurationLoadingException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::ConfigParseException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::ShutdownException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::ProtocolException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateVerificationException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateSigningException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateSignatureException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateParseException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::PrivateKeyException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::PrivateKeyParseException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateVerifierTypeException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::ContextException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::ContextInitializationException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::ContextNotConfiguredException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::UnsupportedContextException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateLoadException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::PrivateKeyLoadException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::CertificateKeyMatchException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
-
-void
-IceSSL::TrustedCertificateAddException::ice_print(ostream& out) const
-{
-    SslException::ice_print(out);
-}
diff --git a/cpp/src/IceSSL/SslTransceiver.cpp b/cpp/src/IceSSL/SslTransceiver.cpp
deleted file mode 100644
index c6c5c9e32bb..00000000000
--- a/cpp/src/IceSSL/SslTransceiver.cpp
+++ /dev/null
@@ -1,1053 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/LoggerUtil.h>
-#include <Ice/Stats.h>
-#include <Ice/Network.h>
-#include <Ice/LocalException.h>
-#include <IceSSL/SslTransceiver.h>
-#include <IceSSL/TraceLevels.h>
-#include <IceSSL/Exception.h>
-#include <IceSSL/OpenSSLPluginI.h>
-#include <IceSSL/OpenSSLUtils.h>
-
-#include <openssl/err.h>
-
-using namespace std;
-using namespace Ice;
-using namespace IceInternal;
-
-//
-// Static Member Initialization
-//
-IceSSL::SslTransceiverMap IceSSL::SslTransceiver::_transceiverMap;
-IceUtil::StaticMutex IceSSL::SslTransceiver::_transceiverRepositoryMutex = ICE_STATIC_MUTEX_INITIALIZER;
-
-void IceInternal::incRef(IceSSL::SslTransceiver* p) { p->__incRef(); }
-void IceInternal::decRef(IceSSL::SslTransceiver* p) { p->__decRef(); }
-
-SOCKET
-IceSSL::SslTransceiver::fd()
-{
-    assert(_fd != INVALID_SOCKET);
-    return _fd;
-}
-
-void
-IceSSL::SslTransceiver::close()
-{
-    if(_fd == INVALID_SOCKET)
-    {
-        // Ignore - the connection was never set up.
-        return;
-    }
-
-    if(_traceLevels->network >= 1)
-    {
-   	Trace out(_logger, _traceLevels->networkCat);
-	out << "closing ssl connection\n" << toString();
-    }
-
-    try
-    {
-	internalShutdownWrite(10 * 1000);
-    }
-    catch(const Ice::Exception& e)
-    {
-	Warning warn(_logger);
-	warn << "error in shutting down ssl connection " << e;
-    }
-
-    assert(_fd != INVALID_SOCKET);
-    try
-    {
-	closeSocket(_fd);
-	_fd = INVALID_SOCKET;
-    }
-    catch(const SocketException&)
-    {
-	_fd = INVALID_SOCKET;
-	throw;
-    }
-}
-
-void
-IceSSL::SslTransceiver::shutdownWrite()
-{
-    if(_traceLevels->network >= 2)
-    {
- 	Trace out(_logger, _traceLevels->networkCat);
-	out << "shutting down ssl connection for writing\n" << toString();
-    }
-
-    try
-    {
-	internalShutdownWrite(10 * 1000);
-    }
-    catch(const Ice::Exception& e)
-    {
-	Warning warn(_logger);
-	warn << "error in shutting down ssl connection " << e;
-    }
-
-    assert(_fd != INVALID_SOCKET);
-    shutdownSocketWrite(_fd);
-}
-
-void
-IceSSL::SslTransceiver::shutdownReadWrite()
-{
-    if(_traceLevels->network >= 2)
-    {
- 	Trace out(_logger, _traceLevels->networkCat);
-	out << "shutting down ssl connection for reading and writing\n" << toString();
-    }
-
-    assert(_fd != INVALID_SOCKET);
-    shutdownSocketReadWrite(_fd);
-}
-
-void
-IceSSL::SslTransceiver::write(Buffer& buf, int timeout)
-{
-    assert(_fd != INVALID_SOCKET);
-
-    _plugin->registerThread();
-
-
-    Buffer::Container::difference_type packetSize = 
-        static_cast<Buffer::Container::difference_type>(buf.b.end() - buf.i);
-
-#ifdef _WIN32
-    //
-    // Limit packet size to avoid performance problems on WIN32.
-    //
-    if(packetSize > 64 * 1024)
-    {
-        packetSize = 64 * 1024;
-    }
-#endif
-
-    // We keep writing until we're done.
-    while(buf.i != buf.b.end())
-    {
-	ERR_clear_error();
-	int ret = SSL_write(_sslConnection, &*buf.i, static_cast<int>(packetSize));
-        switch(SSL_get_error(_sslConnection, ret))
-        {
-	    case SSL_ERROR_NONE:
-		break;
-	    
-            case SSL_ERROR_WANT_WRITE:
-	    {
-		writeSelect(timeout);
-		continue;
-	    }
-
-	    //
-	    // If session renegotiation is ever enabled this could
-	    // occur.
-	    //
-            //case SSL_ERROR_WANT_READ:
-	    //{
-	    //	  readSelect(timeout);
-	    //	  continue;
-	    //}
-
-            case SSL_ERROR_SYSCALL:
-            {
-		if(ret == -1)
-		{
-		    // IO Error in underlying BIO
-
-		    if(interrupted())
-		    {
-			continue;
-		    }
-
-		    if(noBuffers() && packetSize > 1024)
-		    {
-			packetSize /= 2;
-			continue;
-		    }
-
-		    //
-		    // Its not clear whether this can occur, isn't
-		    // this the same as SSL_ERROR_WANT_WRITE?
-		    //
-		    if(wouldBlock())
-		    {
-			writeSelect(timeout);
-			continue;
-		    }
-
-		    if(connectionLost())
-		    {
-			ConnectionLostException ex(__FILE__, __LINE__);
-			ex.error = getSocketErrno();
-			throw ex;
-		    }
-		    else
-		    {
-			SocketException ex(__FILE__, __LINE__);
-			ex.error = getSocketErrno();
-			throw ex;
-		    }
-		}
-		// fall through
-            }
-
-            case SSL_ERROR_ZERO_RETURN:
-            {
-		assert(ret == 0);
-		ConnectionLostException ex(__FILE__, __LINE__);
-		ex.error = 0;
-		throw ex;
-            }
-
-            case SSL_ERROR_SSL:
-            {
-                ProtocolException ex(__FILE__, __LINE__);
-                ex.message = "encountered a violation of the ssl protocol\n";
-                ex.message += IceSSL::sslGetErrors();
-                throw ex;
-            }
-
-	    default:
-	    {
-		Warning warn(_logger);
-		warn << "IceSSL: unexpected result from SSL_write: " << SSL_get_error(_sslConnection, ret);
-	    }
-        }
-
-	if(_traceLevels->network >= 3)
-	{
-	    Trace out(_logger, _traceLevels->networkCat);
-	    out << "sent " << ret << " of " << packetSize; out << " bytes via ssl\n"
-		<< fdToString(SSL_get_fd(_sslConnection));
-	}
-
-	if(_stats)
-	{
-	    _stats->bytesSent(type(), ret);
-	}
-
-	buf.i += ret;
-
-	if(packetSize > buf.b.end() - buf.i)
-	{
-	    packetSize = static_cast<Buffer::Container::difference_type>(buf.b.end() - buf.i);
-	}
-    }
-}
-
-void
-IceSSL::SslTransceiver::read(Buffer& buf, int timeout)
-{
-    assert(_fd != INVALID_SOCKET);
-
-    _plugin->registerThread();
-
-    Buffer::Container::difference_type packetSize = 
-        static_cast<Buffer::Container::difference_type>(buf.b.end() - buf.i);
-
-    while(buf.i != buf.b.end())
-    {
-	ERR_clear_error();
-	int ret = SSL_read(_sslConnection, &*buf.i, static_cast<Int>(packetSize));
-        switch(SSL_get_error(_sslConnection, ret))
-        {
-	    case SSL_ERROR_NONE:
-		break;
-
-            case SSL_ERROR_WANT_READ:
-            {
-                readSelect(timeout);
-                continue;
-            }
-
-	    //
-	    // If session renegotiation is ever enabled this could
-	    // occur.
-	    //
-            //case SSL_ERROR_WANT_WRITE:
-	    //{
-	    //	  writeSelect(timeout);
-	    //	  continue;
-	    //}
-
-            case SSL_ERROR_SYSCALL:
-            {
-                if(ret == -1)
-                {
-                    // IO Error in underlying BIO
-
-                    if(interrupted())
-                    {
-                        continue;
-                    }
-
-		    if(noBuffers() && packetSize > 1024)
-		    {
-			packetSize /= 2;
-			continue;
-		    }
-
-		    //
-		    // Its not clear whether this can occur, isn't
-		    // this the same as SSL_ERROR_WANT_READ?
-		    //
-                    if(wouldBlock())
-                    {
-			readSelect(timeout);
-                        continue;
-                    }
-
-                    if(!connectionLost())
-                    {
-			SocketException ex(__FILE__, __LINE__);
-			ex.error = getSocketErrno();
-			throw ex;
-		    }
-                }
-		// fall throught
-	    }
-
-            case SSL_ERROR_ZERO_RETURN:
-	    {
-
-		//
-		// If the connection is lost when reading data, we shut
-		// down the write end of the socket. This helps to unblock
-		// threads that are stuck in send() or select() while
-		// sending data. Note: I don't really understand why
-		// send() or select() sometimes don't detect a connection
-		// loss. Therefore this helper to make them detect it.
-		//
-		//assert(_fd != INVALID_SOCKET);
-		//shutdownSocket(_fd);
-
-		ConnectionLostException ex(__FILE__, __LINE__);
-		ex.error = getSocketErrno();
-		throw ex;
-            }
-
-            case SSL_ERROR_SSL:
-            {
-                ProtocolException ex(__FILE__, __LINE__);
-                ex.message = "encountered a violation of the ssl protocol\n";
-                ex.message += sslGetErrors();
-                throw ex;
-            }
-
-	    default:
-	    {
-		Warning warn(_logger);
-		warn << "IceSSL: unexpected result from SSL_write: " << SSL_get_error(_sslConnection, ret);
-	    }
-        }
-
-	if(_traceLevels->network >= 3)
-	{
-	    Trace out(_logger, _traceLevels->networkCat);
-	    out << "received " << ret << " of " << packetSize; out << " bytes via ssl\n" << toString();
-	}
-
-	if(_stats)
-	{
-	    _stats->bytesReceived(type(), ret);
-	}
-
-	buf.i += ret;
-
-	if(packetSize > buf.b.end() - buf.i)
-	{
-	    packetSize = static_cast<Buffer::Container::difference_type>(buf.b.end() - buf.i);
-	}
-    }
-}
-
-string
-IceSSL::SslTransceiver::type() const
-{
-    return "ssl";
-}
-
-string
-IceSSL::SslTransceiver::toString() const
-{
-    return fdToString(_fd);
-}
-
-void
-IceSSL::SslTransceiver::initialize(int timeout)
-{
-    assert(_sslConnection != 0);
-
-    if(_traceLevels->security >= IceSSL::SECURITY_PROTOCOL)
-    {
-	Trace out(_logger, _traceLevels->securityCat);
-	out << "Performing handshake.\n";
-	out << fdToString(SSL_get_fd(_sslConnection));
-    }
-
-    while(true)
-    {
-	ERR_clear_error();
-	int result;
-	if(_contextType == IceSSL::Client)
-	{
-	    result = SSL_connect(_sslConnection);
-	}
-	else
-	{
-	    result = SSL_accept(_sslConnection);
-	}
-
-	//
-	// Success?
-	//
-	if(result == 1)
-	{
-	    assert(SSL_is_init_finished(_sslConnection));
-
-	    //
-	    // Init finished, look at the connection information.
-	    //
-#ifdef ICE_SSL_EXTRA_TRACING	
-	    if(_traceLevels->security >= IceSSL::SECURITY_PROTOCOL_DEBUG)
-	    {
-		//
-		// Only in extreme cases do we enable this, partially because it doesn't use the Logger.
-		//
-		BIOJanitor bioJanitor(BIO_new_fp(stdout, BIO_NOCLOSE));
-		BIO* bio = bioJanitor.get();
-		
-		showCertificateChain(bio);
-		
-		showPeerCertificate(bio, _contextType == IceSSL::Server : "Server" ? "Client");
-		
-		showSharedCiphers(bio);
-		
-		showSelectedCipherInfo(bio);
-		
-		showHandshakeStats(bio);
-		
-		showSessionInfo(bio);
-	    }
-#endif
-	    return;
-	}
-
-	switch(SSL_get_error(_sslConnection, result))
-	{
-	    case SSL_ERROR_WANT_READ:
-	    {
-		readSelect(timeout);
-		continue;
-	    }
-
-	    case SSL_ERROR_WANT_WRITE:
-	    {
-		writeSelect(timeout);
-		continue;
-	    }
-
-	    case SSL_ERROR_NONE:
-	    {
-		continue;
-	    }
-
-	    case SSL_ERROR_WANT_X509_LOOKUP:
-	    {
-		Warning warn(_logger);
-		warn << "SSL_ERROR_NONE";
-		continue;
-	    }
-
-	    case SSL_ERROR_SYSCALL:
-	    {
-		if(result == -1)
-		{
-		    if(interrupted())
-		    {
-			break;
-		    }
-
-		    assert(!wouldBlock());
-
-		    if(connectionLost())
-		    {
-			ConnectionLostException ex(__FILE__, __LINE__);
-			ex.error = getSocketErrno();
-			throw ex;
-		    }
-		}
-
-		SocketException ex(__FILE__, __LINE__);
-		ex.error = getSocketErrno();
-		throw ex;
-	    }
-
-	    case SSL_ERROR_SSL:
-	    {
-		long err = SSL_get_verify_result(_sslConnection);
-		if(err != X509_V_OK)
-		{
-		    //
-		    // On a client we raise the CertificateVerificationException. On the
-		    // server side we simply close the connection.
-		    //
-		    if(_contextType == IceSSL::Client)
-		    {
-			CertificateVerificationException ex(__FILE__, __LINE__);
-			ex.message = getVerificationError(err);
-			string errors = sslGetErrors();
-			if(!errors.empty())
-			{
-			    ex.message += "\n";
-			    ex.message += errors;
-			}
-			throw ex;
-		    }
-		    else
-		    {
-			//
-			// Validation failed, close the connection.
-			//
-			throw ConnectionRefusedException(__FILE__, __LINE__);
-		    }
-		}
-
-		//
-		// This happens if the client or server silently drop
-		// the connection. That can occur if the server
-		// doesn't trust the client for example.
-		//
-		ProtocolException ex(__FILE__, __LINE__);
-		ex.message = "encountered a violation of the ssl protocol during handshake\n";
-		ex.message += sslGetErrors();
-		throw ex;
-	    }
-
-	    case SSL_ERROR_ZERO_RETURN:
-	    {
-		ConnectionLostException ex(__FILE__, __LINE__);
-		ex.error = getSocketErrno();
-		throw ex;
-	    }
-	}
-    }
-}
-
-IceSSL::SslTransceiverPtr
-IceSSL::SslTransceiver::getTransceiver(SSL* sslPtr)
-{
-    IceUtil::StaticMutex::Lock sync(_transceiverRepositoryMutex);
-
-    assert(sslPtr);
-
-    SslTransceiver* transceiver = _transceiverMap[sslPtr];
-
-    assert(transceiver);
-
-    return SslTransceiverPtr(transceiver);
-}
-
-//
-// Note: Do not throw exceptions from verifyCertificate - it would rip
-// through the OpenSSL system, interfering with the usual handling and
-// alert system of the handshake.  Exceptions should be caught here
-// (if they can be generated), logged and then a fail return code (0)
-// should returned.
-//
-int
-IceSSL::SslTransceiver::verifyCertificate(int preVerifyOkay, X509_STORE_CTX* x509StoreContext)
-{
-    // Should NEVER be able to happen.
-    assert(_certificateVerifier.get() != 0);
-
-    // Get the verifier, make sure it is for OpenSSL connections
-    CertificateVerifierOpenSSLPtr verifier;
-    verifier = dynamic_cast<CertificateVerifierOpenSSL*>(_certificateVerifier.get());
-
-    // Check to make sure we have a proper verifier for the operation.
-    if(verifier)
-    {
-        // Use the verifier to verify the certificate
-        try
-        {
-            preVerifyOkay = verifier->verify(preVerifyOkay, x509StoreContext, _sslConnection);
-        }
-        catch(const Ice::LocalException& localEx)
-        {
-            if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
-            {
- 	        Trace out(_logger, _traceLevels->networkCat);
-                out << "WRN exception during certificate verification: \n";
-                out << localEx;
-            }
-
-            preVerifyOkay = 0;
-        }
-    }
-    else
-    {
-        // Note: This code should NEVER be able to be reached, as we check each
-        //       CertificateVerifier as it is added to the System.
-
-        if(_traceLevels->security >= IceSSL::SECURITY_WARNINGS)
-        {
- 	    Trace out(_logger, _traceLevels->networkCat);
-
-            if(_certificateVerifier.get())
-            {
-                out << "WRN improper CertificateVerifier type";
-            }
-            else
-            {
-                // NOTE: This should NEVER be able to happen, but just in case.
-                out << "WRN CertificateVerifier not set";
-            }
-        }
-    }
-
-    return preVerifyOkay;
-}
-
-//
-// Protected Methods
-//
-
-void
-IceSSL::SslTransceiver::internalShutdownWrite(int timeout)
-{
-    while(true)
-    {
-	ERR_clear_error();
-	int result = SSL_shutdown(_sslConnection);
-	if(result == 0)
-	{
-	    //
-	    // From the documentation:
-	    //
-	    // The shutdown is not yet finished. Call SSL_shutdown()
-	    // for a second time, if a bidirectional shutdown shall be
-	    // performed. The output of SSL_get_error(3) may be
-	    // misleading, as an erroneous SSL_ERROR_SYSCALL may be
-	    // flagged even though no error occurred.
-	    //
-	    // Call it one more time. If the result is 0 then we're done.
-	    //
-	    result = SSL_shutdown(_sslConnection);
-	    if(result == 0)
-	    {
-		return;
-	    }
-	}
-	if(result == 1)
-	{
-	    // Shutdown successful - shut down the socket for writing.
-	    shutdownSocketWrite(SSL_get_fd(_sslConnection));
-	    return;
-	}
-	else if(result == -1)
-	{
-	    switch(SSL_get_error(_sslConnection, result))
-	    {
-		case SSL_ERROR_WANT_WRITE:
-		{
-		    writeSelect(timeout);
-		    continue;
-		}
-
-		case SSL_ERROR_WANT_READ:
-		{
-		    readSelect(timeout);
-		    continue;
-		}
-
-		case SSL_ERROR_NONE:
-		case SSL_ERROR_WANT_X509_LOOKUP:
-		{
-		    continue;
-		}
-
-		case SSL_ERROR_SYSCALL:
-		{
-		    if(interrupted())
-		    {
-			continue;
-		    }
-
-		    assert(!wouldBlock());
-
-		    if(connectionLost())
-		    {
-			ConnectionLostException ex(__FILE__, __LINE__);
-			ex.error = getSocketErrno();
-			throw ex;
-		    }
-
-		    //
-		    // Non-specific socket problem.
-		    //
-		    SocketException ex(__FILE__, __LINE__);
-		    ex.error = getSocketErrno();
-		    throw ex;
-		}
-
-		case SSL_ERROR_SSL:
-		{
-		    //
-		    // Error in the SSL library, usually a Protocol error.
-		    //
-
-		    ProtocolException ex(__FILE__, __LINE__);
-		    ex.message = "encountered a violation of the ssl protocol during shutdown\n";
-		    ex.message += sslGetErrors();
-		    throw ex;
-		}
-
-		case SSL_ERROR_ZERO_RETURN:
-		{
-		    //
-		    // Indicates that the SSL connection has been
-		    // closed. For SSLv3.0 and TLSv1.0, it indicates
-		    // that a closure alert was received, and thus the
-		    // connection has been closed cleanly.
-		    //
-		    throw CloseConnectionException(__FILE__, __LINE__);
-		}
-	    }
-	}
-    }
-}
-
-void
-IceSSL::SslTransceiver::select(int timeout, bool write)
-{
-    int ret;
-
-    assert(_sslConnection != 0);
-    SOCKET fd = SSL_get_fd(_sslConnection);
-
-    fd_set rwFdSet;
-    struct timeval tv;
-
-    if(timeout >= 0)
-    {
-        tv.tv_sec = timeout / 1000;
-        tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000;
-    }
-
-    do
-    {
-        FD_ZERO(&rwFdSet);
-        FD_SET(fd, &rwFdSet);
-
-        if(timeout >= 0)
-        {
-            if(write)
-            {
-                ret = ::select(static_cast<int>(fd + 1), 0, &rwFdSet, 0, &tv);
-            }
-            else
-            {
-                ret = ::select(static_cast<int>(fd + 1), &rwFdSet, 0, 0, &tv);
-            }
-        }
-        else
-        {
-            if(write)
-            {
-                ret = ::select(static_cast<int>(fd + 1), 0, &rwFdSet, 0, 0);
-            }
-            else
-            {
-                ret = ::select(static_cast<int>(fd + 1), &rwFdSet, 0, 0, 0);
-            }
-        }
-    }
-    while(ret == SOCKET_ERROR && interrupted());
-
-    if(ret == SOCKET_ERROR)
-    {
-	SocketException ex(__FILE__, __LINE__);
-	ex.error = getSocketErrno();
-	throw ex;
-    }
-
-    if(ret == 0)
-    {
-        throw TimeoutException(__FILE__, __LINE__);
-    }
-}
-
-void
-IceSSL::SslTransceiver::readSelect(int timeout)
-{
-    select(timeout, false);
-}
-
-void
-IceSSL::SslTransceiver::writeSelect(int timeout)
-{
-    select(timeout, true);
-}
-
-//
-// Static Protected
-//
-
-void
-IceSSL::SslTransceiver::addTransceiver(SSL* sslPtr, SslTransceiver* transceiver)
-{
-    assert(sslPtr);
-    assert(transceiver);
-    IceUtil::StaticMutex::Lock sync(_transceiverRepositoryMutex);
-    _transceiverMap[sslPtr] = transceiver;
-}
-
-void
-IceSSL::SslTransceiver::removeTransceiver(SSL* sslPtr)
-{
-    assert(sslPtr);
-    IceUtil::StaticMutex::Lock sync(_transceiverRepositoryMutex);
-    _transceiverMap.erase(sslPtr);
-}
-
-#ifdef ICE_SSL_EXTRA_TRACING
-
-void
-IceSSL::SslTransceiver::showCertificateChain(BIO* bio)
-{
-    assert(_sslConnection != 0);
-    assert(bio != 0);
-
-    STACK_OF(X509)* sk;
-
-    // Big nasty buffer
-    char buffer[4096];
-
-    if((sk = SSL_get_peer_cert_chain(_sslConnection)) != 0)
-    {
-        BIO_printf(bio,"---\nCertificate chain\n");
-
-        for(int i = 0; i < sk_X509_num(sk); i++)
-        {
-            X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk,i)), buffer, int(sizeof(buffer)));
-            BIO_printf(bio, "%2d s:%s\n", i, buffer);
-
-            X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk,i)), buffer, int(sizeof(buffer)));
-            BIO_printf(bio, "   i:%s\n", buffer);
-
-            PEM_write_bio_X509(bio, sk_X509_value(sk, i));
-        }
-    }
-    else
-    {
-        BIO_printf(bio, "---\nNo peer certificate chain available.\n");
-    }
-}
-
-void
-IceSSL::SslTransceiver::showPeerCertificate(BIO* bio, const char* connType)
-{
-    assert(_sslConnection != 0);
-    assert(bio != 0);
-
-    X509* peerCert = 0;
-    char buffer[4096];
-
-    if((peerCert = SSL_get_peer_certificate(_sslConnection)) != 0)
-    {
-        BIO_printf(bio, "%s Certificate\n", connType);
-        PEM_write_bio_X509(bio, peerCert);
-
-        X509_NAME_oneline(X509_get_subject_name(peerCert), buffer, int(sizeof(buffer)));
-        BIO_printf(bio, "subject=%s\n", buffer);
-
-        X509_NAME_oneline(X509_get_issuer_name(peerCert), buffer, int(sizeof(buffer)));
-        BIO_printf(bio, "issuer=%s\n", buffer);
-
-        EVP_PKEY *pktmp;
-        pktmp = X509_get_pubkey(peerCert);
-        BIO_printf(bio,"%s public key is %d bit\n", connType, EVP_PKEY_bits(pktmp));
-        EVP_PKEY_free(pktmp);
-
-        X509_free(peerCert);
-    }
-    else
-    {
-        BIO_printf(bio, "No %s certificate available.\n", connType);
-    }
-}
-
-void
-IceSSL::SslTransceiver::showSharedCiphers(BIO* bio)
-{
-    assert(_sslConnection != 0);
-    assert(bio != 0);
-
-    char buffer[4096];
-    char* strPointer = 0;
-
-    if((strPointer = SSL_get_shared_ciphers(_sslConnection, buffer, int(sizeof(buffer)))) != 0)
-    {
-        // This works only for SSL 2.  In later protocol versions, the client does not know
-        // what other ciphers (in addition to the one to be used in the current connection)
-        // the server supports.
-
-        BIO_printf(bio, "---\nShared Ciphers:\n");
-
-        int j = 0;
-        int i = 0;
-
-        while(*strPointer)
-        {
-            if(*strPointer == ':')
-            {
-                BIO_write(bio, "                ", (15-j%25));
-                i++;
-                j=0;
-                BIO_write(bio, ((i%3)?" ":"\n"), 1);
-            }
-            else
-            {
-                BIO_write(bio, strPointer, 1);
-                j++;
-            }
-
-            strPointer++;
-        }
-
-        BIO_write(bio,"\n",1);
-    }
-}
-
-void
-IceSSL::SslTransceiver::showSessionInfo(BIO* bio)
-{
-    assert(_sslConnection != 0);
-    assert(bio != 0);
-
-    if(_sslConnection->hit)
-    {
-        BIO_printf(bio, "Reused session-id\n");
-    }
-
-    PEM_write_bio_SSL_SESSION(bio, SSL_get_session(_sslConnection));
-}
-
-void
-IceSSL::SslTransceiver::showSelectedCipherInfo(BIO* bio)
-{
-    assert(_sslConnection != 0);
-    assert(bio != 0);
-
-    const char* str;
-    SSL_CIPHER* cipher;
-
-    // Show the cipher that was finally selected.
-    cipher = SSL_get_current_cipher(_sslConnection);
-
-    str = SSL_CIPHER_get_name(cipher);
-    BIO_printf(bio, "Cipher Name: %s\n", ((str != 0) ? str : "(NONE)"));
-
-    str = SSL_CIPHER_get_version(cipher);
-    BIO_printf(bio, "Cipher Version:    %s\n", ((str != 0) ? str : "(NONE)"));
-}
-
-void
-IceSSL::SslTransceiver::showHandshakeStats(BIO* bio)
-{
-    assert(_sslConnection != 0);
-    assert(bio != 0);
-
-    BIO_printf(bio, "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
-            BIO_number_read(SSL_get_rbio(_sslConnection)),
-            BIO_number_written(SSL_get_wbio(_sslConnection)));
-}
-
-void
-IceSSL::SslTransceiver::showClientCAList(BIO* bio, const char* connType)
-{
-    assert(_sslConnection != 0);
-    assert(bio != 0);
-    assert(connType != 0);
-
-    char buffer[4096];
-    STACK_OF(X509_NAME)* sk = SSL_get_client_CA_list(_sslConnection);
-
-    if((sk != 0) && (sk_X509_NAME_num(sk) > 0))
-    {
-        BIO_printf(bio,"---\nAcceptable %s certificate CA names\n", connType);
-
-        for(int i = 0; i < sk_X509_NAME_num(sk); i++)
-        {
-            X509_NAME_oneline(sk_X509_NAME_value(sk, i), buffer, int(sizeof(buffer)));
-            BIO_write(bio, buffer, int(strlen(buffer)));
-            BIO_write(bio,"\n", 1);
-        }
-    }
-    else
-    {
-        BIO_printf(bio,"---\nNo %s certificate CA names sent\n", connType);
-    }
-}
-
-#endif
-
-//
-// Private Methods
-//
-
-IceSSL::SslTransceiver::SslTransceiver(ContextType contextType,
-				       const OpenSSLPluginIPtr& plugin,
-                                       SOCKET fd,
-		                       const CertificateVerifierPtr& certificateVerifier,
-                                       SSL* sslConnection,
-				       int timeout) :
-    _contextType(contextType),
-    _plugin(plugin),
-    _fd(fd),
-    _certificateVerifier(certificateVerifier),
-    _sslConnection(sslConnection),
-    _logger(plugin->getLogger()),
-    _traceLevels(plugin->getTraceLevels()),
-    _stats(plugin->getStats())
-{
-    assert(sslConnection != 0);
-
-    SSL_set_ex_data(sslConnection, 0, static_cast<void*>(plugin.get()));
-
-    // Set the Connect Connection state for this connection.
-    if(contextType == IceSSL::Client)
-    {
-	SSL_set_connect_state(_sslConnection);
-    }
-    else
-    {
-	SSL_set_accept_state(_sslConnection);
-    }
-
-    // Set up the SSL to be able to refer back to our connection object.
-    addTransceiver(_sslConnection, this);
-}
-
-IceSSL::SslTransceiver::~SslTransceiver()
-{
-    assert(_sslConnection != 0);
-
-    removeTransceiver(_sslConnection);
-    SSL_set_ex_data(_sslConnection, 0, 0);
-    SSL_free(_sslConnection);
-    _sslConnection = 0;
-}
diff --git a/cpp/src/IceSSL/SslTransceiver.h b/cpp/src/IceSSL/SslTransceiver.h
deleted file mode 100644
index b76b5bcbd69..00000000000
--- a/cpp/src/IceSSL/SslTransceiver.h
+++ /dev/null
@@ -1,102 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_TRANSCEIVER_H
-#define ICE_SSL_TRANSCEIVER_H
-
-#include <IceUtil/Mutex.h>
-#include <Ice/LoggerF.h>
-#include <Ice/StatsF.h>
-#include <IceSSL/SslTransceiverF.h>
-#include <IceSSL/OpenSSLPluginIF.h>
-#include <IceSSL/TraceLevelsF.h>
-#include <IceSSL/CertificateVerifierF.h>
-
-#include <IceUtil/StaticMutex.h>
-#include <Ice/Transceiver.h>
-#include <Ice/Buffer.h>
-#include <IceSSL/CertificateVerifierOpenSSL.h>
-
-#include <openssl/ssl.h>
-#include <map>
-
-namespace IceSSL
-{
-
-// NOTE: This is a mapping from SSL* to SslTransceiver*, for use with
-// the verifyCallback.  I have purposely not used SslTransceiverPtr
-// here, as connections register themselves with this map on
-// construction and unregister themselves in the destructor.  If this
-// map used SslTransceiverPtr, SslTransceiver instances would never
-// destruct as there would always be a reference to them from the map.
-class SslTransceiver;
-typedef std::map<SSL*, SslTransceiver*> SslTransceiverMap;
-
-class SslTransceiver : public IceInternal::Transceiver
-{
-public:
-
-    virtual SOCKET fd();
-    virtual void close();
-    virtual void shutdownWrite();
-    virtual void shutdownReadWrite();
-    virtual void write(IceInternal::Buffer&, int);
-    virtual void read(IceInternal::Buffer&, int);
-    virtual std::string type() const;
-    virtual std::string toString() const;
-    virtual void initialize(int timeout);
-
-    static SslTransceiverPtr getTransceiver(SSL*);
-
-    // Callback from OpenSSL for purposes of certificate verification
-    int verifyCertificate(int, X509_STORE_CTX*);
-
-private:
-
-    void internalShutdownWrite(int timeout);
-
-    void select(int, bool);
-    void readSelect(int);
-    void writeSelect(int);
-
-    static void addTransceiver(SSL*, SslTransceiver*);
-    static void removeTransceiver(SSL*);
-
-#ifdef ICE_SSL_EXTRA_TRACING
-    void showCertificateChain(BIO*);
-    void showPeerCertificate(BIO*, const char*);
-    void showSharedCiphers(BIO*);
-    void showSessionInfo(BIO*);
-    void showSelectedCipherInfo(BIO*);
-    void showHandshakeStats(BIO*);
-    void showClientCAList(BIO*, const char*);
-#endif
-
-    static SslTransceiverMap _transceiverMap;
-    static IceUtil::StaticMutex _transceiverRepositoryMutex;
-
-    SslTransceiver(ContextType, const OpenSSLPluginIPtr&, SOCKET, const IceSSL::CertificateVerifierPtr&, SSL*, int);
-    virtual ~SslTransceiver();
-    friend class ClientContext;
-    friend class ServerContext;
-
-    // Pointer to the OpenSSL Connection structure.
-    const ContextType _contextType;
-    const OpenSSLPluginIPtr _plugin;
-    SOCKET _fd;
-    const IceSSL::CertificateVerifierPtr _certificateVerifier;
-    /*const*/ SSL* _sslConnection;
-    const Ice::LoggerPtr _logger;
-    const TraceLevelsPtr _traceLevels;
-    const Ice::StatsPtr _stats;
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/SslTransceiverF.h b/cpp/src/IceSSL/SslTransceiverF.h
deleted file mode 100644
index 40ee2e3a2f4..00000000000
--- a/cpp/src/IceSSL/SslTransceiverF.h
+++ /dev/null
@@ -1,31 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_TRANSEIVER_OPENSSL_F_H
-#define ICE_SSL_TRANSEIVER_OPENSSL_F_H
-
-#include <Ice/Handle.h>
-
-namespace IceSSL
-{
-
-class SslTransceiver;
-typedef IceInternal::Handle<SslTransceiver> SslTransceiverPtr;
-
-}
-
-namespace IceInternal
-{
-
-void incRef(::IceSSL::SslTransceiver*);
-void decRef(::IceSSL::SslTransceiver*);
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/TempCerts.cpp b/cpp/src/IceSSL/TempCerts.cpp
deleted file mode 100644
index 16f08acfd8a..00000000000
--- a/cpp/src/IceSSL/TempCerts.cpp
+++ /dev/null
@@ -1,45 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/TempCerts.h>
-
-IceSSL::TempCertificates::TempCertificates()
-{
-}
-
-IceSSL::TempCertificates::~TempCertificates()
-{
-    _rsaCerts.clear();
-    _dhParams.clear();
-}
-
-void
-IceSSL::TempCertificates::addRSACert(CertificateDesc& certDesc)
-{
-    _rsaCerts.push_back(certDesc);
-}
-
-void
-IceSSL::TempCertificates::addDHParams(DiffieHellmanParamsFile& dhParams)
-{
-    _dhParams.push_back(dhParams);
-}
-
-IceSSL::RSAVector&
-IceSSL::TempCertificates::getRSACerts()
-{
-    return _rsaCerts;
-}
-
-IceSSL::DHVector&
-IceSSL::TempCertificates::getDHParams()
-{
-    return _dhParams;
-}
-
diff --git a/cpp/src/IceSSL/TempCerts.h b/cpp/src/IceSSL/TempCerts.h
deleted file mode 100644
index 95090b4e779..00000000000
--- a/cpp/src/IceSSL/TempCerts.h
+++ /dev/null
@@ -1,67 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_TEMP_CERTS_H
-#define ICE_SSL_TEMP_CERTS_H
-
-#include <IceSSL/CertificateDesc.h>
-
-namespace IceSSL
-{
-
-class TempCertificates
-{
-public:
-
-    TempCertificates();
-    ~TempCertificates();
-
-    void addRSACert(CertificateDesc&);
-    void addDHParams(DiffieHellmanParamsFile&);
-
-    RSAVector& getRSACerts();
-    DHVector& getDHParams();
-
-protected:
-
-    RSAVector _rsaCerts;
-    DHVector _dhParams;
-};
-
-template<class Stream>
-inline Stream& operator << (Stream& target, TempCertificates& tmpCerts)
-{
-    RSAVector::iterator iRSA = tmpCerts.getRSACerts().begin();
-    RSAVector::iterator eRSA = tmpCerts.getRSACerts().end();
-
-    while(iRSA != eRSA)
-    {
-        target << "RSA\n{\n";
-	IceSSL::operator<<(target, *iRSA);
-        target << "}\n\n";
-        iRSA++;
-    }
-
-    DHVector::iterator iDHP = tmpCerts.getDHParams().begin();
-    DHVector::iterator eDHP = tmpCerts.getDHParams().end();
-
-    while(iDHP != eDHP)
-    {
-        target << "DH\n{\n";
-	IceSSL::operator<<(target, *iDHP);
-        target << "}\n\n";
-        iDHP++;
-    }
-    
-    return target;
-}
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/TraceLevels.cpp b/cpp/src/IceSSL/TraceLevels.cpp
deleted file mode 100644
index 64012d17472..00000000000
--- a/cpp/src/IceSSL/TraceLevels.cpp
+++ /dev/null
@@ -1,35 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <IceSSL/TraceLevels.h>
-#include <Ice/Communicator.h>
-#include <Ice/Properties.h>
-#include <Ice/ProtocolPluginFacade.h>
-
-using namespace std;
-using namespace Ice;
-
-void IceInternal::incRef(IceSSL::TraceLevels* p) { p->__incRef(); }
-void IceInternal::decRef(IceSSL::TraceLevels* p) { p->__decRef(); }
-
-IceSSL::TraceLevels::TraceLevels(const IceInternal::ProtocolPluginFacadePtr& protocolPluginFacade) :
-    network(0),
-    security(0),
-    securityCat("Security")
-{
-    const_cast<int&>(network) = protocolPluginFacade->getNetworkTraceLevel();
-    networkCat = protocolPluginFacade->getNetworkTraceCategory();
-
-    PropertiesPtr properties = protocolPluginFacade->getCommunicator()->getProperties();
-    const_cast<int&>(security) = properties->getPropertyAsInt("IceSSL.Trace.Security");
-}
-
-IceSSL::TraceLevels::~TraceLevels()
-{
-}
diff --git a/cpp/src/IceSSL/TraceLevels.h b/cpp/src/IceSSL/TraceLevels.h
deleted file mode 100644
index dd4e4dddca2..00000000000
--- a/cpp/src/IceSSL/TraceLevels.h
+++ /dev/null
@@ -1,36 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_TRACE_LEVELS_H
-#define ICE_SSL_TRACE_LEVELS_H
-
-#include <IceUtil/Shared.h>
-#include <Ice/ProtocolPluginFacadeF.h>
-#include <IceSSL/TraceLevelsF.h>
-
-namespace IceSSL
-{
-
-class TraceLevels : public ::IceUtil::Shared
-{
-public:
-
-    TraceLevels(const IceInternal::ProtocolPluginFacadePtr&);
-    virtual ~TraceLevels();
-
-    const int network;
-    const char* networkCat;
-
-    const int security;
-    const char* securityCat;
-};
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/TraceLevelsF.h b/cpp/src/IceSSL/TraceLevelsF.h
deleted file mode 100644
index d12d8fbbfa4..00000000000
--- a/cpp/src/IceSSL/TraceLevelsF.h
+++ /dev/null
@@ -1,31 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef ICE_SSL_TRACE_LEVELS_F_H
-#define ICE_SSL_TRACE_LEVELS_F_H
-
-#include <Ice/Handle.h>
-
-namespace IceSSL
-{
-
-class TraceLevels;
-typedef IceInternal::Handle<TraceLevels> TraceLevelsPtr;
-
-}
-
-namespace IceInternal
-{
-
-void incRef(IceSSL::TraceLevels*);
-void decRef(IceSSL::TraceLevels*);
-
-}
-
-#endif
diff --git a/cpp/src/IceSSL/TransceiverI.cpp b/cpp/src/IceSSL/TransceiverI.cpp
new file mode 100644
index 00000000000..c294a0b2538
--- /dev/null
+++ b/cpp/src/IceSSL/TransceiverI.cpp
@@ -0,0 +1,398 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <TransceiverI.h>
+#include <Instance.h>
+#include <Util.h>
+#include <Ice/Communicator.h>
+#include <Ice/LoggerUtil.h>
+#include <Ice/Stats.h>
+#include <Ice/Buffer.h>
+#include <Ice/Network.h>
+#include <Ice/LocalException.h>
+
+#include <openssl/err.h>
+
+using namespace std;
+using namespace Ice;
+using namespace IceSSL;
+
+SOCKET
+IceSSL::TransceiverI::fd()
+{
+    assert(_fd != INVALID_SOCKET);
+    return _fd;
+}
+
+void
+IceSSL::TransceiverI::close()
+{
+    if(_instance->networkTraceLevel() >= 1)
+    {
+	Trace out(_logger, _instance->networkTraceCategory());
+	out << "closing ssl connection\n" << toString();
+    }
+
+    assert(_fd != INVALID_SOCKET);
+    SSL_free(_ssl);
+    _ssl = 0;
+    _fd = INVALID_SOCKET;
+}
+
+void
+IceSSL::TransceiverI::shutdownWrite()
+{
+    if(_instance->networkTraceLevel() >= 2)
+    {
+	Trace out(_logger, _instance->networkTraceCategory());
+	out << "shutting down ssl connection for writing\n" << toString();
+    }
+
+    int err = SSL_shutdown(_ssl);
+    if(err < 0)
+    {
+	Warning out(_logger);
+	out << "IceSSL: failure while performing SSL shutdown:\n" << _instance->sslErrors();
+    }
+    ERR_clear_error();
+
+    assert(_fd != INVALID_SOCKET);
+    IceInternal::shutdownSocketWrite(_fd);
+}
+
+void
+IceSSL::TransceiverI::shutdownReadWrite()
+{
+    if(_instance->networkTraceLevel() >= 2)
+    {
+	Trace out(_logger, _instance->networkTraceCategory());
+	out << "shutting down ssl connection for reading and writing\n" << toString();
+    }
+
+    int err = SSL_shutdown(_ssl);
+    if(err < 0)
+    {
+	Warning out(_logger);
+	out << "IceSSL: failure while performing SSL shutdown:\n" << _instance->sslErrors();
+    }
+    ERR_clear_error();
+
+    assert(_fd != INVALID_SOCKET);
+    IceInternal::shutdownSocketReadWrite(_fd);
+}
+
+void
+IceSSL::TransceiverI::write(IceInternal::Buffer& buf, int timeout)
+{
+    IceInternal::Buffer::Container::difference_type packetSize = 
+        static_cast<IceInternal::Buffer::Container::difference_type>(buf.b.end() - buf.i);
+    
+#ifdef _WIN32
+    //
+    // Limit packet size to avoid performance problems on WIN32
+    //
+    if(_isPeerLocal && packetSize > 64 * 1024)
+    { 
+   	packetSize = 64 * 1024;
+    }
+#endif
+
+    while(buf.i != buf.b.end())
+    {
+	assert(_fd != INVALID_SOCKET);
+	int ret = SSL_write(_ssl, reinterpret_cast<const void*>(&*buf.i), packetSize);
+
+	if(ret <= 0)
+	{
+	    switch(SSL_get_error(_ssl, ret))
+	    {
+	    case SSL_ERROR_NONE:
+		assert(false);
+		break;
+	    case SSL_ERROR_ZERO_RETURN:
+	    {
+		ConnectionLostException ex(__FILE__, __LINE__);
+		ex.error = IceInternal::getSocketErrno();
+		throw ex;
+	    }
+	    case SSL_ERROR_WANT_READ:
+	    {
+		if(!selectRead(_fd, timeout))
+		{
+		    throw TimeoutException(__FILE__, __LINE__);
+		}
+		continue;
+	    }
+	    case SSL_ERROR_WANT_WRITE:
+	    {
+		if(!selectWrite(_fd, timeout))
+		{
+		    throw TimeoutException(__FILE__, __LINE__);
+		}
+		continue;
+	    }
+	    case SSL_ERROR_SYSCALL:
+	    {
+		if(ret == -1)
+		{
+		    if(IceInternal::interrupted())
+		    {
+			continue;
+		    }
+
+		    if(IceInternal::noBuffers() && packetSize > 1024)
+		    {
+			packetSize /= 2;
+			continue;
+		    }
+
+		    if(IceInternal::wouldBlock())
+		    {
+			if(SSL_want_read(_ssl))
+			{
+			    if(!selectRead(_fd, timeout))
+			    {
+				throw TimeoutException(__FILE__, __LINE__);
+			    }
+			}
+			else if(SSL_want_write(_ssl))
+			{
+			    if(!selectWrite(_fd, timeout))
+			    {
+				throw TimeoutException(__FILE__, __LINE__);
+			    }
+			}
+
+			continue;
+		    }
+
+		    if(IceInternal::connectionLost())
+		    {
+			ConnectionLostException ex(__FILE__, __LINE__);
+			ex.error = IceInternal::getSocketErrno();
+			throw ex;
+		    }
+		}
+
+		if(ret == 0)
+		{
+		    ConnectionLostException ex(__FILE__, __LINE__);
+		    ex.error = 0;
+		    throw ex;
+		}
+
+		SocketException ex(__FILE__, __LINE__);
+		ex.error = IceInternal::getSocketErrno();
+		throw ex;
+	    }
+	    case SSL_ERROR_SSL:
+	    {
+		ProtocolException ex(__FILE__, __LINE__);
+		ex.reason = "SSL protocol error during write:\n" + _instance->sslErrors();
+		throw ex;
+	    }
+	    }
+	}
+
+	if(_instance->networkTraceLevel() >= 3)
+	{
+	    Trace out(_logger, _instance->networkTraceCategory());
+	    out << "sent " << ret << " of " << packetSize << " bytes via ssl\n" << toString();
+	}
+
+	if(_stats)
+	{
+	    _stats->bytesSent(type(), static_cast<Int>(ret));
+	}
+
+	buf.i += ret;
+
+	if(packetSize > buf.b.end() - buf.i)
+	{
+	    packetSize = static_cast<IceInternal::Buffer::Container::difference_type>(buf.b.end() - buf.i);
+	}
+    }
+}
+
+void
+IceSSL::TransceiverI::read(IceInternal::Buffer& buf, int timeout)
+{
+    IceInternal::Buffer::Container::difference_type packetSize = 
+        static_cast<IceInternal::Buffer::Container::difference_type>(buf.b.end() - buf.i);
+    
+    while(buf.i != buf.b.end())
+    {
+	assert(_fd != INVALID_SOCKET);
+	int ret = SSL_read(_ssl, reinterpret_cast<void*>(&*buf.i), packetSize);
+
+	if(ret <= 0)
+	{
+	    switch(SSL_get_error(_ssl, ret))
+	    {
+	    case SSL_ERROR_NONE:
+		assert(false);
+		break;
+	    case SSL_ERROR_ZERO_RETURN:
+	    {
+		//
+		// If the connection is lost when reading data, we shut
+		// down the write end of the socket. This helps to unblock
+		// threads that are stuck in send() or select() while
+		// sending data. Note: I don't really understand why
+		// send() or select() sometimes don't detect a connection
+		// loss. Therefore this helper to make them detect it.
+		//
+		//assert(_fd != INVALID_SOCKET);
+		//shutdownSocketReadWrite(_fd);
+
+		ConnectionLostException ex(__FILE__, __LINE__);
+		ex.error = 0;
+		throw ex;
+	    }
+	    case SSL_ERROR_WANT_READ:
+	    {
+		if(!selectRead(_fd, timeout))
+		{
+		    throw TimeoutException(__FILE__, __LINE__);
+		}
+		continue;
+	    }
+	    case SSL_ERROR_WANT_WRITE:
+	    {
+		if(!selectWrite(_fd, timeout))
+		{
+		    throw TimeoutException(__FILE__, __LINE__);
+		}
+		continue;
+	    }
+	    case SSL_ERROR_SYSCALL:
+	    {
+		if(ret == -1)
+		{
+		    if(IceInternal::interrupted())
+		    {
+			continue;
+		    }
+
+		    if(IceInternal::noBuffers() && packetSize > 1024)
+		    {
+			packetSize /= 2;
+			continue;
+		    }
+
+		    if(IceInternal::wouldBlock())
+		    {
+			if(SSL_want_read(_ssl))
+			{
+			    if(!selectRead(_fd, timeout))
+			    {
+				throw TimeoutException(__FILE__, __LINE__);
+			    }
+			}
+			else if(SSL_want_write(_ssl))
+			{
+			    if(!selectWrite(_fd, timeout))
+			    {
+				throw TimeoutException(__FILE__, __LINE__);
+			    }
+			}
+
+			continue;
+		    }
+
+		    if(IceInternal::connectionLost())
+		    {
+			//
+			// See the commment above about shutting down the
+			// socket if the connection is lost while reading
+			// data.
+			//
+			//assert(_fd != INVALID_SOCKET);
+			//shutdownSocketReadWrite(_fd);
+
+			ConnectionLostException ex(__FILE__, __LINE__);
+			ex.error = IceInternal::getSocketErrno();
+			throw ex;
+		    }
+		}
+
+		if(ret == 0)
+		{
+		    ConnectionLostException ex(__FILE__, __LINE__);
+		    ex.error = 0;
+		    throw ex;
+		}
+
+		SocketException ex(__FILE__, __LINE__);
+		ex.error = IceInternal::getSocketErrno();
+		throw ex;
+	    }
+	    case SSL_ERROR_SSL:
+	    {
+		ProtocolException ex(__FILE__, __LINE__);
+		ex.reason = "SSL protocol error during read:\n" + _instance->sslErrors();
+		throw ex;
+	    }
+	    }
+	}
+
+	if(_instance->networkTraceLevel() >= 3)
+	{
+	    Trace out(_logger, _instance->networkTraceCategory());
+	    out << "received " << ret << " of " << packetSize << " bytes via ssl\n" << toString();
+	}
+
+	if(_stats)
+	{
+	    _stats->bytesReceived(type(), static_cast<Int>(ret));
+	}
+
+	buf.i += ret;
+
+	if(packetSize > buf.b.end() - buf.i)
+	{
+	    packetSize = static_cast<IceInternal::Buffer::Container::difference_type>(buf.b.end() - buf.i);
+	}
+    }
+}
+
+string
+IceSSL::TransceiverI::type() const
+{
+    return "ssl";
+}
+
+string
+IceSSL::TransceiverI::toString() const
+{
+    return _desc;
+}
+
+void
+IceSSL::TransceiverI::initialize(int)
+{
+}
+
+IceSSL::TransceiverI::TransceiverI(const InstancePtr& instance, SSL* ssl, SOCKET fd) :
+    _instance(instance),
+    _logger(instance->communicator()->getLogger()),
+    _stats(instance->communicator()->getStats()),
+    _ssl(ssl),
+    _fd(fd),
+    _desc(IceInternal::fdToString(fd))
+#ifdef _WIN32
+    , _isPeerLocal(IceInternal::isPeerLocal(fd))
+#endif
+{
+}
+
+IceSSL::TransceiverI::~TransceiverI()
+{
+    assert(_fd == INVALID_SOCKET);
+}
diff --git a/cpp/src/IceSSL/TransceiverI.h b/cpp/src/IceSSL/TransceiverI.h
new file mode 100644
index 00000000000..442b42a6758
--- /dev/null
+++ b/cpp/src/IceSSL/TransceiverI.h
@@ -0,0 +1,62 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_TRANSCEIVER_I_H
+#define ICE_SSL_TRANSCEIVER_I_H
+
+#include <InstanceF.h>
+#include <Ice/LoggerF.h>
+#include <Ice/StatsF.h>
+#include <Ice/Transceiver.h>
+
+#include <openssl/ssl.h>
+
+namespace IceSSL
+{
+
+class ConnectorI;
+class AcceptorI;
+
+class TransceiverI : public IceInternal::Transceiver
+{
+public:
+
+    virtual SOCKET fd();
+    virtual void close();
+    virtual void shutdownWrite();
+    virtual void shutdownReadWrite();
+    virtual void write(IceInternal::Buffer&, int);
+    virtual void read(IceInternal::Buffer&, int);
+    virtual std::string type() const;
+    virtual std::string toString() const;
+    virtual void initialize(int);
+
+private:
+
+    TransceiverI(const InstancePtr&, SSL*, SOCKET);
+    virtual ~TransceiverI();
+    friend class ConnectorI;
+    friend class AcceptorI;
+
+    const InstancePtr _instance;
+    const Ice::LoggerPtr _logger;
+    const Ice::StatsPtr _stats;
+    
+    SSL* _ssl;
+    SOCKET _fd;
+
+    const std::string _desc;
+#ifdef _WIN32
+    const bool _isPeerLocal;
+#endif
+};
+
+}
+
+#endif
diff --git a/cpp/src/IceSSL/Util.cpp b/cpp/src/IceSSL/Util.cpp
new file mode 100644
index 00000000000..5e3beb72b04
--- /dev/null
+++ b/cpp/src/IceSSL/Util.cpp
@@ -0,0 +1,377 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <Util.h>
+#include <Ice/LocalException.h>
+
+using namespace std;
+using namespace Ice;
+using namespace IceSSL;
+
+#ifndef OPENSSL_NO_DH
+
+// The following arrays are predefined Diffie Hellman group parameters.
+// These are known strong primes, distributed with the OpenSSL library
+// in the files dh512.pem, dh1024.pem, dh2048.pem and dh4096.pem.
+// They are not keys themselves, but the basis for generating DH keys
+// on the fly.
+
+static unsigned char dh512_p[] =
+{
+    0xF5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
+    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
+    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
+    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
+    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
+    0xE9,0x2A,0x05,0x5F,
+};
+
+static unsigned char dh512_g[] = { 0x02 };
+
+static unsigned char dh1024_p[] =
+{
+    0xF4,0x88,0xFD,0x58,0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,
+    0x91,0x07,0x36,0x6B,0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,
+    0x88,0xB3,0x1C,0x7C,0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,
+    0x43,0xF0,0xA5,0x5B,0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,
+    0x38,0xD3,0x34,0xFD,0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,
+    0xDE,0x33,0x21,0x2C,0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,
+    0x18,0x11,0x8D,0x7C,0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,
+    0x19,0xC8,0x07,0x29,0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,
+    0xD0,0x0A,0x50,0x9B,0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,
+    0x41,0x9F,0x9C,0x7C,0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,
+    0xA2,0x5E,0xC3,0x55,0xE9,0x2F,0x78,0xC7,
+};
+
+static unsigned char dh1024_g[] = { 0x02 };
+
+static unsigned char dh2048_p[] =
+{
+    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
+    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
+    0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9,
+    0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD,
+    0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17,
+    0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F,
+    0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD,
+    0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30,
+    0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E,
+    0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4,
+    0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58,
+    0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B,
+    0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C,
+    0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B,
+    0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD,
+    0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C,
+    0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
+    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
+    0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B,
+    0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C,
+    0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55,
+    0xE9,0x32,0x0B,0x3B,
+};
+
+static unsigned char dh2048_g[] = { 0x02 };
+
+static unsigned char dh4096_p[] =
+{
+    0xFA,0x14,0x72,0x52,0xC1,0x4D,0xE1,0x5A,0x49,0xD4,0xEF,0x09,
+    0x2D,0xC0,0xA8,0xFD,0x55,0xAB,0xD7,0xD9,0x37,0x04,0x28,0x09,
+    0xE2,0xE9,0x3E,0x77,0xE2,0xA1,0x7A,0x18,0xDD,0x46,0xA3,0x43,
+    0x37,0x23,0x90,0x97,0xF3,0x0E,0xC9,0x03,0x50,0x7D,0x65,0xCF,
+    0x78,0x62,0xA6,0x3A,0x62,0x22,0x83,0xA1,0x2F,0xFE,0x79,0xBA,
+    0x35,0xFF,0x59,0xD8,0x1D,0x61,0xDD,0x1E,0x21,0x13,0x17,0xFE,
+    0xCD,0x38,0x87,0x9E,0xF5,0x4F,0x79,0x10,0x61,0x8D,0xD4,0x22,
+    0xF3,0x5A,0xED,0x5D,0xEA,0x21,0xE9,0x33,0x6B,0x48,0x12,0x0A,
+    0x20,0x77,0xD4,0x25,0x60,0x61,0xDE,0xF6,0xB4,0x4F,0x1C,0x63,
+    0x40,0x8B,0x3A,0x21,0x93,0x8B,0x79,0x53,0x51,0x2C,0xCA,0xB3,
+    0x7B,0x29,0x56,0xA8,0xC7,0xF8,0xF4,0x7B,0x08,0x5E,0xA6,0xDC,
+    0xA2,0x45,0x12,0x56,0xDD,0x41,0x92,0xF2,0xDD,0x5B,0x8F,0x23,
+    0xF0,0xF3,0xEF,0xE4,0x3B,0x0A,0x44,0xDD,0xED,0x96,0x84,0xF1,
+    0xA8,0x32,0x46,0xA3,0xDB,0x4A,0xBE,0x3D,0x45,0xBA,0x4E,0xF8,
+    0x03,0xE5,0xDD,0x6B,0x59,0x0D,0x84,0x1E,0xCA,0x16,0x5A,0x8C,
+    0xC8,0xDF,0x7C,0x54,0x44,0xC4,0x27,0xA7,0x3B,0x2A,0x97,0xCE,
+    0xA3,0x7D,0x26,0x9C,0xAD,0xF4,0xC2,0xAC,0x37,0x4B,0xC3,0xAD,
+    0x68,0x84,0x7F,0x99,0xA6,0x17,0xEF,0x6B,0x46,0x3A,0x7A,0x36,
+    0x7A,0x11,0x43,0x92,0xAD,0xE9,0x9C,0xFB,0x44,0x6C,0x3D,0x82,
+    0x49,0xCC,0x5C,0x6A,0x52,0x42,0xF8,0x42,0xFB,0x44,0xF9,0x39,
+    0x73,0xFB,0x60,0x79,0x3B,0xC2,0x9E,0x0B,0xDC,0xD4,0xA6,0x67,
+    0xF7,0x66,0x3F,0xFC,0x42,0x3B,0x1B,0xDB,0x4F,0x66,0xDC,0xA5,
+    0x8F,0x66,0xF9,0xEA,0xC1,0xED,0x31,0xFB,0x48,0xA1,0x82,0x7D,
+    0xF8,0xE0,0xCC,0xB1,0xC7,0x03,0xE4,0xF8,0xB3,0xFE,0xB7,0xA3,
+    0x13,0x73,0xA6,0x7B,0xC1,0x0E,0x39,0xC7,0x94,0x48,0x26,0x00,
+    0x85,0x79,0xFC,0x6F,0x7A,0xAF,0xC5,0x52,0x35,0x75,0xD7,0x75,
+    0xA4,0x40,0xFA,0x14,0x74,0x61,0x16,0xF2,0xEB,0x67,0x11,0x6F,
+    0x04,0x43,0x3D,0x11,0x14,0x4C,0xA7,0x94,0x2A,0x39,0xA1,0xC9,
+    0x90,0xCF,0x83,0xC6,0xFF,0x02,0x8F,0xA3,0x2A,0xAC,0x26,0xDF,
+    0x0B,0x8B,0xBE,0x64,0x4A,0xF1,0xA1,0xDC,0xEE,0xBA,0xC8,0x03,
+    0x82,0xF6,0x62,0x2C,0x5D,0xB6,0xBB,0x13,0x19,0x6E,0x86,0xC5,
+    0x5B,0x2B,0x5E,0x3A,0xF3,0xB3,0x28,0x6B,0x70,0x71,0x3A,0x8E,
+    0xFF,0x5C,0x15,0xE6,0x02,0xA4,0xCE,0xED,0x59,0x56,0xCC,0x15,
+    0x51,0x07,0x79,0x1A,0x0F,0x25,0x26,0x27,0x30,0xA9,0x15,0xB2,
+    0xC8,0xD4,0x5C,0xCC,0x30,0xE8,0x1B,0xD8,0xD5,0x0F,0x19,0xA8,
+    0x80,0xA4,0xC7,0x01,0xAA,0x8B,0xBA,0x53,0xBB,0x47,0xC2,0x1F,
+    0x6B,0x54,0xB0,0x17,0x60,0xED,0x79,0x21,0x95,0xB6,0x05,0x84,
+    0x37,0xC8,0x03,0xA4,0xDD,0xD1,0x06,0x69,0x8F,0x4C,0x39,0xE0,
+    0xC8,0x5D,0x83,0x1D,0xBE,0x6A,0x9A,0x99,0xF3,0x9F,0x0B,0x45,
+    0x29,0xD4,0xCB,0x29,0x66,0xEE,0x1E,0x7E,0x3D,0xD7,0x13,0x4E,
+    0xDB,0x90,0x90,0x58,0xCB,0x5E,0x9B,0xCD,0x2E,0x2B,0x0F,0xA9,
+    0x4E,0x78,0xAC,0x05,0x11,0x7F,0xE3,0x9E,0x27,0xD4,0x99,0xE1,
+    0xB9,0xBD,0x78,0xE1,0x84,0x41,0xA0,0xDF,
+};
+
+static unsigned char dh4096_g[] = { 0x02 };
+
+//
+// Convert a predefined parameter set into a DH value.
+//
+static DH*
+convertDH(unsigned char* p, int plen, unsigned char* g, int glen)
+{
+    assert(p != 0);
+    assert(g != 0);
+
+    DH* dh = DH_new();
+
+    if(dh != 0)
+    {
+        dh->p = BN_bin2bn(p, plen, 0);
+        dh->g = BN_bin2bn(g, glen, 0);
+
+        if((dh->p == 0) || (dh->g == 0))
+        {
+            DH_free(dh);
+            dh = 0;
+        }
+    }
+
+    return dh;
+}
+
+void IceSSL::incRef(DHParams* p) { p->__incRef(); }
+void IceSSL::decRef(DHParams* p) { p->__decRef(); }
+
+IceSSL::DHParams::DHParams() :
+    _dh512(0), _dh1024(0), _dh2048(0), _dh4096(0)
+{
+}
+
+IceSSL::DHParams::~DHParams()
+{
+    ParamList::iterator p;
+    for(p = _params.begin(); p != _params.end(); ++p)
+    {
+	DH_free(p->second);
+    }
+    DH_free(_dh512);
+    DH_free(_dh1024);
+    DH_free(_dh2048);
+    DH_free(_dh4096);
+}
+
+bool
+IceSSL::DHParams::add(int keyLength, const string& file)
+{
+    FILE* fp = fopen(file.c_str(), "r");
+    if(!fp)
+    {
+	return false;
+    }
+    DH* dh = PEM_read_DHparams(fp, 0, 0, 0);
+    fclose(fp);
+    if(!dh)
+    {
+	return false;
+    }
+    ParamList::iterator p = _params.begin();
+    while(p != _params.end() && keyLength > p->first)
+    {
+	++p;
+    }
+    _params.insert(p, KeyParamPair(keyLength, dh));
+    return true;
+}
+
+DH*
+IceSSL::DHParams::get(int keyLength)
+{
+    //
+    // First check the set of parameters specified by the user.
+    // Return the first set whose key length is at least keyLength.
+    //
+    ParamList::iterator p;
+    for(p = _params.begin(); p != _params.end(); ++p)
+    {
+	if(p->first >= keyLength)
+	{
+	    return p->second;
+	}
+    }
+
+    //
+    // No match found. Use one of the predefined parameter sets instead.
+    //
+    IceUtil::Mutex::Lock sync(*this);
+
+    if(keyLength >= 4096)
+    {
+	if(!_dh4096)
+	{
+	    _dh4096 = convertDH(dh4096_p, (int) sizeof(dh4096_p), dh4096_g, (int) sizeof(dh4096_g));
+	}
+	return _dh4096;
+    }
+    else if(keyLength >= 2048)
+    {
+	if(!_dh2048)
+	{
+	    _dh2048 = convertDH(dh2048_p, (int) sizeof(dh2048_p), dh2048_g, (int) sizeof(dh2048_g));
+	}
+	return _dh2048;
+    }
+    else if(keyLength >= 1024)
+    {
+	if(!_dh1024)
+	{
+	    _dh1024 = convertDH(dh1024_p, (int) sizeof(dh1024_p), dh1024_g, (int) sizeof(dh1024_g));
+	}
+	return _dh1024;
+    }
+    else
+    {
+	if(!_dh512)
+	{
+	    _dh512 = convertDH(dh512_p, (int) sizeof(dh512_p), dh512_g, (int) sizeof(dh512_g));
+	}
+	return _dh512;
+    }
+}
+
+#endif
+
+static bool
+selectReadWrite(SOCKET fd, bool read, int timeout)
+{
+    fd_set rFdSet, wFdSet;
+    FD_ZERO(&rFdSet);
+    FD_ZERO(&wFdSet);
+    if(read)
+    {
+	FD_SET(fd, &rFdSet);
+    }
+    else
+    {
+	FD_SET(fd, &wFdSet);
+    }
+
+repeatSelect:
+    int ret;
+    if(timeout >= 0)
+    {
+	struct timeval tv;
+	tv.tv_sec = timeout / 1000;
+	tv.tv_usec = (timeout - tv.tv_sec * 1000) * 1000;
+	ret = ::select(fd + 1, &rFdSet, &wFdSet, 0, &tv);
+    }
+    else
+    {
+	ret = ::select(fd + 1, &rFdSet, &wFdSet, 0, 0);
+    }
+
+    if(ret == 0)
+    {
+	return false; // Timeout.
+    }
+    else if(ret == SOCKET_ERROR)
+    {
+	if(IceInternal::interrupted())
+	{
+	    goto repeatSelect;
+	}
+	
+	SocketException ex(__FILE__, __LINE__);
+	ex.error = IceInternal::getSocketErrno();
+	throw ex;
+    }
+
+    return true;
+}
+
+bool
+IceSSL::selectRead(SOCKET fd, int timeout)
+{
+    return selectReadWrite(fd, true, timeout);
+}
+
+bool
+IceSSL::selectWrite(SOCKET fd, int timeout)
+{
+    return selectReadWrite(fd, false, timeout);
+}
+
+bool
+IceSSL::splitString(const string& str, const string& delim, bool handleQuotes, vector<string>& result)
+{
+    string::size_type pos = str.find_first_not_of(delim + " \t");
+    if(pos == string::npos)
+    {
+	return true;
+    }
+
+    string::value_type quoteChar = 0;
+    while(pos != string::npos)
+    {
+	if(handleQuotes && (str[pos] == '"' || str[pos] == '\''))
+	{
+	    quoteChar = str[pos];
+	    ++pos;
+	}
+
+	string val;
+	while(pos < str.size())
+	{
+	    if((!handleQuotes || !quoteChar) && delim.find(str[pos]) != string::npos)
+	    {
+		break;
+	    }
+	    if(handleQuotes)
+	    {
+		if(str[pos] == '\\')
+		{
+		    if(pos + 1 < str.size() && str[pos + 1] == quoteChar)
+		    {
+			++pos;
+		    }
+		}
+		else if(str[pos] == quoteChar)
+		{
+		    quoteChar = 0;
+		    ++pos;
+		    continue;
+		}
+	    }
+	    val.push_back(str[pos]);
+	    ++pos;
+	}
+
+	if(!val.empty())
+	{
+	    result.push_back(val);
+	}
+
+	pos = str.find_first_not_of(delim, pos);
+    }
+
+    if(quoteChar) // Mismatched quote.
+    {
+	return false;
+    }
+
+    return true;
+}
diff --git a/cpp/src/IceSSL/Util.h b/cpp/src/IceSSL/Util.h
new file mode 100644
index 00000000000..0d75de3872c
--- /dev/null
+++ b/cpp/src/IceSSL/Util.h
@@ -0,0 +1,62 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#ifndef ICE_SSL_UTIL_H
+#define ICE_SSL_UTIL_H
+
+#include <UtilF.h>
+#include <Ice/Network.h>
+#include <IceUtil/Mutex.h>
+#include <IceUtil/Shared.h>
+
+#include <list>
+#include <openssl/ssl.h>
+
+namespace IceSSL
+{
+
+#ifndef OPENSSL_NO_DH
+class DHParams : public IceUtil::Shared, public IceUtil::Mutex
+{
+public:
+
+    DHParams();
+    ~DHParams();
+
+    bool add(int, const std::string&);
+    DH* get(int);
+
+private:
+
+    typedef std::pair<int, DH*> KeyParamPair;
+    typedef std::list<KeyParamPair> ParamList;
+    ParamList _params;
+
+    DH* _dh512;
+    DH* _dh1024;
+    DH* _dh2048;
+    DH* _dh4096;
+};
+#endif
+
+//
+// Wait for a socket to become readable.
+//
+bool selectRead(SOCKET, int);
+
+//
+// Wait for a socket to become writeable.
+//
+bool selectWrite(SOCKET, int);
+
+bool splitString(const std::string&, const std::string&, bool, std::vector<std::string>&);
+
+}
+
+#endif
diff --git a/cpp/src/IceSSL/DHParamsF.h b/cpp/src/IceSSL/UtilF.h
index 8b6c0509b63..65f3dff703c 100644
--- a/cpp/src/IceSSL/DHParamsF.h
+++ b/cpp/src/IceSSL/UtilF.h
@@ -7,25 +7,23 @@
 //
 // **********************************************************************
 
-#ifndef ICE_DH_PARAMS_F_H
-#define ICE_DH_PARAMS_F_H
+#ifndef ICE_SSL_UTIL_F_H
+#define ICE_SSL_UTIL_F_H
 
 #include <Ice/Handle.h>
 
+#include <openssl/ssl.h>
+
+#ifndef OPENSSL_NO_DH
 namespace IceSSL
 {
 
 class DHParams;
+void incRef(DHParams*);
+void decRef(DHParams*);
 typedef IceInternal::Handle<DHParams> DHParamsPtr;
 
 }
-
-namespace IceInternal
-{
-
-void incRef(::IceSSL::DHParams*);
-void decRef(::IceSSL::DHParams*);
-
-}
+#endif
 
 #endif
diff --git a/cpp/src/IceSSL/icessl.dsp b/cpp/src/IceSSL/icessl.dsp
index a31b77f109d..212187e02e5 100644
--- a/cpp/src/IceSSL/icessl.dsp
+++ b/cpp/src/IceSSL/icessl.dsp
@@ -106,31 +106,11 @@ PostBuild_Cmds=copy $(OutDir)\icessld.lib ..\..\lib	copy $(OutDir)\icessl31d.pdb
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"

 # Begin Source File

 

-SOURCE=.\BaseCerts.cpp

+SOURCE=.\AcceptorI.cpp

 # End Source File

 # Begin Source File

 

-SOURCE=.\CertificateAuthority.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\CertificateDesc.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\CertificateVerifier.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\CertificateVerifierOpenSSL.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\ClientContext.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\ConfigParser.cpp

+SOURCE=.\ConnectorI.cpp

 # End Source File

 # Begin Source File

 

@@ -138,91 +118,23 @@ SOURCE=.\Context.cpp
 # End Source File

 # Begin Source File

 

-SOURCE=.\Convert.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\DefaultCertificateVerifier.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\DHParams.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\Exception.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\GeneralConfig.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\OpenSSLJanitors.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\OpenSSLPluginI.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\OpenSSLUtils.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\Plugin.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\RSACertificateGen.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\RSAKeyPair.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\RSAPrivateKey.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\RSAPublicKey.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\ServerContext.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\SingleCertificateVerifier.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\SslAcceptor.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\SslConnector.cpp

+SOURCE=.\EndpointI.cpp

 # End Source File

 # Begin Source File

 

-SOURCE=.\SslEndpointI.cpp

+SOURCE=.\Instance.cpp

 # End Source File

 # Begin Source File

 

-SOURCE=.\SslException.cpp

+SOURCE=.\PluginI.cpp

 # End Source File

 # Begin Source File

 

-SOURCE=.\SslTransceiver.cpp

+SOURCE=.\TransceiverI.cpp

 # End Source File

 # Begin Source File

 

-SOURCE=.\TempCerts.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\TraceLevels.cpp

+SOURCE=.\Util.cpp

 # End Source File

 # End Group

 # Begin Group "Header Files"

@@ -230,35 +142,11 @@ SOURCE=.\TraceLevels.cpp
 # PROP Default_Filter "h;hpp;hxx;hm;inl"

 # Begin Source File

 

-SOURCE=.\BaseCerts.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\CertificateAuthority.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\CertificateDesc.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\CertificateVerifier.h

+SOURCE=.\AcceptorI.h

 # End Source File

 # Begin Source File

 

-SOURCE=..\..\include\icessl\CertificateVerifierF.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\CertificateVerifierOpenSSL.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\ClientContext.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\ConfigParser.h

+SOURCE=.\ConnectorI.h

 # End Source File

 # Begin Source File

 

@@ -266,338 +154,31 @@ SOURCE=.\Context.h
 # End Source File

 # Begin Source File

 

-SOURCE=.\ContextF.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\Convert.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\DefaultCertificateVerifier.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\DHParams.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\DHParamsF.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\Exception.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\GeneralConfig.h

+SOURCE=.\EndpointI.h

 # End Source File

 # Begin Source File

 

-SOURCE=.\OpenSSL.h

+SOURCE=.\Instance.h

 # End Source File

 # Begin Source File

 

-SOURCE=.\OpenSSLJanitors.h

+SOURCE=.\InstanceF.h

 # End Source File

 # Begin Source File

 

-SOURCE=.\OpenSSLPluginI.h

+SOURCE=.\PluginI.h

 # End Source File

 # Begin Source File

 

-SOURCE=.\OpenSSLPluginIF.h

+SOURCE=.\TransceiverI.h

 # End Source File

 # Begin Source File

 

-SOURCE=.\OpenSSLUtils.h

+SOURCE=.\Util.h

 # End Source File

 # Begin Source File

 

-SOURCE=..\..\include\icessl\Plugin.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\PluginF.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\RSACertificateGen.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\RSACertificateGenF.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\RSAKeyPair.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\RSAKeyPairF.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\RSAPrivateKey.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\RSAPrivateKeyF.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\RSAPublicKey.h

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\include\icessl\RSAPublicKeyF.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\ServerContext.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\SingleCertificateVerifier.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\SslAcceptor.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\SslConnection.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\SslConnectionF.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\SslConnector.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\SslEndpointI.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\SslTransceiver.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\SslTransceiverF.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\TempCerts.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\TraceLevels.h

-# End Source File

-# Begin Source File

-

-SOURCE=.\TraceLevelsF.h

-# End Source File

-# End Group

-# Begin Group "Resource Files"

-

-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"

-# Begin Source File

-

-SOURCE=..\..\slice\icessl\CertificateVerifier.ice

-

-!IF  "$(CFG)" == "icessl - Win32 Release"

-

-USERDEP__CERTI="..\..\bin\slice2cpp.exe"	"..\..\lib\slice.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\CertificateVerifier.ice

-

-BuildCmds= \

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/CertificateVerifier.ice \

-	move CertificateVerifier.h ..\..\include\icessl \

-	

-

-"..\..\include\icessl\CertificateVerifier.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"CertificateVerifier.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ELSEIF  "$(CFG)" == "icessl - Win32 Debug"

-

-USERDEP__CERTI="..\..\bin\slice2cpp.exe"	"..\..\lib\sliced.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\CertificateVerifier.ice

-

-BuildCmds= \

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/CertificateVerifier.ice \

-	move CertificateVerifier.h ..\..\include\icessl \

-	

-

-"..\..\include\icessl\CertificateVerifier.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"CertificateVerifier.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ENDIF 

-

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\slice\icessl\CertificateVerifierF.ice

-

-!IF  "$(CFG)" == "icessl - Win32 Release"

-

-USERDEP__CERTIF="..\..\bin\slice2cpp.exe"	"..\..\lib\slice.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\CertificateVerifierF.ice

-

-"..\..\include\icessl\CertificateVerifierF.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/CertificateVerifierF.ice 

-	move CertificateVerifierF.h ..\..\include\icessl 

-	del CertificateVerifierF.cpp 

-	

-# End Custom Build

-

-!ELSEIF  "$(CFG)" == "icessl - Win32 Debug"

-

-USERDEP__CERTIF="..\..\bin\slice2cpp.exe"	"..\..\lib\sliced.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\CertificateVerifierF.ice

-

-"..\..\include\icessl\CertificateVerifierF.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/CertificateVerifierF.ice 

-	move CertificateVerifierF.h ..\..\include\icessl 

-	del CertificateVerifierF.cpp 

-	

-# End Custom Build

-

-!ENDIF 

-

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\slice\icessl\Exception.ice

-

-!IF  "$(CFG)" == "icessl - Win32 Release"

-

-USERDEP__EXCEP="..\..\bin\slice2cpp.exe"	"..\..\lib\slice.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\Exception.ice

-

-BuildCmds= \

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/Exception.ice \

-	move Exception.h ..\..\include\icessl \

-	

-

-"..\..\include\icessl\Exception.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"Exception.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ELSEIF  "$(CFG)" == "icessl - Win32 Debug"

-

-USERDEP__EXCEP="..\..\bin\slice2cpp.exe"	"..\..\lib\sliced.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\Exception.ice

-

-BuildCmds= \

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/Exception.ice \

-	move Exception.h ..\..\include\icessl \

-	

-

-"..\..\include\icessl\Exception.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"Exception.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ENDIF 

-

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\slice\icessl\Plugin.ice

-

-!IF  "$(CFG)" == "icessl - Win32 Release"

-

-USERDEP__PLUGI="..\..\bin\slice2cpp.exe"	"..\..\lib\slice.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\Plugin.ice

-

-BuildCmds= \

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/Plugin.ice \

-	move Plugin.h ..\..\include\icessl \

-	

-

-"..\..\include\icessl\Plugin.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"Plugin.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ELSEIF  "$(CFG)" == "icessl - Win32 Debug"

-

-USERDEP__PLUGI="..\..\bin\slice2cpp.exe"	"..\..\lib\sliced.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\Plugin.ice

-

-BuildCmds= \

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/Plugin.ice \

-	move Plugin.h ..\..\include\icessl \

-	

-

-"..\..\include\icessl\Plugin.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"Plugin.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ENDIF 

-

-# End Source File

-# Begin Source File

-

-SOURCE=..\..\slice\icessl\PluginF.ice

-

-!IF  "$(CFG)" == "icessl - Win32 Release"

-

-USERDEP__PLUGIN="..\..\bin\slice2cpp.exe"	"..\..\lib\slice.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\PluginF.ice

-

-"..\..\include\icessl\PluginF.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/PluginF.ice 

-	move PluginF.h ..\..\include\icessl 

-	del PluginF.cpp 

-	

-# End Custom Build

-

-!ELSEIF  "$(CFG)" == "icessl - Win32 Debug"

-

-USERDEP__PLUGIN="..\..\bin\slice2cpp.exe"	"..\..\lib\sliced.lib"	

-# Begin Custom Build

-InputPath=..\..\slice\icessl\PluginF.ice

-

-"..\..\include\icessl\PluginF.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-	..\..\bin\slice2cpp.exe --ice --dll-export ICE_SSL_API --include-dir icessl -I../../slice ../../slice/IceSSL/PluginF.ice 

-	move PluginF.h ..\..\include\icessl 

-	del PluginF.cpp 

-	

-# End Custom Build

-

-!ENDIF 

-

+SOURCE=.\UtilF.h

 # End Source File

 # End Group

 # End Target

diff --git a/cpp/test/IceSSL/Makefile b/cpp/test/IceSSL/Makefile
index c9c7567b377..5633e6ef15c 100644
--- a/cpp/test/IceSSL/Makefile
+++ b/cpp/test/IceSSL/Makefile
@@ -11,11 +11,7 @@ top_srcdir	= ../..
 
 include $(top_srcdir)/config/Make.rules
 
-SUBDIRS		= configuration \
-		  loadPEM \
-		  certificateAndKeyParsing \
-		  certificateVerifier \
-		  certificateVerification 
+SUBDIRS		= configuration
 
 $(EVERYTHING)::
 	@for subdir in $(SUBDIRS); \
diff --git a/cpp/test/IceSSL/certificateAndKeyParsing/.depend b/cpp/test/IceSSL/certificateAndKeyParsing/.depend
deleted file mode 100644
index 6ef71444871..00000000000
--- a/cpp/test/IceSSL/certificateAndKeyParsing/.depend
+++ /dev/null
@@ -1 +0,0 @@
-CertificateAndKeyParsing.o: CertificateAndKeyParsing.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/StreamF.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/LoggerF.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Process.h ../../../include/Ice/Outgoing.h ../../../include/Ice/Direct.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h ../../include/TestCommon.h ../../../include/IceSSL/Exception.h ../../../include/IceSSL/RSAKeyPair.h ../../../include/IceSSL/RSAKeyPairF.h ../../../include/IceSSL/Config.h ../../../include/IceSSL/RSACertificateGenF.h ../../../include/IceSSL/RSAPrivateKeyF.h ../../../include/IceSSL/RSAPublicKeyF.h ../../../include/IceSSL/RSACertificateGen.h ../../../include/IceSSL/Plugin.h ../../../include/Ice/Plugin.h ../../../include/IceSSL/CertificateVerifierF.h ../../../include/IceUtil/Base64.h
diff --git a/cpp/test/IceSSL/certificateAndKeyParsing/CertificateAndKeyParsing.cpp b/cpp/test/IceSSL/certificateAndKeyParsing/CertificateAndKeyParsing.cpp
deleted file mode 100644
index 7189c09defc..00000000000
--- a/cpp/test/IceSSL/certificateAndKeyParsing/CertificateAndKeyParsing.cpp
+++ /dev/null
@@ -1,770 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Ice.h>
-#include <TestCommon.h>
-#include <IceSSL/Exception.h>
-#include <IceSSL/RSAKeyPair.h>
-#include <IceSSL/RSACertificateGen.h>
-#include <IceSSL/Plugin.h>
-#include <IceUtil/Base64.h>
-
-#include <fstream>
-
-using namespace std;
-using namespace Ice;
-
-void
-testExpectCertificateAndPrivateKeyParseException(const IceSSL::PluginPtr& plugin,
-                                                 const string& key,
-                                                 const string& cert)
-{
-    try
-    {
-        plugin->setRSAKeysBase64(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::CertificateParseException&)
-    {
-    }
-    catch(const IceSSL::PrivateKeyParseException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectCertificateAndPrivateKeyParseException(const IceSSL::PluginPtr& plugin,
-                                                 const Ice::ByteSeq& key,
-                                                 const Ice::ByteSeq& cert)
-{
-    try
-    {
-        plugin->setRSAKeys(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::CertificateParseException&)
-    {
-    }
-    catch(const IceSSL::PrivateKeyParseException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectPrivateKeyParseException(const IceSSL::PluginPtr& plugin, const string& key, const string& cert)
-{
-    try
-    {
-        plugin->setRSAKeysBase64(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::PrivateKeyParseException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectPrivateKeyParseException(const IceSSL::PluginPtr& plugin, const Ice::ByteSeq& key, const Ice::ByteSeq& cert)
-{
-    try
-    {
-        plugin->setRSAKeys(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::PrivateKeyParseException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectCertificateParseException(const IceSSL::PluginPtr& plugin, const string& key, const string& cert)
-{
-    try
-    {
-        plugin->setRSAKeysBase64(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::CertificateParseException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectCertificateParseException(const IceSSL::PluginPtr& plugin, const Ice::ByteSeq& key, const Ice::ByteSeq& cert)
-{
-    try
-    {
-        plugin->setRSAKeys(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::CertificateParseException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectCertificateParseException(const IceSSL::PluginPtr& plugin, const string& cert)
-{
-    try
-    {
-        plugin->addTrustedCertificateBase64(IceSSL::Client, cert);
-        test(false);
-    }
-    catch(const IceSSL::CertificateParseException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectCertificateParseException(const IceSSL::PluginPtr& plugin, const Ice::ByteSeq& cert)
-{
-    try
-    {
-        plugin->addTrustedCertificate(IceSSL::Client, cert);
-        test(false);
-    }
-    catch(const IceSSL::CertificateParseException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectContextNotConfiguredException(const IceSSL::PluginPtr& plugin,
-                                        const string& key,
-                                        const string& cert)
-{
-    try
-    {
-        plugin->setRSAKeysBase64(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::ContextNotConfiguredException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectContextNotConfiguredException(const IceSSL::PluginPtr& plugin,
-                                        const Ice::ByteSeq& key,
-                                        const Ice::ByteSeq& cert)
-{
-    try
-    {
-        plugin->setRSAKeys(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::ContextNotConfiguredException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectContextNotConfiguredException(const IceSSL::PluginPtr& plugin, const string& cert)
-{
-    try
-    {
-        plugin->addTrustedCertificateBase64(IceSSL::Client, cert);
-        test(false);
-    }
-    catch(const IceSSL::ContextNotConfiguredException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectContextNotConfiguredException(const IceSSL::PluginPtr& plugin, const Ice::ByteSeq& cert)
-{
-    try
-    {
-        plugin->addTrustedCertificate(IceSSL::Client, cert);
-        test(false);
-    }
-    catch(const IceSSL::ContextNotConfiguredException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectCertificateKeyMatchException(const IceSSL::PluginPtr& plugin,
-                                       const string& key,
-                                       const string& cert)
-{
-    try
-    {
-        plugin->setRSAKeysBase64(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::CertificateKeyMatchException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testExpectCertificateKeyMatchException(const IceSSL::PluginPtr& plugin,
-                                       const Ice::ByteSeq& key,
-                                       const Ice::ByteSeq& cert)
-{
-    try
-    {
-        plugin->setRSAKeys(IceSSL::Client, key, cert);
-        test(false);
-    }
-    catch(const IceSSL::CertificateKeyMatchException&)
-    {
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testNoException(const IceSSL::PluginPtr& plugin, const string& key, const string& cert)
-{
-    try
-    {
-        plugin->setRSAKeysBase64(IceSSL::Client, key, cert);
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testNoException(const IceSSL::PluginPtr& plugin, const Ice::ByteSeq& key, const Ice::ByteSeq& cert)
-{
-    try
-    {
-        plugin->setRSAKeys(IceSSL::Client, key, cert);
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testNoException(const IceSSL::PluginPtr& plugin, const string& cert)
-{
-    try
-    {
-        plugin->addTrustedCertificateBase64(IceSSL::Client, cert);
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-void
-testNoException(const IceSSL::PluginPtr& plugin, const Ice::ByteSeq& cert)
-{
-    try
-    {
-        plugin->addTrustedCertificate(IceSSL::Client, cert);
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-
-    cout << "ok" << endl;
-}
-
-int
-run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
-{
-    PropertiesPtr properties = communicator->getProperties();
-
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-
-    string clientTestCertPath = properties->getProperty("IceSSL.Client.CertPath.Test");
-
-    IceSSL::RSACertificateGen certGen;
-
-    IceSSL::RSAKeyPairPtr goodKeyPair1;
-    IceSSL::RSAKeyPairPtr goodKeyPair2;
-
-    string goodKey1File = clientTestCertPath + "/goodKey_1.pem";
-    string goodCert1File = clientTestCertPath + "/goodCert_1.pem";
-    string goodKey2File = clientTestCertPath + "/goodKey_2.pem";
-    string goodCert2File = clientTestCertPath + "/goodCert_2.pem";
-
-    goodKeyPair1 = certGen.loadKeyPair(goodKey1File, goodCert1File);
-    goodKeyPair2 = certGen.loadKeyPair(goodKey2File, goodCert2File);
-
-    Ice::ByteSeq gcert1;
-    Ice::ByteSeq gkey1;
-    string gcert1b64;
-    string gkey1b64;
-
-    Ice::ByteSeq gcert2;
-    Ice::ByteSeq gkey2;
-    string gcert2b64;
-    string gkey2b64;
-
-    Ice::ByteSeq badCert;
-    Ice::ByteSeq badKey;
-    string badCertb64;
-    string badKeyb64;
-
-    goodKeyPair1->certToByteSeq(gcert1);
-    goodKeyPair1->keyToByteSeq(gkey1);
-    goodKeyPair1->certToBase64(gcert1b64);
-    goodKeyPair1->keyToBase64(gkey1b64);
-
-    goodKeyPair2->certToByteSeq(gcert2);
-    goodKeyPair2->keyToByteSeq(gkey2);
-    goodKeyPair2->certToBase64(gcert2b64);
-    goodKeyPair2->keyToBase64(gkey2b64);
-
-    string badKeyFile = clientTestCertPath + "/badKey.b64"; 
-    string badCertFile = clientTestCertPath + "/badCert.b64";
-
-    ifstream keyStream(badKeyFile.c_str());
-    ifstream certStream(badCertFile.c_str());
-
-    keyStream >> badKeyb64;
-    certStream >> badCertb64;
-
-    keyStream.close();
-    certStream.close();
-
-    badKey = IceUtil::Base64::decode(badKeyb64);
-    badCert = IceUtil::Base64::decode(badCertb64);
-
-    cout << "testing certificate and key parsing failures." << endl;
-
-    cout << "bad private key and certificate (Base64)... " << flush;
-    testExpectCertificateAndPrivateKeyParseException(sslPlugin, badKeyb64, badCertb64);
-
-    cout << "bad private key and certificate... " << flush;
-    testExpectCertificateAndPrivateKeyParseException(sslPlugin, badKey, badCert);
-
-    cout << "bad private key and good certificate (Base64)... " << flush;
-    testExpectPrivateKeyParseException(sslPlugin, badKeyb64, gcert1b64);
-
-    cout << "bad private key and good certificate... " << flush;
-    testExpectPrivateKeyParseException(sslPlugin, badKey, gcert1);
-
-    cout << "good private key and bad certificate (Base64)... " << flush;
-    testExpectCertificateParseException(sslPlugin, gkey1b64, badCertb64);
-
-    cout << "good private key and bad certificate... " << flush;
-    testExpectCertificateParseException(sslPlugin, gkey1, badCert);
-
-    cout << "bad certificate as a trusted certificate... " << flush;
-    testExpectCertificateParseException(sslPlugin, badCert);
-    
-    cout << "bad certificate as a trusted certificate (Base64)... " << flush;
-    testExpectCertificateParseException(sslPlugin, badCertb64);
-    
-    cout << "testing setting good certificates and keys on a unconfigured context." << endl;
-
-    cout << "good private key and certificate... " << flush;
-    testExpectContextNotConfiguredException(sslPlugin, gkey1, gcert1);
-    
-    cout << "good private key and certificate (Base64)... " << flush;
-    testExpectContextNotConfiguredException(sslPlugin, gkey1b64, gcert1b64);
-
-    cout << "good private key and certificate (again)... " << flush;
-    testExpectContextNotConfiguredException(sslPlugin, gkey2, gcert2);
-    
-    cout << "good private key and certificate (Base64) (again)... " << flush;
-    testExpectContextNotConfiguredException(sslPlugin, gkey2b64, gcert2b64);
-
-    cout << "good certificate as a trusted certificate... " << flush;
-    testExpectContextNotConfiguredException(sslPlugin, gcert1);
-    
-    cout << "good certificate as a trusted certificate (Base64)... " << flush;
-    testExpectContextNotConfiguredException(sslPlugin, gcert1b64);
-
-    properties->setProperty("IceSSL.Client.CertPath", clientTestCertPath);
-    properties->setProperty("IceSSL.Client.Config", "sslconfig_6.xml");
-    sslPlugin->configure(IceSSL::Client);
-
-#if !defined(_AIX) || defined(ICE_32)
-    //
-    // TODO: On AIX 64 bit with OpenSSL 0.9.7d, OpenSSL reports an
-    // error but does not put an error code on the error queue.
-    // This needs more investigation!
-    //
-
-    cout << "testing mismatched certificates and keys failures on a configured context." << endl;
-
-    cout << "good private key and certificate, mismatched (Base64)... " << flush;
-    testExpectCertificateKeyMatchException(sslPlugin, gkey1b64, gcert2b64);
-
-    cout << "good private key and certificate, mismatched (again)... " << flush;
-    testExpectCertificateKeyMatchException(sslPlugin, gkey2, gcert1);
-    
-    cout << "good private key and certificate, mismatched (Base64) (again)... " << flush;
-    testExpectCertificateKeyMatchException(sslPlugin, gkey2b64, gcert1b64);
-
-#endif
-
-    cout << "testing setting good certificates and keys on a configured context." << endl;
-
-    cout << "good private key and certificate... " << flush;
-    testNoException(sslPlugin, gkey1, gcert1);
-    
-    cout << "good private key and certificate (Base64)... " << flush;
-    testNoException(sslPlugin, gkey1b64, gcert1b64);
-
-    cout << "good private key and certificate (again)... " << flush;
-    testNoException(sslPlugin, gkey2, gcert2);
-    
-    cout << "good private key and certificate (Base64) (again)... " << flush;
-    testNoException(sslPlugin, gkey2b64, gcert2b64);
-
-    cout << "good certificate as trusted certificate... " << flush;
-    testNoException(sslPlugin, gcert1);
-    
-    cout << "good certificate as trusted certificate (Base64)... " << flush;
-    testNoException(sslPlugin, gcert2b64);
-
-    return EXIT_SUCCESS;
-}
-
-int
-main(int argc, char* argv[])
-{
-    int status;
-    Ice::CommunicatorPtr communicator;
-
-    try
-    {
-	communicator = Ice::initialize(argc, argv);
-	status = run(argc, argv, communicator);
-    }
-    catch(const Ice::Exception& ex)
-    {
-        cerr << ex << endl;
-	status = EXIT_FAILURE;
-    }
-
-    if(communicator)
-    {
-	try
-	{
-	    communicator->destroy();
-	}
-	catch(const Ice::Exception& ex)
-	{
-            cerr << ex << endl;
-	    status = EXIT_FAILURE;
-	}
-    }
-
-    return status;
-}
diff --git a/cpp/test/IceSSL/certificateAndKeyParsing/Makefile b/cpp/test/IceSSL/certificateAndKeyParsing/Makefile
deleted file mode 100644
index ee30964ff4a..00000000000
--- a/cpp/test/IceSSL/certificateAndKeyParsing/Makefile
+++ /dev/null
@@ -1,28 +0,0 @@
-# **********************************************************************
-#
-# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-#
-# This copy of Ice is licensed to you under the terms described in the
-# ICE_LICENSE file included in this distribution.
-#
-# **********************************************************************
-
-top_srcdir	= ../../..
-
-CLIENT		= certificateAndKeyParsing
-
-TARGETS		= $(CLIENT)
-
-OBJS		= CertificateAndKeyParsing.o
-
-SRCS		= $(OBJS:.o=.cpp)
-
-include $(top_srcdir)/config/Make.rules
-
-CPPFLAGS	:= -I. -I../../include $(OPENSSL_FLAGS) $(CPPFLAGS)
-
-$(CLIENT): $(OBJS)
-	rm -f $@
-	$(CXX) $(LDFLAGS) -o $@ $(OBJS) $(OPENSSL_RPATH_LINK) -lIceSSL $(EXPAT_RPATH_LINK) -lIceXML $(LIBS) $(OPENSSL_LIBS)
-
-include .depend
diff --git a/cpp/test/IceSSL/certificateAndKeyParsing/certificateandkeyparsing.dsp b/cpp/test/IceSSL/certificateAndKeyParsing/certificateandkeyparsing.dsp
deleted file mode 100644
index 604ebe2e090..00000000000
--- a/cpp/test/IceSSL/certificateAndKeyParsing/certificateandkeyparsing.dsp
+++ /dev/null
@@ -1,106 +0,0 @@
-# Microsoft Developer Studio Project File - Name="certificateandkeyparsing" - Package Owner=<4>

-# Microsoft Developer Studio Generated Build File, Format Version 6.00

-# ** DO NOT EDIT **

-

-# TARGTYPE "Win32 (x86) Console Application" 0x0103

-

-CFG=certificateandkeyparsing - Win32 Debug

-!MESSAGE This is not a valid makefile. To build this project using NMAKE,

-!MESSAGE use the Export Makefile command and run

-!MESSAGE 

-!MESSAGE NMAKE /f "certificateandkeyparsing.mak".

-!MESSAGE 

-!MESSAGE You can specify a configuration when running NMAKE

-!MESSAGE by defining the macro CFG on the command line. For example:

-!MESSAGE 

-!MESSAGE NMAKE /f "certificateandkeyparsing.mak" CFG="certificateandkeyparsing - Win32 Debug"

-!MESSAGE 

-!MESSAGE Possible choices for configuration are:

-!MESSAGE 

-!MESSAGE "certificateandkeyparsing - Win32 Release" (based on "Win32 (x86) Console Application")

-!MESSAGE "certificateandkeyparsing - Win32 Debug" (based on "Win32 (x86) Console Application")

-!MESSAGE 

-

-# Begin Project

-# PROP AllowPerConfigDependencies 0

-# PROP Scc_ProjName ""

-# PROP Scc_LocalPath ""

-CPP=cl.exe

-RSC=rc.exe

-

-!IF  "$(CFG)" == "certificateandkeyparsing - Win32 Release"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 0

-# PROP BASE Output_Dir "Release"

-# PROP BASE Intermediate_Dir "Release"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 0

-# PROP Output_Dir "Release"

-# PROP Intermediate_Dir "Release"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /c

-# ADD CPP /nologo /MD /W3 /WX /GR /GX /O2 /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "NDEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /c

-# SUBTRACT CPP /Z<none> /YX

-# ADD BASE RSC /l 0x409 /d "NDEBUG"

-# ADD RSC /l 0x409 /d "NDEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386

-# ADD LINK32 /nologo /subsystem:console /pdb:none /machine:I386 /out:"certificateandkeyparsing.exe" /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /debug

-

-!ELSEIF  "$(CFG)" == "certificateandkeyparsing - Win32 Debug"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 1

-# PROP BASE Output_Dir "Debug"

-# PROP BASE Intermediate_Dir "Debug"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 1

-# PROP Output_Dir "Debug"

-# PROP Intermediate_Dir "Debug"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c

-# ADD CPP /nologo /MDd /W3 /WX /Gm /GR /GX /Zi /Od /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "_DEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /GZ /c

-# SUBTRACT CPP /YX

-# ADD BASE RSC /l 0x409 /d "_DEBUG"

-# ADD RSC /l 0x409 /d "_DEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept

-# ADD LINK32 /nologo /subsystem:console /debug /machine:I386 /out:"certificateandkeyparsing.exe" /pdbtype:sept /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /pdb:none

-

-!ENDIF 

-

-# Begin Target

-

-# Name "certificateandkeyparsing - Win32 Release"

-# Name "certificateandkeyparsing - Win32 Debug"

-# Begin Group "Source Files"

-

-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"

-# Begin Source File

-

-SOURCE=.\certificateandkeyparsing.cpp

-# End Source File

-# End Group

-# Begin Group "Header Files"

-

-# PROP Default_Filter "h;hpp;hxx;hm;inl"

-# End Group

-# Begin Group "Resource Files"

-

-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"

-# End Group

-# End Target

-# End Project

diff --git a/cpp/test/IceSSL/certificateAndKeyParsing/run.py b/cpp/test/IceSSL/certificateAndKeyParsing/run.py
deleted file mode 100755
index 1617c444edf..00000000000
--- a/cpp/test/IceSSL/certificateAndKeyParsing/run.py
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/bin/env python
-# **********************************************************************
-#
-# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-#
-# This copy of Ice is licensed to you under the terms described in the
-# ICE_LICENSE file included in this distribution.
-#
-# **********************************************************************
-
-import os, sys
-
-for toplevel in [".", "..", "../..", "../../..", "../../../.."]:
-    toplevel = os.path.normpath(toplevel)
-    if os.path.exists(os.path.join(toplevel, "config", "TestUtil.py")):
-        break
-else:
-    raise "can't find toplevel directory!"
-
-sys.path.append(os.path.join(toplevel, "config"))
-import TestUtil
-
-if TestUtil.protocol != "ssl" :
-    print "This test may only be run with SSL enabled."
-    sys.exit(0)
-
-testOptions = " --IceSSL.Client.CertPath.Test=" + os.path.join(toplevel, "test", "IceSSL", "certs") + \
-              " --IceSSL.Client.CertPath=" + os.path.join(toplevel, "test", "IceSSL", "certs") + \
-              " --IceSSL.Client.Config= " + \
-              " --IceSSL.Server.CertPath=" + os.path.join(toplevel, "test", "IceSSL", "certs") + \
-              " --IceSSL.Server.Config= "
-
-name = os.path.join("IceSSL", "certificateAndKeyParsing")
-testdir = os.path.join(toplevel, "test", name)
-
-client = os.path.join(testdir, "certificateAndKeyParsing")
-
-localClientOptions = TestUtil.clientServerProtocol + TestUtil.defaultHost
-print "starting certificateAndKeyParsing...",
-clientPipe = os.popen(client + localClientOptions + testOptions + " 2>&1")
-print "ok"
-
-TestUtil.printOutputFromPipe(clientPipe)
-    
-clientStatus = TestUtil.closePipe(clientPipe)
-
-if clientStatus:
-    sys.exit(1)
-
-sys.exit(0)
diff --git a/cpp/test/IceSSL/certificateVerification/.depend b/cpp/test/IceSSL/certificateVerification/.depend
deleted file mode 100644
index 89142fceb0a..00000000000
--- a/cpp/test/IceSSL/certificateVerification/.depend
+++ /dev/null
@@ -1,4 +0,0 @@
-Pinger.o: Pinger.cpp ./Pinger.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Exception.h ../../../include/IceUtil/Config.h ../../../include/Ice/Config.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/IceUtil/Shared.h ../../../include/Ice/Proxy.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/StreamF.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/Object.h ../../../include/Ice/GCShared.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/Outgoing.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/BasicStream.h ../../../include/Ice/InstanceF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/Buffer.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/Direct.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/LocalException.h ../../../include/Ice/ObjectFactory.h
-Client.o: Client.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/StreamF.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/LoggerF.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Process.h ../../../include/Ice/Outgoing.h ../../../include/Ice/Direct.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h ../../../include/IceSSL/Plugin.h ../../../include/Ice/Plugin.h ../../../include/IceSSL/CertificateVerifierF.h ../../../include/IceSSL/Exception.h ../../include/TestCommon.h ./Pinger.h
-Server.o: Server.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/StreamF.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/LoggerF.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Process.h ../../../include/Ice/Outgoing.h ../../../include/Ice/Direct.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h ../../../include/IceSSL/RSACertificateGen.h ../../../include/IceSSL/RSAKeyPairF.h ../../../include/IceSSL/Config.h ../../../include/IceSSL/RSAKeyPair.h ../../../include/IceSSL/RSACertificateGenF.h ../../../include/IceSSL/RSAPrivateKeyF.h ../../../include/IceSSL/RSAPublicKeyF.h ../../../include/IceSSL/Plugin.h ../../../include/Ice/Plugin.h ../../../include/IceSSL/CertificateVerifierF.h ./Pinger.h
-Pinger.cpp: Pinger.ice ../../../slice/Ice/BuiltinSequences.ice
diff --git a/cpp/test/IceSSL/certificateVerification/Client.cpp b/cpp/test/IceSSL/certificateVerification/Client.cpp
deleted file mode 100644
index aeab0bf195a..00000000000
--- a/cpp/test/IceSSL/certificateVerification/Client.cpp
+++ /dev/null
@@ -1,223 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Ice.h>
-#include <IceSSL/Plugin.h>
-#include <IceSSL/Exception.h>
-#include <TestCommon.h>
-#include <Pinger.h>
-
-using namespace std;
-using namespace Test;
-
-int
-run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
-{
-    const string ref1 = "pinger:ssl -p 12010 -t 10000";
-    const string ref2 = "pinger:ssl -p 12011 -t 10000";
-    const string ref3 = "pinger:ssl -p 12347 -t 10000";
-    const string ref4 = "pinger:ssl -p 12348 -t 10000";
-    const string ref5 = "pinger:ssl -p 12349 -t 10000";
-
-    KeyManagerPrx km = KeyManagerPrx::checkedCast(communicator->stringToProxy("keyManager:tcp -p 12344 -t 10000"));
-
-    Ice::ByteSeq serverTrustedCert;
-    Ice::ByteSeq serverUntrustedCert;
-    Ice::ByteSeq clientTrustedKey;
-    Ice::ByteSeq clientTrustedCert;
-    Ice::ByteSeq clientUntrustedKey;
-    Ice::ByteSeq clientUntrustedCert;
-
-    km->getServerCerts(serverTrustedCert,serverUntrustedCert);
-    km->getTrustedClientKeys(clientTrustedKey,clientTrustedCert);
-    km->getUntrustedClientKeys(clientUntrustedKey,clientUntrustedCert);
-
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-
-    Ice::PropertiesPtr properties = communicator->getProperties();
-
-    // Use test related paths - override values in TestUtil.py
-    std::string clientCertPath = properties->getProperty("TestSSL.Client.CertPath");
-    std::string serverCertPath = properties->getProperty("TestSSL.Server.CertPath");
-    properties->setProperty("IceSSL.Client.CertPath", clientCertPath);
-    properties->setProperty("IceSSL.Server.CertPath", serverCertPath);
-
-    bool singleCertVerifier = false;
-    if(properties->getProperty("TestSSL.Client.CertificateVerifier") == "singleCert")
-    {
-        singleCertVerifier = true;
-    }
-
-    if(!singleCertVerifier)
-    {
-        cout << "client and server trusted, client using stock certificate... " << flush;
-
-        properties->setProperty("IceSSL.Client.Config", "sslconfig_6.xml");
-        sslPlugin->configure(IceSSL::Client);
-        sslPlugin->addTrustedCertificate(IceSSL::Client, serverTrustedCert);
-        try
-        {
-	    Ice::ObjectPrx pinger1 = communicator->stringToProxy(ref1);
-            pinger1->ice_ping();
-            cout << "ok" << endl;
-        }
-        catch(const Ice::LocalException& ex)
-        {
-            cout << ex << endl;
-            km->shutdown();
-            test(false);
-        }
-    }
-
-    properties->setProperty("IceSSL.Client.Config", "sslconfig_7.xml");
-
-    cout << "client and server do not trust each other... " << flush;
-
-    // Neither Client nor Server will trust.
-    sslPlugin->configure(IceSSL::Client);
-    sslPlugin->addTrustedCertificate(IceSSL::Client, serverUntrustedCert);
-    if(singleCertVerifier)
-    {
-        IceSSL::CertificateVerifierPtr certVerifier = sslPlugin->getSingleCertVerifier(serverUntrustedCert);
-        sslPlugin->setCertificateVerifier(IceSSL::Client, certVerifier);
-    }
-    sslPlugin->setRSAKeys(IceSSL::Client, clientUntrustedKey, clientUntrustedCert);
-    try
-    {
-	Ice::ObjectPrx pinger2 = communicator->stringToProxy(ref2);
-        pinger2->ice_ping();
-        km->shutdown();
-        test(false);
-    }
-    catch(const IceSSL::CertificateVerificationException&)
-    {
-	cout << "ok" << endl;
-    }
-    catch(const Ice::LocalException& ex)
-    {
-	cout << ex << endl;
-        km->shutdown();
-        test(false);
-    }
-
-    cout << "client trusted, server not trusted... " << flush;
-
-    // Client will not trust Server, but Server will trust Client.
-    sslPlugin->setRSAKeys(IceSSL::Client, clientTrustedKey, clientTrustedCert);
-    try
-    {
-	Ice::ObjectPrx pinger3 = communicator->stringToProxy(ref3);
-        pinger3->ice_ping();
-        km->shutdown();
-        test(false);
-    }
-    catch(const IceSSL::CertificateVerificationException&)
-    {
-	cout << "ok" << endl;
-    }
-    catch(const Ice::LocalException& ex)
-    {
-	cout << ex << endl;
-        km->shutdown();
-        test(false);
-    }
-
-    cout << "client trusts server, server does not trust client... " << flush;
-
-    // Client trusts, Server does not.
-    sslPlugin->configure(IceSSL::Client);
-    sslPlugin->addTrustedCertificate(IceSSL::Client, serverTrustedCert);
-    if(singleCertVerifier)
-    {
-        IceSSL::CertificateVerifierPtr certVerifier = sslPlugin->getSingleCertVerifier(serverTrustedCert);
-        sslPlugin->setCertificateVerifier(IceSSL::Client, certVerifier);
-    }
-    sslPlugin->setRSAKeys(IceSSL::Client, clientUntrustedKey, clientUntrustedCert);
-    try
-    {
-	Ice::ObjectPrx pinger4 = communicator->stringToProxy(ref4);
-        pinger4->ice_ping();
-        km->shutdown();
-        test(false);
-    }
-    catch(const IceSSL::ProtocolException&)
-    {
-        // Note: We expect that the server will send an alert 48 back to the client,
-        //       generating this exception.
-	cout << "ok" << endl;
-    }
-    catch(const Ice::LocalException& ex)
-    {
-	cout << ex << endl;
-        km->shutdown();
-        test(false);
-    }
-
-    cout << "both client and server trust each other... " << flush;
-
-    // Both Client and Server trust.
-    sslPlugin->setRSAKeys(IceSSL::Client, clientTrustedKey, clientTrustedCert);
-
-    try
-    {
-	Ice::ObjectPrx pinger5 = communicator->stringToProxy(ref5);
-	pinger5->ice_ping();
-	cout << "ok" << endl;
-    }
-    catch(const Ice::LocalException& ex)
-    {
-	cout << ex << endl;
-        km->shutdown();
-        test(false);
-    }
-
-    cout << "shutting down... " << flush;
-    km->shutdown();
-    cout << "ok" << endl;
-
-    return EXIT_SUCCESS;
-}
-
-int
-main(int argc, char* argv[])
-{
-    int status;
-    Ice::CommunicatorPtr communicator;
-
-    try
-    {
-	communicator = Ice::initialize(argc, argv);
-        Ice::PropertiesPtr properties = communicator->getProperties();
-        Ice::StringSeq args = Ice::argsToStringSeq(argc, argv);
-        args = properties->parseCommandLineOptions("TestSSL", args);
-        Ice::stringSeqToArgs(args, argc, argv);
-	status = run(argc, argv, communicator);
-    }
-    catch(const Ice::Exception& ex)
-    {
-	cerr << ex << endl;
-	status = EXIT_FAILURE;
-    }
-
-    if(communicator)
-    {
-	try
-	{
-	    communicator->destroy();
-	}
-	catch(const Ice::Exception& ex)
-	{
-	    cerr << ex << endl;
-	    status = EXIT_FAILURE;
-	}
-    }
-
-    return status;
-}
diff --git a/cpp/test/IceSSL/certificateVerification/Makefile b/cpp/test/IceSSL/certificateVerification/Makefile
deleted file mode 100644
index 60a4b9595eb..00000000000
--- a/cpp/test/IceSSL/certificateVerification/Makefile
+++ /dev/null
@@ -1,41 +0,0 @@
-# **********************************************************************
-#
-# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-#
-# This copy of Ice is licensed to you under the terms described in the
-# ICE_LICENSE file included in this distribution.
-#
-# **********************************************************************
-
-top_srcdir	= ../../..
-
-CLIENT		= client
-SERVER		= server
-
-TARGETS		= $(CLIENT) $(SERVER)
-
-OBJS		= Pinger.o
-
-COBJS		= Client.o 
-
-SOBJS		= Server.o
-
-SRCS		= $(OBJS:.o=.cpp) \
-		  $(COBJS:.o=.cpp) \
-		  $(SOBJS:.o=.cpp)
-
-SLICE_SRCS	= Pinger.ice
-
-include $(top_srcdir)/config/Make.rules
-
-CPPFLAGS	:= -I. -I../../include $(OPENSSL_FLAGS) $(CPPFLAGS)
-
-$(CLIENT): $(OBJS) $(COBJS)
-	rm -f $@
-	$(CXX) $(LDFLAGS) -o $@ $(OBJS) $(COBJS) $(OPENSSL_RPATH_LINK) -lIceSSL $(EXPAT_RPATH_LINK) -lIceXML $(LIBS) $(OPENSSL_LIBS)
-
-$(SERVER): $(OBJS) $(SOBJS)
-	rm -f $@
-	$(CXX) $(LDFLAGS) -o $@ $(OBJS) $(SOBJS) $(OPENSSL_RPATH_LINK) -lIceSSL $(EXPAT_RPATH_LINK) -lIceXML $(LIBS) $(OPENSSL_LIBS)
-
-include .depend
diff --git a/cpp/test/IceSSL/certificateVerification/Pinger.ice b/cpp/test/IceSSL/certificateVerification/Pinger.ice
deleted file mode 100644
index 3feea9ac78f..00000000000
--- a/cpp/test/IceSSL/certificateVerification/Pinger.ice
+++ /dev/null
@@ -1,32 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#ifndef PINGER_ICE
-#define PINGER_ICE
-
-#include <Ice/BuiltinSequences.ice>
-
-module Test
-{
-
-class KeyManager
-{
-    void getServerCerts(out Ice::ByteSeq trusted, out Ice::ByteSeq untrusted);
-    void getTrustedClientKeys(out Ice::ByteSeq key, out Ice::ByteSeq cert);
-    void getUntrustedClientKeys(out Ice::ByteSeq key, out Ice::ByteSeq cert);
-    void shutdown();
-};
-
-class Pinger
-{
-};
-
-};
-
-#endif
diff --git a/cpp/test/IceSSL/certificateVerification/Server.cpp b/cpp/test/IceSSL/certificateVerification/Server.cpp
deleted file mode 100644
index 5ca1c4d7df6..00000000000
--- a/cpp/test/IceSSL/certificateVerification/Server.cpp
+++ /dev/null
@@ -1,207 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Ice.h>
-#include <IceSSL/RSACertificateGen.h>
-#include <IceSSL/RSAKeyPair.h>
-#include <IceSSL/Plugin.h>
-#include <Pinger.h>
-
-using namespace std;
-using namespace Test;
-
-class KeyManagerI : public KeyManager
-{
-
-public:
-
-    KeyManagerI(const IceSSL::RSAKeyPairPtr&, const IceSSL::RSAKeyPairPtr&,
-                const IceSSL::RSAKeyPairPtr&, const IceSSL::RSAKeyPairPtr&);
-
-    virtual void getServerCerts(Ice::ByteSeq&, Ice::ByteSeq&, const ::Ice::Current&);
-    virtual void getTrustedClientKeys(Ice::ByteSeq&, Ice::ByteSeq&, const ::Ice::Current&);
-    virtual void getUntrustedClientKeys(Ice::ByteSeq&, Ice::ByteSeq&, const ::Ice::Current&);
-    virtual void shutdown(const ::Ice::Current&);
-
-protected:
-
-    const IceSSL::RSAKeyPairPtr _serverTrusted;
-    const IceSSL::RSAKeyPairPtr _serverUntrusted;
-    const IceSSL::RSAKeyPairPtr _clientTrusted;
-    const IceSSL::RSAKeyPairPtr _clientUntrusted;
-};
-
-KeyManagerI::KeyManagerI(const IceSSL::RSAKeyPairPtr& serverTrusted,
-                         const IceSSL::RSAKeyPairPtr& serverUntrusted,
-                         const IceSSL::RSAKeyPairPtr& clientTrusted,
-                         const IceSSL::RSAKeyPairPtr& clientUntrusted) :
-            _serverTrusted(serverTrusted), _serverUntrusted(serverUntrusted),
-            _clientTrusted(clientTrusted), _clientUntrusted(clientUntrusted)
-{
-}
-
-void
-KeyManagerI::getServerCerts(Ice::ByteSeq& trusted, Ice::ByteSeq& untrusted, const ::Ice::Current&)
-{
-    _serverTrusted->certToByteSeq(trusted);
-    _serverUntrusted->certToByteSeq(untrusted);
-}
-
-void
-KeyManagerI::getTrustedClientKeys(Ice::ByteSeq& key, Ice::ByteSeq& cert, const ::Ice::Current&)
-{
-    _clientTrusted->keyToByteSeq(key);
-    _clientTrusted->certToByteSeq(cert);
-}
-
-void
-KeyManagerI::getUntrustedClientKeys(Ice::ByteSeq& key, Ice::ByteSeq& cert, const ::Ice::Current&)
-{
-    _clientUntrusted->keyToByteSeq(key);
-    _clientUntrusted->certToByteSeq(cert);
-}
-
-void
-KeyManagerI::shutdown(const ::Ice::Current& c)
-{
-    c.adapter->getCommunicator()->shutdown();
-}
-
-class PingerI : public Pinger
-{
-public:
-
-    PingerI() { }
-};
-
-int
-run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
-{
-    Ice::PropertiesPtr properties = communicator->getProperties();
-
-    std::string certPath = properties->getProperty("TestSSL.Server.CertPath");
-    properties->setProperty("IceSSL.Server.CertPath", certPath);
-
-    properties->setProperty("Ice.Warn.Connections", "0");
-    properties->setProperty("IceSSL.Server.Config", "sslconfig_8.xml");
-
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-    sslPlugin->configure(IceSSL::Server);
-
-    IceSSL::RSACertificateGen certGen;
-
-    IceSSL::RSACertificateGenContext certGenContext;
-
-    // Base setup.
-    certGenContext.setCountry("US");
-    certGenContext.setStateProvince("DC");
-    certGenContext.setLocality("Washington");
-    certGenContext.setOrganization("Some Company Inc.");
-    certGenContext.setOrgainizationalUnit("Sales");
-    certGenContext.setBitStrength(1024);
-    certGenContext.setSecondsValid(IceSSL::RSACertificateGenContext::hoursToSeconds(1));
-
-    IceSSL::RSAKeyPairPtr serverTrusted;
-    IceSSL::RSAKeyPairPtr serverUntrusted;
-    IceSSL::RSAKeyPairPtr clientTrusted;
-    IceSSL::RSAKeyPairPtr clientUntrusted;
-
-    certGenContext.setCommonName("Server Trusted");
-    serverTrusted = certGen.generate(certGenContext);
-
-    certGenContext.setCommonName("Server Untrusted");
-    serverUntrusted = certGen.generate(certGenContext);
-
-    certGenContext.setCommonName("Client Trusted");
-    clientTrusted = certGen.generate(certGenContext);
-
-    certGenContext.setCommonName("Client Untrusted");
-    clientUntrusted = certGen.generate(certGenContext);
-
-    Ice::ObjectPtr object = new KeyManagerI(serverTrusted, serverUntrusted, clientTrusted, clientUntrusted);
-
-    Ice::ByteSeq trustedCertificate;
-    Ice::ByteSeq serverCertificate;
-    Ice::ByteSeq serverKey;
-
-    clientTrusted->certToByteSeq(trustedCertificate);
-    serverTrusted->certToByteSeq(serverCertificate);
-    serverTrusted->keyToByteSeq(serverKey);
-
-    sslPlugin->addTrustedCertificate(IceSSL::Server, trustedCertificate);
-    sslPlugin->setRSAKeys(IceSSL::Server, serverKey, serverCertificate);
-
-    if(properties->getProperty("TestSSL.Server.CertificateVerifier") == "singleCert")
-    {
-        IceSSL::CertificateVerifierPtr certVerifier = sslPlugin->getSingleCertVerifier(trustedCertificate);
-        sslPlugin->setCertificateVerifier(IceSSL::Server, certVerifier);
-    }
-
-    properties->setProperty("KeyManagerAdapter.Endpoints", "tcp -p 12344 -t 10000");
-    bool printAdapterReady = properties->getPropertyAsInt("Ice.PrintAdapterReady") > 0;
-    properties->setProperty("Ice.PrintAdapterReady", "0");
-    Ice::ObjectAdapterPtr kmAdapter = communicator->createObjectAdapter("KeyManagerAdapter");
-    kmAdapter->add(object, Ice::stringToIdentity("keyManager"));
-    kmAdapter->activate();
-
-    const string pingerEndpoints =
-	"ssl -p 12010 -t 10000"
-	":ssl -p 12011 -t 10000"
-	":ssl -p 12347 -t 10000"
-	":ssl -p 12348 -t 10000"
-	":ssl -p 12349 -t 10000";
-    if(printAdapterReady)
-    {
-	properties->setProperty("Ice.PrintAdapterReady", "1");
-    }
-    properties->setProperty("PingerAdapter.Endpoints", pingerEndpoints);
-    Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapter("PingerAdapter");
-    adapter->add(new PingerI(), Ice::stringToIdentity("pinger"));
-    adapter->activate();
-    communicator->waitForShutdown();
-    return EXIT_SUCCESS;
-}
-
-int
-main(int argc, char* argv[])
-{
-    int status;
-    Ice::CommunicatorPtr communicator;
-
-    try
-    {
-	communicator = Ice::initialize(argc, argv);
-        Ice::PropertiesPtr properties = communicator->getProperties();
-        Ice::StringSeq args = Ice::argsToStringSeq(argc, argv);
-        args = properties->parseCommandLineOptions("TestSSL", args);
-        Ice::stringSeqToArgs(args, argc, argv);
-	status = run(argc, argv, communicator);
-    }
-    catch(const Ice::Exception& ex)
-    {
-	cerr << ex << endl;
-	status = EXIT_FAILURE;
-    }
-
-    if(communicator)
-    {
-	try
-	{
-	    communicator->destroy();
-	}
-	catch(const Ice::Exception& ex)
-	{
-	    cerr << ex << endl;
-	    status = EXIT_FAILURE;
-	}
-    }
-
-    return status;
-}
diff --git a/cpp/test/IceSSL/certificateVerification/certificateverificationC.dsp b/cpp/test/IceSSL/certificateVerification/certificateverificationC.dsp
deleted file mode 100644
index e733c061140..00000000000
--- a/cpp/test/IceSSL/certificateVerification/certificateverificationC.dsp
+++ /dev/null
@@ -1,153 +0,0 @@
-# Microsoft Developer Studio Project File - Name="certificateverificationC" - Package Owner=<4>

-# Microsoft Developer Studio Generated Build File, Format Version 6.00

-# ** DO NOT EDIT **

-

-# TARGTYPE "Win32 (x86) Console Application" 0x0103

-

-CFG=certificateverificationC - Win32 Debug

-!MESSAGE This is not a valid makefile. To build this project using NMAKE,

-!MESSAGE use the Export Makefile command and run

-!MESSAGE 

-!MESSAGE NMAKE /f "certificateverificationC.mak".

-!MESSAGE 

-!MESSAGE You can specify a configuration when running NMAKE

-!MESSAGE by defining the macro CFG on the command line. For example:

-!MESSAGE 

-!MESSAGE NMAKE /f "certificateverificationC.mak" CFG="certificateverificationC - Win32 Debug"

-!MESSAGE 

-!MESSAGE Possible choices for configuration are:

-!MESSAGE 

-!MESSAGE "certificateverificationC - Win32 Release" (based on "Win32 (x86) Console Application")

-!MESSAGE "certificateverificationC - Win32 Debug" (based on "Win32 (x86) Console Application")

-!MESSAGE 

-

-# Begin Project

-# PROP AllowPerConfigDependencies 0

-# PROP Scc_ProjName ""

-# PROP Scc_LocalPath ""

-CPP=cl.exe

-RSC=rc.exe

-

-!IF  "$(CFG)" == "certificateverificationC - Win32 Release"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 0

-# PROP BASE Output_Dir "Release"

-# PROP BASE Intermediate_Dir "Release"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 0

-# PROP Output_Dir "Release"

-# PROP Intermediate_Dir "Release"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /c

-# ADD CPP /nologo /MD /W3 /WX /GR /GX /O2 /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "NDEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /c

-# SUBTRACT CPP /Z<none> /YX

-# ADD BASE RSC /l 0x409 /d "NDEBUG"

-# ADD RSC /l 0x409 /d "NDEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386

-# ADD LINK32 /nologo /subsystem:console /pdb:none /machine:I386 /out:"client.exe" /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /debug

-

-!ELSEIF  "$(CFG)" == "certificateverificationC - Win32 Debug"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 1

-# PROP BASE Output_Dir "Debug"

-# PROP BASE Intermediate_Dir "Debug"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 1

-# PROP Output_Dir "Debug"

-# PROP Intermediate_Dir "Debug"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c

-# ADD CPP /nologo /MDd /W3 /WX /Gm /GR /GX /Zi /Od /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "_DEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /GZ /c

-# SUBTRACT CPP /YX

-# ADD BASE RSC /l 0x409 /d "_DEBUG"

-# ADD RSC /l 0x409 /d "_DEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept

-# ADD LINK32 /nologo /subsystem:console /debug /machine:I386 /out:"client.exe" /pdbtype:sept /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /pdb:none

-

-!ENDIF 

-

-# Begin Target

-

-# Name "certificateverificationC - Win32 Release"

-# Name "certificateverificationC - Win32 Debug"

-# Begin Group "Source Files"

-

-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"

-# Begin Source File

-

-SOURCE=.\Client.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\Pinger.cpp

-# End Source File

-# End Group

-# Begin Group "Header Files"

-

-# PROP Default_Filter "h;hpp;hxx;hm;inl"

-# Begin Source File

-

-SOURCE=.\Pinger.h

-# End Source File

-# End Group

-# Begin Group "Resource Files"

-

-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"

-# Begin Source File

-

-SOURCE=.\Pinger.ice

-

-!IF  "$(CFG)" == "certificateverificationC - Win32 Release"

-

-USERDEP__PINGE="..\..\..\bin\slice2cpp.exe"	"..\..\..\lib\slice.lib"	

-# Begin Custom Build

-InputPath=.\Pinger.ice

-

-BuildCmds= \

-	..\..\..\bin\slice2cpp.exe -I../../../slice Pinger.ice

-

-"Pinger.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"Pinger.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ELSEIF  "$(CFG)" == "certificateverificationC - Win32 Debug"

-

-USERDEP__PINGE="..\..\..\bin\slice2cpp.exe"	"..\..\..\lib\sliced.lib"	

-# Begin Custom Build

-InputPath=.\Pinger.ice

-

-BuildCmds= \

-	..\..\..\bin\slice2cpp.exe -I../../../slice Pinger.ice

-

-"Pinger.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"Pinger.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ENDIF 

-

-# End Source File

-# End Group

-# End Target

-# End Project

diff --git a/cpp/test/IceSSL/certificateVerification/certificateverificationS.dsp b/cpp/test/IceSSL/certificateVerification/certificateverificationS.dsp
deleted file mode 100644
index 0f77b79200c..00000000000
--- a/cpp/test/IceSSL/certificateVerification/certificateverificationS.dsp
+++ /dev/null
@@ -1,153 +0,0 @@
-# Microsoft Developer Studio Project File - Name="certificateverificationS" - Package Owner=<4>

-# Microsoft Developer Studio Generated Build File, Format Version 6.00

-# ** DO NOT EDIT **

-

-# TARGTYPE "Win32 (x86) Console Application" 0x0103

-

-CFG=certificateverificationS - Win32 Debug

-!MESSAGE This is not a valid makefile. To build this project using NMAKE,

-!MESSAGE use the Export Makefile command and run

-!MESSAGE 

-!MESSAGE NMAKE /f "certificateverificationS.mak".

-!MESSAGE 

-!MESSAGE You can specify a configuration when running NMAKE

-!MESSAGE by defining the macro CFG on the command line. For example:

-!MESSAGE 

-!MESSAGE NMAKE /f "certificateverificationS.mak" CFG="certificateverificationS - Win32 Debug"

-!MESSAGE 

-!MESSAGE Possible choices for configuration are:

-!MESSAGE 

-!MESSAGE "certificateverificationS - Win32 Release" (based on "Win32 (x86) Console Application")

-!MESSAGE "certificateverificationS - Win32 Debug" (based on "Win32 (x86) Console Application")

-!MESSAGE 

-

-# Begin Project

-# PROP AllowPerConfigDependencies 0

-# PROP Scc_ProjName ""

-# PROP Scc_LocalPath ""

-CPP=cl.exe

-RSC=rc.exe

-

-!IF  "$(CFG)" == "certificateverificationS - Win32 Release"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 0

-# PROP BASE Output_Dir "Release"

-# PROP BASE Intermediate_Dir "Release"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 0

-# PROP Output_Dir "Release"

-# PROP Intermediate_Dir "Release"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /c

-# ADD CPP /nologo /MD /W3 /WX /GR /GX /O2 /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "NDEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /c

-# SUBTRACT CPP /Z<none> /YX

-# ADD BASE RSC /l 0x409 /d "NDEBUG"

-# ADD RSC /l 0x409 /d "NDEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386

-# ADD LINK32 /nologo /subsystem:console /pdb:none /machine:I386 /out:"server.exe" /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /debug

-

-!ELSEIF  "$(CFG)" == "certificateverificationS - Win32 Debug"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 1

-# PROP BASE Output_Dir "certificateverificationS___Win32_Debug"

-# PROP BASE Intermediate_Dir "certificateverificationS___Win32_Debug"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 1

-# PROP Output_Dir "Debug"

-# PROP Intermediate_Dir "Debug"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c

-# ADD CPP /nologo /MDd /W3 /WX /Gm /GR /GX /Zi /Od /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "_DEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /GZ /c

-# SUBTRACT CPP /YX

-# ADD BASE RSC /l 0x409 /d "_DEBUG"

-# ADD RSC /l 0x409 /d "_DEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept

-# ADD LINK32 /nologo /subsystem:console /debug /machine:I386 /out:"server.exe" /pdbtype:sept /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /pdb:none

-

-!ENDIF 

-

-# Begin Target

-

-# Name "certificateverificationS - Win32 Release"

-# Name "certificateverificationS - Win32 Debug"

-# Begin Group "Source Files"

-

-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"

-# Begin Source File

-

-SOURCE=.\Pinger.cpp

-# End Source File

-# Begin Source File

-

-SOURCE=.\Server.cpp

-# End Source File

-# End Group

-# Begin Group "Header Files"

-

-# PROP Default_Filter "h;hpp;hxx;hm;inl"

-# Begin Source File

-

-SOURCE=.\Pinger.h

-# End Source File

-# End Group

-# Begin Group "Resource Files"

-

-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"

-# Begin Source File

-

-SOURCE=.\Pinger.ice

-

-!IF  "$(CFG)" == "certificateverificationS - Win32 Release"

-

-USERDEP__PINGE="..\..\..\bin\slice2cpp.exe"	"..\..\..\lib\slice.lib"	

-# Begin Custom Build

-InputPath=.\Pinger.ice

-

-BuildCmds= \

-	..\..\..\bin\slice2cpp.exe -I../../../slice Pinger.ice

-

-"Pinger.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"Pinger.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ELSEIF  "$(CFG)" == "certificateverificationS - Win32 Debug"

-

-USERDEP__PINGE="..\..\..\bin\slice2cpp.exe"	"..\..\..\lib\sliced.lib"	

-# Begin Custom Build

-InputPath=.\Pinger.ice

-

-BuildCmds= \

-	..\..\..\bin\slice2cpp.exe -I../../../slice Pinger.ice

-

-"Pinger.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-

-"Pinger.cpp" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"

-   $(BuildCmds)

-# End Custom Build

-

-!ENDIF 

-

-# End Source File

-# End Group

-# End Target

-# End Project

diff --git a/cpp/test/IceSSL/certificateVerification/run.py b/cpp/test/IceSSL/certificateVerification/run.py
deleted file mode 100755
index f4a9e44d0bc..00000000000
--- a/cpp/test/IceSSL/certificateVerification/run.py
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/usr/bin/env python
-# **********************************************************************
-#
-# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-#
-# This copy of Ice is licensed to you under the terms described in the
-# ICE_LICENSE file included in this distribution.
-#
-# **********************************************************************
-
-import os, sys
-
-for toplevel in [".", "..", "../..", "../../..", "../../../.."]:
-    toplevel = os.path.normpath(toplevel)
-    if os.path.exists(os.path.join(toplevel, "config", "TestUtil.py")):
-        break
-else:
-    raise "can't find toplevel directory!"
-
-sys.path.append(os.path.join(toplevel, "config"))
-import TestUtil
-
-if TestUtil.protocol != "ssl":
-    print "This test may only be run with SSL enabled."
-    sys.exit(0)
-
-oldClientOptions = TestUtil.clientOptions
-oldServerOptions = TestUtil.serverOptions
-oldClientServerOptions = TestUtil.clientServerOptions
-
-TestUtil.clientOptions += " --TestSSL.Client.CertPath=" + os.path.join(toplevel, "test", "IceSSL", "certs")
-TestUtil.serverOptions += " --TestSSL.Server.CertPath=" + os.path.join(toplevel, "test", "IceSSL", "certs")
-TestUtil.clientServerOptions += " --TestSSL.Client.CertPath=" + os.path.join(toplevel, "test", "IceSSL", "certs") + \
-                                " --TestSSL.Server.CertPath=" + os.path.join(toplevel, "test", "IceSSL", "certs")
-
-name = os.path.join("IceSSL", "certificateVerification")
-testdir = os.path.join(toplevel, "test", name)
-
-print "testing default certificate verifier."
-TestUtil.clientServerTest(name)
-
-print "testing single-certificate certificate verifier."
-TestUtil.clientOptions += " --TestSSL.Client.CertificateVerifier=singleCert"
-TestUtil.serverOptions += " --TestSSL.Server.CertificateVerifier=singleCert"
-TestUtil.clientServerTest(name)
-
-TestUtil.clientOptions = oldClientOptions
-TestUtil.serverOptions = oldServerOptions
-TestUtil.clientServerOptions = oldClientServerOptions
-
-sys.exit(0)
diff --git a/cpp/test/IceSSL/certificateVerifier/.depend b/cpp/test/IceSSL/certificateVerifier/.depend
deleted file mode 100644
index 869a2420c5c..00000000000
--- a/cpp/test/IceSSL/certificateVerifier/.depend
+++ /dev/null
@@ -1 +0,0 @@
-CertificateVerifier.o: CertificateVerifier.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/StreamF.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/LoggerF.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Process.h ../../../include/Ice/Outgoing.h ../../../include/Ice/Direct.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h ../../include/TestCommon.h ../../../include/IceSSL/CertificateVerifier.h ../../../include/IceSSL/Plugin.h ../../../include/Ice/Plugin.h ../../../include/IceSSL/CertificateVerifierF.h ../../../include/IceSSL/CertificateVerifierOpenSSL.h ../../../include/IceSSL/Config.h ../../../include/IceSSL/Exception.h
diff --git a/cpp/test/IceSSL/certificateVerifier/CertificateVerifier.cpp b/cpp/test/IceSSL/certificateVerifier/CertificateVerifier.cpp
deleted file mode 100644
index 7d5f79283a7..00000000000
--- a/cpp/test/IceSSL/certificateVerifier/CertificateVerifier.cpp
+++ /dev/null
@@ -1,186 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Ice.h>
-#include <TestCommon.h>
-#include <IceSSL/CertificateVerifier.h>
-#include <IceSSL/CertificateVerifierOpenSSL.h>
-#include <IceSSL/Exception.h>
-#include <IceSSL/Plugin.h>
-
-using namespace std;
-using namespace Ice;
-
-//
-// Certificate Verifier definitions
-//
-
-class BadCertificateVerifier : virtual public ::IceSSL::CertificateVerifier
-{
-public:
-    virtual void setContext(IceSSL::ContextType type) { };
-};
-
-class GoodCertificateVerifier : virtual public ::IceSSL::CertificateVerifierOpenSSL
-{
-public:
-    virtual int verify(int, X509_STORE_CTX*, SSL*);
-    virtual void setContext(IceSSL::ContextType type) { };
-};
-
-int
-GoodCertificateVerifier::verify(int preVerifyOk, X509_STORE_CTX* certificateStore, SSL* sslConnection)
-{
-    return preVerifyOk;
-}
-
-//
-// certificateVerifierClient definition
-//
-
-void
-testExpectCertificateVerifierTypeException(const IceSSL::PluginPtr& plugin,
-                                           IceSSL::ContextType context,
-                                           const IceSSL::CertificateVerifierPtr& verifier)
-{
-    try
-    {
-        plugin->setCertificateVerifier(context, verifier);
-        test(false);
-    }
-    catch(const IceSSL::CertificateVerifierTypeException&)
-    {
-        std::cout << "ok" << std::endl;
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-}
-
-void
-testExpectNoException(const IceSSL::PluginPtr& plugin,
-                      IceSSL::ContextType context,
-                      const IceSSL::CertificateVerifierPtr& verifier)
-{
-    try
-    {
-        plugin->setCertificateVerifier(context, verifier);
-        std::cout << "ok" << std::endl;
-    }
-    catch(const Ice::LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-}
-
-int
-run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
-{
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-
-    IceSSL::CertificateVerifierPtr badVerifier  = new BadCertificateVerifier();
-    IceSSL::CertificateVerifierPtr goodVerifier = new GoodCertificateVerifier();
-
-    //
-    // Testing IceSSL::Client context type.
-    //
-
-    std::cout << "setting Certificate Verifiers on Client context." << std::endl;
-
-    std::cout << "setting verifier of wrong type... " << std::flush;
-    testExpectCertificateVerifierTypeException(sslPlugin, IceSSL::Client, badVerifier);
-
-    std::cout << "setting verifier of correct type... " << std::flush;
-    testExpectNoException(sslPlugin, IceSSL::Client, goodVerifier);
-
-    //
-    // Testing IceSSL::Server context type.
-    //
-
-    std::cout << "setting Certificate Verifiers on Server context." << std::endl;
-
-    std::cout << "setting verifier of wrong type... " << std::flush;
-    testExpectCertificateVerifierTypeException(sslPlugin, IceSSL::Server, badVerifier);
-
-    std::cout << "setting verifier of correct type... " << std::flush;
-    testExpectNoException(sslPlugin, IceSSL::Server, goodVerifier);
-
-    //
-    // Testing IceSSL::ClientServer context type.
-    //
-
-    std::cout << "setting Certificate Verifiers on Client and Server contexts." << std::endl;
-
-    std::cout << "setting verifier of wrong type... " << std::flush;
-    testExpectCertificateVerifierTypeException(sslPlugin, IceSSL::ClientServer, badVerifier);
-
-    std::cout << "setting verifier of correct type... " << std::flush;
-    testExpectNoException(sslPlugin, IceSSL::ClientServer, goodVerifier);
-
-    return EXIT_SUCCESS;
-}
-
-int
-main(int argc, char* argv[])
-{
-    int status;
-    Ice::CommunicatorPtr communicator;
-
-    try
-    {
-	communicator = Ice::initialize(argc, argv);
-	status = run(argc, argv, communicator);
-    }
-    catch(const Ice::Exception& ex)
-    {
-	cerr << ex << endl;
-	status = EXIT_FAILURE;
-    }
-
-    if(communicator)
-    {
-	try
-	{
-	    communicator->destroy();
-	}
-	catch(const Ice::Exception& ex)
-	{
-	    cerr << ex << endl;
-	    status = EXIT_FAILURE;
-	}
-    }
-
-    return status;
-}
diff --git a/cpp/test/IceSSL/certificateVerifier/Makefile b/cpp/test/IceSSL/certificateVerifier/Makefile
deleted file mode 100644
index f82c96f8285..00000000000
--- a/cpp/test/IceSSL/certificateVerifier/Makefile
+++ /dev/null
@@ -1,28 +0,0 @@
-# **********************************************************************
-#
-# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-#
-# This copy of Ice is licensed to you under the terms described in the
-# ICE_LICENSE file included in this distribution.
-#
-# **********************************************************************
-
-top_srcdir	= ../../..
-
-CLIENT		= certificateVerifier
-
-TARGETS		= $(CLIENT)
-
-OBJS		= CertificateVerifier.o
-
-SRCS		= $(OBJS:.o=.cpp)
-
-include $(top_srcdir)/config/Make.rules
-
-CPPFLAGS	:= -I. -I../../include $(OPENSSL_FLAGS) $(CPPFLAGS)
-
-$(CLIENT): $(OBJS)
-	rm -f $@
-	$(CXX) $(LDFLAGS) -o $@ $(OBJS) $(OPENSSL_RPATH_LINK) -lIceSSL $(EXPAT_RPATH_LINK) -lIceXML $(LIBS) $(OPENSSL_LIBS)
-
-include .depend
diff --git a/cpp/test/IceSSL/certificateVerifier/certificateverifier.dsp b/cpp/test/IceSSL/certificateVerifier/certificateverifier.dsp
deleted file mode 100644
index 866689c8f18..00000000000
--- a/cpp/test/IceSSL/certificateVerifier/certificateverifier.dsp
+++ /dev/null
@@ -1,106 +0,0 @@
-# Microsoft Developer Studio Project File - Name="certificateverifier" - Package Owner=<4>

-# Microsoft Developer Studio Generated Build File, Format Version 6.00

-# ** DO NOT EDIT **

-

-# TARGTYPE "Win32 (x86) Console Application" 0x0103

-

-CFG=certificateverifier - Win32 Debug

-!MESSAGE This is not a valid makefile. To build this project using NMAKE,

-!MESSAGE use the Export Makefile command and run

-!MESSAGE 

-!MESSAGE NMAKE /f "certificateverifier.mak".

-!MESSAGE 

-!MESSAGE You can specify a configuration when running NMAKE

-!MESSAGE by defining the macro CFG on the command line. For example:

-!MESSAGE 

-!MESSAGE NMAKE /f "certificateverifier.mak" CFG="certificateverifier - Win32 Debug"

-!MESSAGE 

-!MESSAGE Possible choices for configuration are:

-!MESSAGE 

-!MESSAGE "certificateverifier - Win32 Release" (based on "Win32 (x86) Console Application")

-!MESSAGE "certificateverifier - Win32 Debug" (based on "Win32 (x86) Console Application")

-!MESSAGE 

-

-# Begin Project

-# PROP AllowPerConfigDependencies 0

-# PROP Scc_ProjName ""

-# PROP Scc_LocalPath ""

-CPP=cl.exe

-RSC=rc.exe

-

-!IF  "$(CFG)" == "certificateverifier - Win32 Release"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 0

-# PROP BASE Output_Dir "Release"

-# PROP BASE Intermediate_Dir "Release"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 0

-# PROP Output_Dir "Release"

-# PROP Intermediate_Dir "Release"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /c

-# ADD CPP /nologo /MD /W3 /WX /GR /GX /O2 /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "NDEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /c

-# SUBTRACT CPP /Z<none> /YX

-# ADD BASE RSC /l 0x409 /d "NDEBUG"

-# ADD RSC /l 0x409 /d "NDEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386

-# ADD LINK32 /nologo /subsystem:console /pdb:none /machine:I386 /out:"certificateverifier.exe" /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /debug

-

-!ELSEIF  "$(CFG)" == "certificateverifier - Win32 Debug"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 1

-# PROP BASE Output_Dir "Debug"

-# PROP BASE Intermediate_Dir "Debug"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 1

-# PROP Output_Dir "Debug"

-# PROP Intermediate_Dir "Debug"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c

-# ADD CPP /nologo /MDd /W3 /WX /Gm /GR /GX /Zi /Od /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "_DEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /GZ /c

-# SUBTRACT CPP /YX

-# ADD BASE RSC /l 0x409 /d "_DEBUG"

-# ADD RSC /l 0x409 /d "_DEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept

-# ADD LINK32 /nologo /subsystem:console /debug /machine:I386 /out:"certificateverifier.exe" /pdbtype:sept /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /pdb:none

-

-!ENDIF 

-

-# Begin Target

-

-# Name "certificateverifier - Win32 Release"

-# Name "certificateverifier - Win32 Debug"

-# Begin Group "Source Files"

-

-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"

-# Begin Source File

-

-SOURCE=.\certificateverifier.cpp

-# End Source File

-# End Group

-# Begin Group "Header Files"

-

-# PROP Default_Filter "h;hpp;hxx;hm;inl"

-# End Group

-# Begin Group "Resource Files"

-

-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"

-# End Group

-# End Target

-# End Project

diff --git a/cpp/test/IceSSL/certificateVerifier/run.py b/cpp/test/IceSSL/certificateVerifier/run.py
deleted file mode 100755
index cb4931254ab..00000000000
--- a/cpp/test/IceSSL/certificateVerifier/run.py
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/usr/bin/env python
-# **********************************************************************
-#
-# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-#
-# This copy of Ice is licensed to you under the terms described in the
-# ICE_LICENSE file included in this distribution.
-#
-# **********************************************************************
-
-import os, sys
-
-for toplevel in [".", "..", "../..", "../../..", "../../../.."]:
-    toplevel = os.path.normpath(toplevel)
-    if os.path.exists(os.path.join(toplevel, "config", "TestUtil.py")):
-        break
-else:
-    raise "can't find toplevel directory!"
-
-sys.path.append(os.path.join(toplevel, "config"))
-import TestUtil
-
-if TestUtil.protocol != "ssl":
-    print "This test may only be run with SSL enabled."
-    sys.exit(0)
-
-name = os.path.join("IceSSL", "certificateVerifier")
-testdir = os.path.join(toplevel, "test", name)
-
-client = os.path.join(testdir, "certificateVerifier")
-
-localClientOptions = TestUtil.clientServerProtocol + TestUtil.defaultHost
-print "starting certificateVerifier...",
-clientPipe = os.popen(client + localClientOptions + " 2>&1")
-print "ok"
-
-TestUtil.printOutputFromPipe(clientPipe)
-    
-clientStatus = TestUtil.closePipe(clientPipe)
-
-if clientStatus:
-    sys.exit(1)
-
-sys.exit(0)
diff --git a/cpp/test/IceSSL/certs/badCert.b64 b/cpp/test/IceSSL/certs/badCert.b64
deleted file mode 100644
index ea16bd5dae9..00000000000
--- a/cpp/test/IceSSL/certs/badCert.b64
+++ /dev/null
@@ -1,18 +0,0 @@
-MIIDVDCCAr2gAwIBAgIBAjANBgkqhkiG9w0BAQQFADB0MQswCQYDVQQGEwJVUzEQ
-TXV0YWJsZSBSZWFsbXMxEDAOBgNVBAsTB0ljZSBBZ2UxEzARBgNVBAMTCk11dGFi
-BhMCVVMxEDAOBgNVBAgTB0FsYWJhbWExFzAVBgNVBAoTDk11dGFibGUgUmVhbG1z
-LW4VtfBzqbbF6iZ2jXsZ9b+eJthklqDI9OuodbddQneZQyE5bc8iAmtk9kZHTfdC
-MRAwDgYDVQQLEwdJY2UgQWdlMSUwIwYDVQQDExxNUiBSU0EgMTAyNCBDbGllbnQg
-MA4GA1UECBMHQWxhYmFtYTETMBEGA1UEBxMKSHVudHN2aWxsZTEXMBUGA1UEChMO
-VGVzdCBDZXJ0MSQwIgYJKoZIhvcNAQkBFhVtcmNsaXJzYTEwMjRAc29tZS5uZXQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCYySBuEQ85R4YzLGepTD3rnRmn
-EmbF4xhVnFOXZ7rbvYbjuCAMPViq7dqReikQOmGcXiI4Yuqvqzns9JRRTuMF0tSR
-a3CXKMl1eBjj2oXZCAHQlSm82nmQN7l2uuHh9dIMsefZuFVy8yj4uimLWIuy8w6n
-EzARBgNVBAMTCk11dGFibGUgQ0GCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
-rLOZDoiaWYP80glRAgMBAAGjgdEwgc4wHQYDVR0OBBYEFApzehDgwcwlZCFJU/w+
-jSNysDhRMIGeBgNVHSMEgZYwgZOAFBSVOXsF8JuI7LcNZkyP8Alwz2PZoXikdjB0
-MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQWxhYmFtYTETMBEGA1UEBxMKSHVudHN2
-aWxsZTEXMBUGA1UEChMOTXV0YWJsZSBSZWFsbXMxEDAOBgNVBAsTB0ljZSBBZ2Ux
-bGUgQ0EwHhcNMDIwMjIyMTYxMzE4WhcNMDMwMjIyMTYxMzE4WjCBlzELMAkGA1UE
-AQQFAAOBgQBZp3rgKryLbGGy4JPSXn6Cdh8qcce3D/9TYx8OtNCRM4iOBQDuGttI
-3IOojKTmv1jt8r2a+WeMbCg9KiENZF5ZI7U/uKADYtW0AY6V/y5dVg==
diff --git a/cpp/test/IceSSL/certs/badCert.pem b/cpp/test/IceSSL/certs/badCert.pem
deleted file mode 100644
index 202a3699cbb..00000000000
--- a/cpp/test/IceSSL/certs/badCert.pem
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDVDCCAr2gAwIBAgIBAjANBgkqhkiG9w0BAQQFADB0MQswCQYDVQQGEwJVUzEQ
-TXV0YWJsZSBSZWFsbXMxEDAOBgNVBAsTB0ljZSBBZ2UxEzARBgNVBAMTCk11dGFi
-BhMCVVMxEDAOBgNVBAgTB0FsYWJhbWExFzAVBgNVBAoTDk11dGFibGUgUmVhbG1z
-LW4VtfBzqbbF6iZ2jXsZ9b+eJthklqDI9OuodbddQneZQyE5bc8iAmtk9kZHTfdC
-MRAwDgYDVQQLEwdJY2UgQWdlMSUwIwYDVQQDExxNUiBSU0EgMTAyNCBDbGllbnQg
-MA4GA1UECBMHQWxhYmFtYTETMBEGA1UEBxMKSHVudHN2aWxsZTEXMBUGA1UEChMO
-VGVzdCBDZXJ0MSQwIgYJKoZIhvcNAQkBFhVtcmNsaXJzYTEwMjRAc29tZS5uZXQw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALCYySBuEQ85R4YzLGepTD3rnRmn
-EmbF4xhVnFOXZ7rbvYbjuCAMPViq7dqReikQOmGcXiI4Yuqvqzns9JRRTuMF0tSR
-a3CXKMl1eBjj2oXZCAHQlSm82nmQN7l2uuHh9dIMsefZuFVy8yj4uimLWIuy8w6n
-EzARBgNVBAMTCk11dGFibGUgQ0GCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
-rLOZDoiaWYP80glRAgMBAAGjgdEwgc4wHQYDVR0OBBYEFApzehDgwcwlZCFJU/w+
-jSNysDhRMIGeBgNVHSMEgZYwgZOAFBSVOXsF8JuI7LcNZkyP8Alwz2PZoXikdjB0
-MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQWxhYmFtYTETMBEGA1UEBxMKSHVudHN2
-aWxsZTEXMBUGA1UEChMOTXV0YWJsZSBSZWFsbXMxEDAOBgNVBAsTB0ljZSBBZ2Ux
-bGUgQ0EwHhcNMDIwMjIyMTYxMzE4WhcNMDMwMjIyMTYxMzE4WjCBlzELMAkGA1UE
-AQQFAAOBgQBZp3rgKryLbGGy4JPSXn6Cdh8qcce3D/9TYx8OtNCRM4iOBQDuGttI
-3IOojKTmv1jt8r2a+WeMbCg9KiENZF5ZI7U/uKADYtW0AY6V/y5dVg==
------END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/badKey.b64 b/cpp/test/IceSSL/certs/badKey.b64
deleted file mode 100644
index e46d75ad4f6..00000000000
--- a/cpp/test/IceSSL/certs/badKey.b64
+++ /dev/null
@@ -1,13 +0,0 @@
-MIICXQIBAAKBgQCwmMkgbhEPOUeGMyxnqUw9650ZpxJmxeMYVZxTl2e6272G47gg
-DD1Yqu3akXopEDphnF4iOGLqr6s57PSUUU7jBdLUkWtwlyjJdXgY49qF2QgB0JUp
-AoGAVxslqc9grsesFe/L6V3Cc5ByLyMPmo3lVC12LG00ByE4PP655WTkJYY6SGMV
-DMXr/eq+IAENcAIHK6bZ/ULOjkzkriw8HwJBAMSCU1xC0iqyuiuJ3GP2k2KNUbWI
-avQ3juM5LlwmOZrK1w/qzixHW9lEHWwn8528hNhbCXcXECvdskKopnDLBml2HzsT
-hIeypE8Cx5JUiDoaFTph8X6hj9t4sTAmfJW5IxjL8M5MW/nGW4s2mxv0b1qWQkmk
-Vu3rkemvi/ZfA4ic1RpzAHJAZNltqI36TZlaKfWk+boMZNkCQQDc7Nxy39+Y34hm
-vNp5kDe5drrh4fXSDLHn2bhVcvMo+Lopi1iLsvMOp6yzmQ6ImlmD/NIJUQIDAQAB
-J743VQyPAkEAzKJFBmztuhZPgIcwi/vy5qLZfpByk5Z5Gme6j8Uh6pAnEb6EFodB
-n2E2ncyKPMb4HLjUptkorF3kZjxi5MPINzoYUY4SSbhm1CpCtGoCp+mj1vUCQGfQ
-zE949l5l5iSLHfi+uEECQQDLH8uGp1h1N795gwO9S+Wu71Yuun1oBY9CajV4agcZ
-9ImsfG+DxoHYAxz7v70fPdRseYnoNDSDW3/4xCBcOiYhWEY0U9dzRuweQFRkeSpU
-z7wiNmRS5xto7VdHaJNETiZCYkjWPup34SqFxv/NjqIe
diff --git a/cpp/test/IceSSL/certs/badKey.pem b/cpp/test/IceSSL/certs/badKey.pem
deleted file mode 100644
index 6fa9750bf10..00000000000
--- a/cpp/test/IceSSL/certs/badKey.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCwmMkgbhEPOUeGMyxnqUw9650ZpxJmxeMYVZxTl2e6272G47gg
-DD1Yqu3akXopEDphnF4iOGLqr6s57PSUUU7jBdLUkWtwlyjJdXgY49qF2QgB0JUp
-AoGAVxslqc9grsesFe/L6V3Cc5ByLyMPmo3lVC12LG00ByE4PP655WTkJYY6SGMV
-DMXr/eq+IAENcAIHK6bZ/ULOjkzkriw8HwJBAMSCU1xC0iqyuiuJ3GP2k2KNUbWI
-avQ3juM5LlwmOZrK1w/qzixHW9lEHWwn8528hNhbCXcXECvdskKopnDLBml2HzsT
-hIeypE8Cx5JUiDoaFTph8X6hj9t4sTAmfJW5IxjL8M5MW/nGW4s2mxv0b1qWQkmk
-Vu3rkemvi/ZfA4ic1RpzAHJAZNltqI36TZlaKfWk+boMZNkCQQDc7Nxy39+Y34hm
-vNp5kDe5drrh4fXSDLHn2bhVcvMo+Lopi1iLsvMOp6yzmQ6ImlmD/NIJUQIDAQAB
-J743VQyPAkEAzKJFBmztuhZPgIcwi/vy5qLZfpByk5Z5Gme6j8Uh6pAnEb6EFodB
-n2E2ncyKPMb4HLjUptkorF3kZjxi5MPINzoYUY4SSbhm1CpCtGoCp+mj1vUCQGfQ
-zE949l5l5iSLHfi+uEECQQDLH8uGp1h1N795gwO9S+Wu71Yuun1oBY9CajV4agcZ
-9ImsfG+DxoHYAxz7v70fPdRseYnoNDSDW3/4xCBcOiYhWEY0U9dzRuweQFRkeSpU
-z7wiNmRS5xto7VdHaJNETiZCYkjWPup34SqFxv/NjqIe
------END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/c_dsa_nopass_ca1_priv.pem b/cpp/test/IceSSL/certs/c_dsa_nopass_ca1_priv.pem
new file mode 100644
index 00000000000..3d8775eb8fd
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_dsa_nopass_ca1_priv.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvQIBAAKBgQDRqIk+hRip/xkMDFhb3SPSC9lUHFg2cGry7UpR/LQBobbaBx9+
+JTDL6iswzihT2Og/Ti8TAxCqhpjRGQRUrVThv+yb7DplfrKGiAby6xCD5BsJy6Ra
+0HchqVeISqXkaJyAGF+PW81Oh2BRejQgFuYe9Np1b8uynHYN1JF2xeHv5wIVAKM3
+w9+fI7s7jtna4yLhgE66z8SpAoGBAJK1QvQwz3nCIawxq2b52an7vUbm78oGi9K0
+fBgzugc7QREqNtFK8I1z7zoz42XR9rS9tqeE/Ncdjx+9d/X1R0miBiJauy2muodx
+HkPh40l1lSkUmUNDGE8Pm71VTG6+UShzs0ZSZ+zZ4JzmI/WxCglGJvfnP6DD3HYm
+4thBdXdWAoGBAIzqho6RIZT3d5cnhW+2xEWdnsW9ltQ5uix2L4OIJzszBMuMjXpE
+NHqLPgQTe1kZPLv8NhFVVmriare2WRk5/7equv27vWy0kpPz2QCmqe4Ypn+XjXJ6
+AyNQ+PotBKLJvP/CIOs6p0coUL/f3dBjkyABO3mtpzaLxM9h0PnrPnBxAhUAmQDK
+2etU/NbJhe6E15OYWLc4tNE=
+-----END DSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/c_dsa_nopass_ca1_pub.pem b/cpp/test/IceSSL/certs/c_dsa_nopass_ca1_pub.pem
new file mode 100644
index 00000000000..b891d4648d3
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_dsa_nopass_ca1_pub.pem
@@ -0,0 +1,104 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:10:00 2006 GMT
+            Not After : Mar 25 18:10:00 2016 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Client
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    00:8c:ea:86:8e:91:21:94:f7:77:97:27:85:6f:b6:
+                    c4:45:9d:9e:c5:bd:96:d4:39:ba:2c:76:2f:83:88:
+                    27:3b:33:04:cb:8c:8d:7a:44:34:7a:8b:3e:04:13:
+                    7b:59:19:3c:bb:fc:36:11:55:56:6a:e2:6a:b7:b6:
+                    59:19:39:ff:b7:aa:ba:fd:bb:bd:6c:b4:92:93:f3:
+                    d9:00:a6:a9:ee:18:a6:7f:97:8d:72:7a:03:23:50:
+                    f8:fa:2d:04:a2:c9:bc:ff:c2:20:eb:3a:a7:47:28:
+                    50:bf:df:dd:d0:63:93:20:01:3b:79:ad:a7:36:8b:
+                    c4:cf:61:d0:f9:eb:3e:70:71
+                P:   
+                    00:d1:a8:89:3e:85:18:a9:ff:19:0c:0c:58:5b:dd:
+                    23:d2:0b:d9:54:1c:58:36:70:6a:f2:ed:4a:51:fc:
+                    b4:01:a1:b6:da:07:1f:7e:25:30:cb:ea:2b:30:ce:
+                    28:53:d8:e8:3f:4e:2f:13:03:10:aa:86:98:d1:19:
+                    04:54:ad:54:e1:bf:ec:9b:ec:3a:65:7e:b2:86:88:
+                    06:f2:eb:10:83:e4:1b:09:cb:a4:5a:d0:77:21:a9:
+                    57:88:4a:a5:e4:68:9c:80:18:5f:8f:5b:cd:4e:87:
+                    60:51:7a:34:20:16:e6:1e:f4:da:75:6f:cb:b2:9c:
+                    76:0d:d4:91:76:c5:e1:ef:e7
+                Q:   
+                    00:a3:37:c3:df:9f:23:bb:3b:8e:d9:da:e3:22:e1:
+                    80:4e:ba:cf:c4:a9
+                G:   
+                    00:92:b5:42:f4:30:cf:79:c2:21:ac:31:ab:66:f9:
+                    d9:a9:fb:bd:46:e6:ef:ca:06:8b:d2:b4:7c:18:33:
+                    ba:07:3b:41:11:2a:36:d1:4a:f0:8d:73:ef:3a:33:
+                    e3:65:d1:f6:b4:bd:b6:a7:84:fc:d7:1d:8f:1f:bd:
+                    77:f5:f5:47:49:a2:06:22:5a:bb:2d:a6:ba:87:71:
+                    1e:43:e1:e3:49:75:95:29:14:99:43:43:18:4f:0f:
+                    9b:bd:55:4c:6e:be:51:28:73:b3:46:52:67:ec:d9:
+                    e0:9c:e6:23:f5:b1:0a:09:46:26:f7:e7:3f:a0:c3:
+                    dc:76:26:e2:d8:41:75:77:56
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            04:ED:7A:D9:7B:B9:34:A0:F5:26:E6:25:98:AB:AB:26:23:CF:9D:7C
+            X509v3 Authority Key Identifier: 
+            keyid:A3:8D:7D:FF:A8:69:1E:7C:54:58:46:61:FE:B7:68:BC:2C:FC:CB:DE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:client, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        b2:e5:01:c4:b4:c1:1a:6b:c5:6a:dc:6b:1f:8e:76:62:c9:09:
+        a0:7c:86:fb:8f:86:86:a0:0b:6e:24:92:22:ad:2f:12:3f:c8:
+        31:c1:7a:25:44:44:3c:b8:4f:1e:f0:de:b8:a4:2e:71:02:7d:
+        10:65:80:d0:95:74:ca:26:65:c8:e5:86:bd:9d:1f:90:e5:b2:
+        64:06:ab:b0:e3:37:20:d6:3b:61:13:b2:f9:52:d4:44:58:21:
+        ca:10:f2:82:c9:d4:9a:95:ff:54:72:a3:15:95:54:5b:44:af:
+        27:57:2d:77:8e:dd:dd:fc:85:59:e2:85:86:6d:7f:0f:de:a1:
+        c5:d1:e8:de:b6:56:85:f9:10:19:cf:c3:aa:36:d5:b2:df:65:
+        1c:9f:41:ee:77:99:8f:28:5c:9b:81:72:90:3f:80:e1:81:ec:
+        f3:b7:17:07:d5:63:3f:e5:b4:61:36:fc:5c:6c:79:e3:a2:db:
+        2b:9a:98:8b:27:54:8a:1f:97:4d:97:1b:fd:0c:31:94:8d:9a:
+        b9:a7:7d:2c:5d:ea:ee:2f:ec:08:07:4f:1e:8a:37:d6:2e:54:
+        fe:42:ed:f8:ed:e2:80:d5:19:98:9c:44:1e:29:6c:c9:ec:27:
+        6e:18:f9:66:2d:5a:71:72:94:97:7e:30:48:b9:b2:76:30:45:
+        87:e7:5a:c9
+-----BEGIN CERTIFICATE-----
+MIIFLDCCBBSgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgxMDAwWhcNMTYwMzI1MTgxMDAwWjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBkNsaWVudDCC
+AbgwggEsBgcqhkjOOAQBMIIBHwKBgQDRqIk+hRip/xkMDFhb3SPSC9lUHFg2cGry
+7UpR/LQBobbaBx9+JTDL6iswzihT2Og/Ti8TAxCqhpjRGQRUrVThv+yb7DplfrKG
+iAby6xCD5BsJy6Ra0HchqVeISqXkaJyAGF+PW81Oh2BRejQgFuYe9Np1b8uynHYN
+1JF2xeHv5wIVAKM3w9+fI7s7jtna4yLhgE66z8SpAoGBAJK1QvQwz3nCIawxq2b5
+2an7vUbm78oGi9K0fBgzugc7QREqNtFK8I1z7zoz42XR9rS9tqeE/Ncdjx+9d/X1
+R0miBiJauy2muodxHkPh40l1lSkUmUNDGE8Pm71VTG6+UShzs0ZSZ+zZ4JzmI/Wx
+CglGJvfnP6DD3HYm4thBdXdWA4GFAAKBgQCM6oaOkSGU93eXJ4VvtsRFnZ7FvZbU
+Obosdi+DiCc7MwTLjI16RDR6iz4EE3tZGTy7/DYRVVZq4mq3tlkZOf+3qrr9u71s
+tJKT89kApqnuGKZ/l41yegMjUPj6LQSiybz/wiDrOqdHKFC/393QY5MgATt5rac2
+i8TPYdD56z5wcaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFATtetl7uTSg
+9SbmJZirqyYjz518MIHEBgNVHSMEgbwwgbmAFKONff+oaR58VFhGYf63aLws/Mve
+oYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEbMBkGA1UE
+BxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5jLjEMMAoG
+A1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZIhvcNAQkB
+Fg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZjbGllbnSHBH8AAAEwDQYJ
+KoZIhvcNAQEEBQADggEBALLlAcS0wRprxWrcax+OdmLJCaB8hvuPhoagC24kkiKt
+LxI/yDHBeiVERDy4Tx7w3rikLnECfRBlgNCVdMomZcjlhr2dH5DlsmQGq7DjNyDW
+O2ETsvlS1ERYIcoQ8oLJ1JqV/1RyoxWVVFtErydXLXeO3d38hVnihYZtfw/eocXR
+6N62VoX5EBnPw6o21bLfZRyfQe53mY8oXJuBcpA/gOGB7PO3FwfVYz/ltGE2/Fxs
+eeOi2yuamIsnVIofl02XG/0MMZSNmrmnfSxd6u4v7AgHTx6KN9YuVP5C7fjt4oDV
+GZicRB4pbMnsJ24Y+WYtWnFylJd+MEi5snYwRYfnWsk=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_exp_priv.pem b/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_exp_priv.pem
new file mode 100644
index 00000000000..75401c94094
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_exp_priv.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCjwrEKiOasqYcN+JT7wcAWsRpvBOAUDsKq7h3vycC87IpBiCot
+K/0VrIMvPPWG4btxRQcuFl7YTQtw3VzElikC10/2f4KZAcuH174P5bjifHpwGdl8
+eLKbI6MKzIiA2pQtX/cvJduLFXA6UVW5zea71vBGqyhhzSeba7cLPtH9oQIDAQAB
+AoGAEcTDPvhhxyRR4iMxzytTs2KeEqO9yI9dcfyKRQVoI1erHLcwlFwshtiEF3EO
+1wbRNtYdlFObEO8zKZjrQu1kH51IishLZHHa2p0uaYXTEGb5kbDscFFIWH2P/KcZ
+neUajlvLnbnMje/s3wO10USigkWx6g/aQc6ouKV82wcOCt0CQQDZMh/uyKvlv5G7
+rb2M7PHhTBjIr++0T1pVQxDYlASRQTc2wYKpHSXVC9FGrH6z181Je2xRbGjr3eVx
+rC537wlPAkEAwQSZcTgwh5sL9fAvDstbDvW5Zp0szLdJYKn8XKKMY4QoXn3M1jsl
+nwtrSeuLcFLeReFwezQL2vgDuvzEhAfuDwJBALgCKmGfq1qbATmSyWsydv4b/UdR
+HvCQ5gQkLIqAZJo3OTLvoOXrptinCWcpzrJI20gtA6i8AuwJc1DpwfikECsCQGME
+TQL75ElsjJI6CKn6QFhITjgJ4XWTgR0JluCeso5KubrfpjkwVnhkj0F4iCuzFzua
+Du3lIT/Pg3plORrSRpkCQBeUaSxZ+pDPX/GjQ3wa+ORHiSB65IGa/icmyvoZtX0K
+J8X8DtRWlbc3UdhfBhvzoZJ9RbOaopbQtdrXsyqRNgE=
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_exp_pub.pem b/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_exp_pub.pem
new file mode 100644
index 00000000000..d70dafb3395
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_exp_pub.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:09:57 2006 GMT
+            Not After : Dec 31 00:00:00 2005 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a3:c2:b1:0a:88:e6:ac:a9:87:0d:f8:94:fb:c1:
+                    c0:16:b1:1a:6f:04:e0:14:0e:c2:aa:ee:1d:ef:c9:
+                    c0:bc:ec:8a:41:88:2a:2d:2b:fd:15:ac:83:2f:3c:
+                    f5:86:e1:bb:71:45:07:2e:16:5e:d8:4d:0b:70:dd:
+                    5c:c4:96:29:02:d7:4f:f6:7f:82:99:01:cb:87:d7:
+                    be:0f:e5:b8:e2:7c:7a:70:19:d9:7c:78:b2:9b:23:
+                    a3:0a:cc:88:80:da:94:2d:5f:f7:2f:25:db:8b:15:
+                    70:3a:51:55:b9:cd:e6:bb:d6:f0:46:ab:28:61:cd:
+                    27:9b:6b:b7:0b:3e:d1:fd:a1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            2C:1A:E5:40:AA:C6:AB:5B:E6:0C:8F:A4:21:02:DE:35:5F:C4:02:B3
+            X509v3 Authority Key Identifier: 
+            keyid:A3:8D:7D:FF:A8:69:1E:7C:54:58:46:61:FE:B7:68:BC:2C:FC:CB:DE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:client, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        ea:a6:22:d8:a8:09:b9:e9:d3:80:de:c9:07:88:09:ef:b8:14:
+        d7:28:a9:dc:48:b2:95:bc:4a:e6:9a:98:81:6d:f6:b9:84:2d:
+        8e:bf:bf:97:b7:b7:74:30:91:6f:a2:3a:c1:f4:30:b4:b9:df:
+        71:3d:e5:92:9d:70:51:e9:c8:89:7c:a7:21:f9:6f:dc:f0:d8:
+        6e:0c:94:3c:3e:c5:0f:33:7a:29:0a:b1:d5:8e:91:00:cd:ad:
+        e0:28:87:3f:e1:bc:e6:e0:d8:27:93:96:10:2a:23:b4:5b:15:
+        33:b7:7b:27:a0:5f:aa:2e:80:e8:e4:95:88:c2:96:69:87:cd:
+        ff:4f:56:db:94:95:c8:e9:62:54:2b:0b:dd:78:a2:70:e8:a2:
+        b8:02:5b:a2:59:77:aa:9a:46:d4:35:d8:52:ac:a2:3c:65:6c:
+        11:05:19:97:8f:aa:47:c6:b9:5f:b2:22:5f:4a:c3:d9:89:5b:
+        50:0b:87:f7:c2:89:a6:5c:2d:84:83:c6:6e:f4:20:77:12:7d:
+        30:61:94:a9:07:8f:55:f5:21:fe:06:d5:bb:3d:67:ee:f8:87:
+        5b:f7:f1:78:e1:2e:4b:14:fe:6d:d9:3b:c6:d0:65:ed:00:a9:
+        5c:e0:c2:0f:5d:0d:71:d8:8d:db:bd:57:f5:f9:68:5b:31:2a:
+        e4:0f:b4:3a
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU3WhcNMDUxMjMxMDAwMDAwWjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBkNsaWVudDCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo8KxCojmrKmHDfiU+8HAFrEabwTg
+FA7Cqu4d78nAvOyKQYgqLSv9FayDLzz1huG7cUUHLhZe2E0LcN1cxJYpAtdP9n+C
+mQHLh9e+D+W44nx6cBnZfHiymyOjCsyIgNqULV/3LyXbixVwOlFVuc3mu9bwRqso
+Yc0nm2u3Cz7R/aECAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCwa
+5UCqxqtb5gyPpCEC3jVfxAKzMIHEBgNVHSMEgbwwgbmAFKONff+oaR58VFhGYf63
+aLws/MveoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZjbGllbnSHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBAOqmItioCbnp04DeyQeICe+4FNcoqdxIspW8
+SuaamIFt9rmELY6/v5e3t3QwkW+iOsH0MLS533E95ZKdcFHpyIl8pyH5b9zw2G4M
+lDw+xQ8zeikKsdWOkQDNreAohz/hvObg2CeTlhAqI7RbFTO3eyegX6ougOjklYjC
+lmmHzf9PVtuUlcjpYlQrC914onDoorgCW6JZd6qaRtQ12FKsojxlbBEFGZePqkfG
+uV+yIl9Kw9mJW1ALh/fCiaZcLYSDxm70IHcSfTBhlKkHj1X1If4G1bs9Z+74h1v3
+8XjhLksU/m3ZO8bQZe0AqVzgwg9dDXHYjdu9V/X5aFsxKuQPtDo=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_priv.pem b/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_priv.pem
new file mode 100644
index 00000000000..3d227523dcc
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_priv.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC9bDbYC8+X52OpvlMkmfxIvAM0k68zpCUDSYE73wMh5+w7IssW
+04PzTKfSUT43ZFuxp6HvQz+MHZ69LeDI2o6slxz7syrSP9KvqJO/TLpBRi58NZTB
+jyKOn199+5IAFsPMDQeP47QOxj8+5D9+g7/3rwDafJZUL/pENgPC0+ZsLwIDAQAB
+AoGACapL4ho4LXgRDcg4VdXFmbB+OWCPwALQIKrPfU6TylcbJqlP04pXYUK4DXM3
+yXvFcfsruBmmVG/ueZitr5H3VaCbtEXBoVqp58OcGwmVWliNCz6mT9+uJPV2Fcl7
+QX/Ssy9jocoDLhs+VpEebeEOvjWdTyoFP5nOHaRxEfkgWIECQQDqpwcdiILCEgRR
+pjnj9aDdZLMiczdeaMPBKc/zfDwVVL41CPec6xnIrudxf5VYoY6QDYP2cqkO2TTN
+0fg9Ct5jAkEAzqfNRsov7ZRjQwiScomIEnsaPxuHSCZzoB7FVmXEYeC813j+HzVZ
+jSWjbrFJ+ShECnh77yQoI8DzCfouP7auxQJAWCEfVQI+SfFGWfwaZfmMz1nQxbGM
+LBMg4l130rToRAKt5XFWvkK2Tl8SYdhPGRikWIoa8+aghAkkAeFIYHTCjQJBAKXe
+NXtOKW3tnkZdiP35uYfr2sMwW0Lj6gZo7EdOY3OUKL5h1MZD0d7iiOz9y7v6P7KP
+xhnJ0ZXw9qHZdmmZPWkCQBcY2GM4z2TRC26xsWuSlnqt5/hsZVpYQS2/J0t0g0BO
+SO7E4IBGCzyKfjPyCFBNGJVn7aFJQUL5z2jaSEQsKC0=
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_pub.pem b/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_pub.pem
new file mode 100644
index 00000000000..944981ddea1
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_rsa_nopass_ca1_pub.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:09:57 2006 GMT
+            Not After : Mar 25 18:09:57 2016 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bd:6c:36:d8:0b:cf:97:e7:63:a9:be:53:24:99:
+                    fc:48:bc:03:34:93:af:33:a4:25:03:49:81:3b:df:
+                    03:21:e7:ec:3b:22:cb:16:d3:83:f3:4c:a7:d2:51:
+                    3e:37:64:5b:b1:a7:a1:ef:43:3f:8c:1d:9e:bd:2d:
+                    e0:c8:da:8e:ac:97:1c:fb:b3:2a:d2:3f:d2:af:a8:
+                    93:bf:4c:ba:41:46:2e:7c:35:94:c1:8f:22:8e:9f:
+                    5f:7d:fb:92:00:16:c3:cc:0d:07:8f:e3:b4:0e:c6:
+                    3f:3e:e4:3f:7e:83:bf:f7:af:00:da:7c:96:54:2f:
+                    fa:44:36:03:c2:d3:e6:6c:2f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            91:F0:42:68:7C:E8:C9:D8:E4:27:F2:B2:11:CF:F5:BD:82:F8:3D:07
+            X509v3 Authority Key Identifier: 
+            keyid:A3:8D:7D:FF:A8:69:1E:7C:54:58:46:61:FE:B7:68:BC:2C:FC:CB:DE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:client, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        1a:d8:c4:90:34:42:e4:2e:e7:2b:6a:b1:50:54:cd:e2:7d:89:
+        14:c8:a4:71:b0:10:fd:67:0c:9b:66:f5:55:5e:0e:4f:c6:5f:
+        2e:a4:3d:ce:2e:3b:30:a7:a3:14:f1:83:a0:14:2d:2c:f3:1c:
+        bd:93:7d:1d:5b:f2:e7:6b:b9:17:c4:36:54:a7:b6:5f:94:9f:
+        79:7e:49:e8:92:b1:7f:cf:27:a7:7f:0e:76:86:9e:48:7e:61:
+        f5:af:c0:3b:72:c7:78:3a:16:cd:e9:b0:bd:33:4f:a1:3a:09:
+        ba:f2:f1:60:36:d2:ba:3b:36:7e:37:96:8b:d8:bf:db:b8:55:
+        cf:e7:2c:ac:2b:76:f9:2b:8b:30:8a:56:b1:aa:d8:04:f7:07:
+        c5:a5:82:2d:40:59:01:76:29:b8:e0:e8:37:8e:ae:94:30:f7:
+        60:20:9e:67:b6:ea:1a:20:c7:7d:c3:79:2d:dc:86:c9:e6:b9:
+        43:11:ac:c3:b7:4e:35:5d:91:fe:cb:77:35:3f:e0:d8:e2:2f:
+        a0:c8:58:2d:ac:1f:6b:53:c4:36:0a:6d:79:f4:cc:9a:33:fb:
+        b8:ff:be:55:c1:82:b0:63:ed:1c:fb:22:e7:b0:87:ee:57:04:
+        f8:be:fa:03:ee:24:61:f0:07:86:9e:b7:41:d3:2b:bd:c4:1b:
+        db:85:ec:81
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU3WhcNMTYwMzI1MTgwOTU3WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBkNsaWVudDCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvWw22AvPl+djqb5TJJn8SLwDNJOv
+M6QlA0mBO98DIefsOyLLFtOD80yn0lE+N2Rbsaeh70M/jB2evS3gyNqOrJcc+7Mq
+0j/Sr6iTv0y6QUYufDWUwY8ijp9fffuSABbDzA0Hj+O0DsY/PuQ/foO/968A2nyW
+VC/6RDYDwtPmbC8CAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJHw
+Qmh86MnY5CfyshHP9b2C+D0HMIHEBgNVHSMEgbwwgbmAFKONff+oaR58VFhGYf63
+aLws/MveoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZjbGllbnSHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBABrYxJA0QuQu5ytqsVBUzeJ9iRTIpHGwEP1n
+DJtm9VVeDk/GXy6kPc4uOzCnoxTxg6AULSzzHL2TfR1b8udruRfENlSntl+Un3l+
+SeiSsX/PJ6d/DnaGnkh+YfWvwDtyx3g6Fs3psL0zT6E6Cbry8WA20ro7Nn43lovY
+v9u4Vc/nLKwrdvkrizCKVrGq2AT3B8Wlgi1AWQF2Kbjg6DeOrpQw92Agnme26hog
+x33DeS3chsnmuUMRrMO3TjVdkf7LdzU/4NjiL6DIWC2sH2tTxDYKbXn0zJoz+7j/
+vlXBgrBj7Rz7Iuewh+5XBPi++gPuJGHwB4aet0HTK73EG9uF7IE=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/c_rsa_nopass_ca2_priv.pem b/cpp/test/IceSSL/certs/c_rsa_nopass_ca2_priv.pem
new file mode 100644
index 00000000000..111c6a4ead8
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_rsa_nopass_ca2_priv.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDTgYNhfAjGTUOMfH4NSAiy0Ksjg/qWypJjcPpl2DppO0acdooz
+x6r692zSo3dV9j5oXZrtR5A3OGFLU+0cp1e7TfEYE7ymdcQz78fplggdhCaKEJVz
+WBFZ4B6AEUe07BGgB6hpTFJ9y5nyuDF6KrmA18XoM2hHj7mwwL+lt+12mwIDAQAB
+AoGBAMEXURFTglM/wHZmRVHsvHw7QrJm0ASQJXsBbqhB8nmVsw4urlc9Zxw9fK0E
+rXLeHvV613DeT4wKPdDeau8o206r3BXxu7XfV7fvuhcbdCiggkQLnAYioxHujIo1
+2VN+ODuC+XTUT5robGG1etf7z9oG+8X2axiwtFg7yglB8fjRAkEA91xHKNd/xiQq
+brbAd3LCB0XUowYi6zKzRrysn7aQYHBj0KW6K+ZqvvXPXy8/FhevsK3NK0TbE86L
+7dfNoVcn0wJBANrkpjVKabdZmGuGCNanGutJSWmJm4FhivtNiHQA59un5xFH5/Ha
+4ju9dGZpXO9vAgZiW9PwENss7NT748K6QRkCQQCNEwrehzEvTzcIF6BjP4bbYP8p
+zvkhTLQkVrzZBeUHq3Gx8KLiILKmoEiZz7daIT4pNKZ70/RiMn1ps5dqOevTAkAw
+VUKaC8dSE/eC7oKvGxDnmTQbmKX8qJQur00NCFIp/2YXO8Bsd/9yX3//SQ6bU/Cn
+hjpujti5/K6CzOfazJOpAkAE0casxjCqSXErU74vf3qpQs2MiUTKdeIbIxI8mWqI
+cgUYB+CpbuhiY6V13tNmQVzkemXHGSb/sRPcuwK0JJnp
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/c_rsa_nopass_ca2_pub.pem b/cpp/test/IceSSL/certs/c_rsa_nopass_ca2_pub.pem
new file mode 100644
index 00000000000..36626656a2c
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_rsa_nopass_ca2_pub.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:09:58 2006 GMT
+            Not After : Mar 25 18:09:58 2016 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d3:81:83:61:7c:08:c6:4d:43:8c:7c:7e:0d:48:
+                    08:b2:d0:ab:23:83:fa:96:ca:92:63:70:fa:65:d8:
+                    3a:69:3b:46:9c:76:8a:33:c7:aa:fa:f7:6c:d2:a3:
+                    77:55:f6:3e:68:5d:9a:ed:47:90:37:38:61:4b:53:
+                    ed:1c:a7:57:bb:4d:f1:18:13:bc:a6:75:c4:33:ef:
+                    c7:e9:96:08:1d:84:26:8a:10:95:73:58:11:59:e0:
+                    1e:80:11:47:b4:ec:11:a0:07:a8:69:4c:52:7d:cb:
+                    99:f2:b8:31:7a:2a:b9:80:d7:c5:e8:33:68:47:8f:
+                    b9:b0:c0:bf:a5:b7:ed:76:9b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            D6:56:54:71:D9:44:C3:36:C4:8D:2F:AF:65:B0:B9:A6:DF:A4:45:5B
+            X509v3 Authority Key Identifier: 
+            keyid:BD:5A:BA:8A:D2:B9:96:DC:91:5C:64:9F:99:94:E2:48:44:2C:A9:DA
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:client, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        af:83:44:8b:af:5f:c2:32:34:bd:3a:ce:b3:09:c6:1d:83:2b:
+        5b:fa:ae:93:7d:24:ca:75:c6:f1:bc:fd:ff:67:b2:0f:f5:59:
+        db:c9:73:18:7e:39:0b:00:d9:71:d7:0c:00:ca:1e:89:53:83:
+        22:78:b1:1d:d0:62:2d:95:65:bd:63:65:cf:87:82:e7:81:00:
+        ae:c7:3b:67:9e:70:ac:c7:69:99:af:77:b6:0f:cb:78:76:0f:
+        2d:af:23:a6:80:5c:f0:47:7f:ed:55:8b:ed:12:69:ed:38:fb:
+        48:53:41:27:36:ae:e5:30:72:ed:51:15:f9:15:60:c1:0f:13:
+        9b:51:33:af:50:80:dd:3a:64:98:cf:65:5f:5f:76:2d:03:7b:
+        de:d0:28:93:c2:c0:ba:05:6c:13:95:cd:be:1a:0f:b6:6f:a6:
+        73:50:69:7c:4e:37:66:20:37:e0:0a:ee:e2:d8:43:b4:31:41:
+        c6:e4:08:51:47:07:5a:98:94:d2:1e:b7:5a:d4:c5:ea:7e:0f:
+        fa:bc:03:5f:9c:d9:5e:25:4c:45:a4:42:42:5f:72:06:7e:9a:
+        4b:83:ce:91:e8:af:9e:70:42:71:a7:56:d5:26:90:db:1d:08:
+        03:c4:18:0e:39:c9:f9:4a:70:a3:c3:f8:51:19:a3:db:96:92:
+        06:75:d2:95
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU4WhcNMTYwMzI1MTgwOTU4WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBkNsaWVudDCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA04GDYXwIxk1DjHx+DUgIstCrI4P6
+lsqSY3D6Zdg6aTtGnHaKM8eq+vds0qN3VfY+aF2a7UeQNzhhS1PtHKdXu03xGBO8
+pnXEM+/H6ZYIHYQmihCVc1gRWeAegBFHtOwRoAeoaUxSfcuZ8rgxeiq5gNfF6DNo
+R4+5sMC/pbftdpsCAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFNZW
+VHHZRMM2xI0vr2WwuabfpEVbMIHEBgNVHSMEgbwwgbmAFL1auorSuZbckVxkn5mU
+4khELKnaoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZjbGllbnSHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBAK+DRIuvX8IyNL06zrMJxh2DK1v6rpN9JMp1
+xvG8/f9nsg/1WdvJcxh+OQsA2XHXDADKHolTgyJ4sR3QYi2VZb1jZc+HgueBAK7H
+O2eecKzHaZmvd7YPy3h2Dy2vI6aAXPBHf+1Vi+0Sae04+0hTQSc2ruUwcu1RFfkV
+YMEPE5tRM69QgN06ZJjPZV9fdi0De97QKJPCwLoFbBOVzb4aD7ZvpnNQaXxON2Yg
+N+AK7uLYQ7QxQcbkCFFHB1qYlNIet1rUxep+D/q8A1+c2V4lTEWkQkJfcgZ+mkuD
+zpHor55wQnGnVtUmkNsdCAPEGA45yflKcKPD+FEZo9uWkgZ10pU=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/c_rsa_pass_ca1_priv.pem b/cpp/test/IceSSL/certs/c_rsa_pass_ca1_priv.pem
new file mode 100644
index 00000000000..d1f76ef4a07
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_rsa_pass_ca1_priv.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,83B3455E2D365B1F
+
+BWQJBcUwyg0MftFVbNiQWgws7MYFItmnaRU+tssIsk1aBEAOeBiVeEdo5vm/jani
+EJad9Vs+ogs29fWU/wWuCNTsX7MPAJyySoX03VDhqwrQN72xoOJ4dx6Zw7CH6SiE
+hq7jvEL7SctZxwXvRDRLjvWpLKkDqAwA6YP6R6+pFI2BgC+i6wMwuw8pFsn0r/Hz
+M/+KZveTuH6ctzNmxoYw1rdaKnAkeEgkPCYyX1xvzZ7P5HfhCN9o5okK9uQE8Izo
+pncSIr7fjKHh51+7T8b4axIqShTYAJC/NfymlceppzWcOuz2a+/wDIhRGE8UNZ/g
+59eHlO9V5NNs/vdSIdtCGk9fOW6hoiokLmAq0XsVIZz5JGgk62718tSAaNYXDKPq
+PHGTIWdeTA5r67H5bLh+9lrSoR7m4eFvfo/VQ6dAgbKmmabjaXf10YX/sQh9CLTu
+GMm24mHkUWVxbNtom8sOgXjD2xF0VyB4lItKUQ+znkNY5PiyA9dC0ZkU6LssGiwo
+MQN/DPEPtKbUafh+1sias4LoREAGlM1JFEcPzuK4xUhIxzTEBou30kugUzvVyVNE
+95TKUoLfBV4UGq/jW/iPI1sSXQRWHTVrhMnKXQsKvNU3G/lXXgkeVnfy2hPLNX7R
+OsZSN1YK9T75FI0E5LfstQmU3G6WBOuYStkdxtosAbqSFtDMQx/Wb4QYeyKMNVdz
+eKtPKr2BMLZ3O0rwQoxuEflIJRR32X0QaNnI/+cJTmukvN7TmBYMo9v0FEiBoDgk
+G0JwHH0XHprQ+Q56avc9LH1y1i56aGhhv1cVb20QfQ7h3zjtJ1qRiw==
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/c_rsa_pass_ca1_pub.pem b/cpp/test/IceSSL/certs/c_rsa_pass_ca1_pub.pem
new file mode 100644
index 00000000000..4375c953499
--- /dev/null
+++ b/cpp/test/IceSSL/certs/c_rsa_pass_ca1_pub.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:09:57 2006 GMT
+            Not After : Mar 25 18:09:57 2016 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Client
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b9:e9:dc:e9:25:35:34:0c:f5:78:74:a6:0a:44:
+                    15:a4:7d:09:f6:77:a2:9a:ff:2e:43:27:d8:c2:58:
+                    b8:16:40:4e:ef:d2:ac:28:bc:b0:34:17:f1:0f:9e:
+                    a0:76:27:30:24:c8:c8:60:f1:46:9e:8b:7d:96:c0:
+                    11:4b:48:2f:38:ad:2a:4b:bf:72:b6:49:ac:ee:c5:
+                    83:d2:d4:85:9d:c5:36:34:57:0e:1f:a9:bc:75:5e:
+                    d1:c4:96:8b:66:f5:1b:aa:e0:d1:29:a4:5b:18:c1:
+                    c6:4b:0d:09:41:3c:7c:e2:68:82:32:9f:2e:5e:b8:
+                    bf:75:6d:02:aa:dc:63:e0:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            9B:38:4C:97:AD:BB:3F:CF:36:52:53:8C:8E:3A:37:71:3E:87:F8:C3
+            X509v3 Authority Key Identifier: 
+            keyid:A3:8D:7D:FF:A8:69:1E:7C:54:58:46:61:FE:B7:68:BC:2C:FC:CB:DE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:client, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        a2:ca:10:e7:7c:b3:4c:ba:76:c6:e9:8b:90:d3:70:0b:f7:3d:
+        7d:c5:91:f0:29:e1:2b:d7:8b:b5:8d:e9:72:f0:ba:17:3f:88:
+        4b:d9:11:30:da:1f:d8:25:be:62:ca:23:9a:8d:d7:6a:db:21:
+        7c:fa:e4:54:54:db:17:6a:7f:c7:63:a8:35:e0:8c:fa:d0:5d:
+        b6:e8:1a:ef:1b:98:ea:d0:a9:5c:46:ba:3d:4a:8b:e5:eb:f6:
+        1a:ef:71:8a:f7:62:70:3a:6f:4c:06:3f:5e:39:57:fa:89:0b:
+        ed:63:1f:fd:b8:18:ee:f6:de:cc:62:ef:f2:6a:da:16:3e:32:
+        ab:d3:7f:4d:e8:16:61:61:da:64:8f:26:38:31:77:ef:cc:bc:
+        82:34:2f:c5:31:ce:1a:78:40:4d:1d:ca:9f:75:db:e1:eb:54:
+        df:b3:3c:bf:d1:13:91:4d:d1:a8:da:ef:89:31:70:3e:e0:bb:
+        10:65:7d:b6:d6:98:5e:1c:9f:23:a6:12:b8:cc:be:bc:df:56:
+        05:21:5d:27:df:0f:e8:24:04:df:f5:ae:de:3c:f1:17:7e:c0:
+        74:2e:79:be:1f:7b:b8:b7:fe:bb:59:5d:d5:b2:ab:51:4d:d0:
+        9e:df:5e:75:1b:4e:b8:18:dd:47:44:99:a5:6d:41:b1:9b:48:
+        eb:ea:af:8b
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU3WhcNMTYwMzI1MTgwOTU3WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBkNsaWVudDCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuenc6SU1NAz1eHSmCkQVpH0J9nei
+mv8uQyfYwli4FkBO79KsKLywNBfxD56gdicwJMjIYPFGnot9lsARS0gvOK0qS79y
+tkms7sWD0tSFncU2NFcOH6m8dV7RxJaLZvUbquDRKaRbGMHGSw0JQTx84miCMp8u
+Xri/dW0Cqtxj4B8CAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJs4
+TJetuz/PNlJTjI46N3E+h/jDMIHEBgNVHSMEgbwwgbmAFKONff+oaR58VFhGYf63
+aLws/MveoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZjbGllbnSHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBAKLKEOd8s0y6dsbpi5DTcAv3PX3FkfAp4SvX
+i7WN6XLwuhc/iEvZETDaH9glvmLKI5qN12rbIXz65FRU2xdqf8djqDXgjPrQXbbo
+Gu8bmOrQqVxGuj1Ki+Xr9hrvcYr3YnA6b0wGP145V/qJC+1jH/24GO723sxi7/Jq
+2hY+MqvTf03oFmFh2mSPJjgxd+/MvII0L8Uxzhp4QE0dyp912+HrVN+zPL/RE5FN
+0aja74kxcD7guxBlfbbWmF4cnyOmErjMvrzfVgUhXSffD+gkBN/1rt488Rd+wHQu
+eb4fe7i3/rtZXdWyq1FN0J7fXnUbTrgY3UdEmaVtQbGbSOvqr4s=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/cacert.pem b/cpp/test/IceSSL/certs/cacert.pem
deleted file mode 100644
index 40b2d1e47b3..00000000000
--- a/cpp/test/IceSSL/certs/cacert.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEozCCA4ugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
-MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
-b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
-MzE1MTc1MTQ5WhcNMTEwMzE0MTc1MTQ5WjCBlzELMAkGA1UEBhMCVVMxEDAOBgNV
-BAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UE
-ChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVz
-dCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDnTrtDY6KHEDN72Tx7OgkUaLMhYHIURb7/I72c
-AtoRzbf9qW77w+FmruNySlNAMPiPk70D8Xcl5svtOPe/OGgxSgSvoMS/ym/57eMe
-IE0LD6g5hwn2VQ65ZyPGHJ7PWgixpcejtpPIe2GeXABGp3ADGurlaOwvsORX72IQ
-hvciNlK31WZKvFascLGgvIgpNzasK1y1mV+My9I9rMBp6tz79aWYH62Tv/yZB/Kz
-F+6okSLIzYzZCMRactUbrWX3AE10c3gsJoIOi1spr5ax1LyjlS3AWI5jL2Eu0XLO
-k0Yz8o6M2XGr3BD/Q/cUFIKjjhZr6O0saJybWkAzmWeeuZ+XAgMBAAGjgfcwgfQw
-DAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU9gQCQkZa8SH9cULWe8R5ZX4dHoYwgcQG
-A1UdIwSBvDCBuYAU9gQCQkZa8SH9cULWe8R5ZX4dHoahgZ2kgZowgZcxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRswGQYDVQQHExJQYWxtIEJlYWNoIEdh
-cmRlbnMxFDASBgNVBAoTC1plcm9DLCBJbmMuMQwwCgYDVQQLEwNJY2UxFjAUBgNV
-BAMTDVplcm9DIFRlc3QgQ0ExHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
-ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQDebv6otMlokDnzC/Y25VU+fhV8Hat9R0nE
-osWTArvmDgD8yip1Us7QSaoftuznIn3Xbh2jBOx5ND6srs14AIOpxaFU5QVOLzv3
-ZDcd7KOW+d7ft02NZFZcFkmvCjgFkjZcnyT4vDoGXopXlnlgJ4ipQv5Mz8af4RW+
-XTTKfSixR4gJbNfnywumssuV7bUxASivo+fSmiCUCHLDT9HocHgd69z55vT1Wqc2
-5K7Og+JAZvoItuoJxrQ7Mvd0nYUYaP2cmNRKramigqjNG0om529qH0/Cagsfi+bG
-PYjorZxJw8W+XSZv14qqJEo93ilZRo90RlB5e+n2kpdgA107qA7t
------END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/cacert1.pem b/cpp/test/IceSSL/certs/cacert1.pem
new file mode 100644
index 00000000000..2f0ad5b723c
--- /dev/null
+++ b/cpp/test/IceSSL/certs/cacert1.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEozCCA4ugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTUzWhcNMDYwNDI3MTgwOTUzWjCBlzELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UE
+ChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVz
+dCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDr7zDFp/OVfg8QR++rulBks0qdjS9Nr72TCNlA
+9d3fmfCSG7UA/78OIJCOS4o88RIzcZGT2uAaBuAahFg6jV1IMu0FjmsoTRukX6Bm
+A6ONF8XtNRKRB3wtAUWFn5ypUqf6srT06M7+3N+TBqo9MVCPxNSoyaEFPHMNVT3n
+52lPRJY/ycXuaun+eR4NrR/tf0h2dE0rO7PwVbofURaH5vSj8WZv+OfCtzg/s8oE
+u4D3caheoMvim8HhIc39tUrHVi2Jg8fCyDrnKteDmw0eu3DyCisa5mLfr6M5ORrt
+kCeWHGoIvivwjRo2iIMZ5vEwch8K7dBjt01Yt0erltU5CWg1AgMBAAGjgfcwgfQw
+DAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUo419/6hpHnxUWEZh/rdovCz8y94wgcQG
+A1UdIwSBvDCBuYAUo419/6hpHnxUWEZh/rdovCz8y96hgZ2kgZowgZcxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRswGQYDVQQHExJQYWxtIEJlYWNoIEdh
+cmRlbnMxFDASBgNVBAoTC1plcm9DLCBJbmMuMQwwCgYDVQQLEwNJY2UxFjAUBgNV
+BAMTDVplcm9DIFRlc3QgQ0ExHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
+ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQBT4FUXOM52g4HEnY8PefjorPt3f3RDG3Z4
+J55+sT45Z/9LPMynwrADxdNgJdzF3ad8pCXNmkgSN8Gv0QTvVeCWPIgTbtEfm40a
+aNXLvlAekK2pneby7vXMwgM1ZN6+0xNA3+tWSqFC48ye8qfkoSmWH/HLcU5/nuiu
++aU+N+mrd9/ZCwNiOW5xr3iezAV6T6oaZxEuXYlONmvc7Y6ZOLmQ8PNFQfqOAVXA
+88H49sKBLTcBhlqDMRPQJ0pWJs0kAmSYWGJBT2I9QiE63gUGf/yxHYt5ztfrTqzb
+Y9jlTlEhDtGTDr+vYT0QwaXvAb3Z+OPHrr5f6Bt62u/9JBiaNR6q
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/cacert2.pem b/cpp/test/IceSSL/certs/cacert2.pem
new file mode 100644
index 00000000000..b9ec5b9c980
--- /dev/null
+++ b/cpp/test/IceSSL/certs/cacert2.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEozCCA4ugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU2WhcNMDYwNDI3MTgwOTU2WjCBlzELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UE
+ChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVz
+dCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDIIrVc/XClIjvbk10f/v/nKJEN0ygAMAQKtSVX
+cPtuMRRapHfSUrwXInFSBTF1k3ViV53ArSBNDyIb100WiWm1/Da5WP1ezxboP1uc
+dsyYv+1X6PdiP3KJ1rxnDJWfjzlU5qlCCzxLCqvy8xi60vlqPEkGVyo9LCsoqB5h
+G4aOY/Oh8YrPgzqJYae/lVbiI0y1GxqLJpwdW1iSs90MndGb4wFh0nD8Dd/KHacV
+rc7HUdjHTFkhyooQ2kA97v2Ndk0jZ6vwNmuhpbXRyK3/ZEU3idtQQlmDvuerz3lr
+aGrnR9EP0esRFXtZeOEVZNDGyual8LCFeiNIow1ztBR7rBhBAgMBAAGjgfcwgfQw
+DAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUvVq6itK5ltyRXGSfmZTiSEQsqdowgcQG
+A1UdIwSBvDCBuYAUvVq6itK5ltyRXGSfmZTiSEQsqdqhgZ2kgZowgZcxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRswGQYDVQQHExJQYWxtIEJlYWNoIEdh
+cmRlbnMxFDASBgNVBAoTC1plcm9DLCBJbmMuMQwwCgYDVQQLEwNJY2UxFjAUBgNV
+BAMTDVplcm9DIFRlc3QgQ0ExHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
+ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQCYe9MyLIAFbXZE3lgm+W5WA5t1InVrr+ph
+3eGmNyhvs8di1qjKz/CRY7rx2u29nFla0hW2zMV9DuVT+rR3J6qI0kmwNRZBrnPi
+JcTukFH7b4BZ3EVfXnfObILATZLMrlgG+H5+MFKhnuBZDcSx+UCthtmHRlr819K0
+3xGKSQ8YbUVaoDv8wl7pKBpOHst2L6tVy+4KMl7IOC9G9xVzcE1TElcY7GCF1lSX
+LPzsns2dH+o3zxAMpVBknKqTrrK5839al/mzIfHI6ynwyBXRKBEjMmo2CiAKnM85
+AmAEMFc+LyE6u5AvB6LiuQf5v83f6EBLQi6sWZ3cZb7blhUQ3MRA
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/cakey1.pem b/cpp/test/IceSSL/certs/cakey1.pem
new file mode 100644
index 00000000000..56061ebbcef
--- /dev/null
+++ b/cpp/test/IceSSL/certs/cakey1.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA6+8wxafzlX4PEEfvq7pQZLNKnY0vTa+9kwjZQPXd35nwkhu1
+AP+/DiCQjkuKPPESM3GRk9rgGgbgGoRYOo1dSDLtBY5rKE0bpF+gZgOjjRfF7TUS
+kQd8LQFFhZ+cqVKn+rK09OjO/tzfkwaqPTFQj8TUqMmhBTxzDVU95+dpT0SWP8nF
+7mrp/nkeDa0f7X9IdnRNKzuz8FW6H1EWh+b0o/Fmb/jnwrc4P7PKBLuA93GoXqDL
+4pvB4SHN/bVKx1YtiYPHwsg65yrXg5sNHrtw8gorGuZi36+jOTka7ZAnlhxqCL4r
+8I0aNoiDGebxMHIfCu3QY7dNWLdHq5bVOQloNQIDAQABAoIBAEx9VGOQSsE5iCqw
+F7yl/7BWDCe+AQr/ocdMhBqyW0dFwh+sSedUAp3S4uqvBNczFMKG3DqCKEtn1Tnj
+lDMPZ6GjmQJHJOiA7yhANGE+ZsS0Y1++6BEKyzBQDDkBASpH+NunGlGYNJueAgHJ
+lGGYXlTt7D/4dnKbIXW+H/7SIGso4up0MTNeE5t4dxDQWpymFdeISAd4qMG8dTVX
+9YEz0eFsZF4wuY2Brh/7Let2rDXEGmb+MnnALwinYVGwTBoikF6rBAlmdLQYyXrA
+C8N8xDSW5Lsa8hw/eY/egxW9IJUuLG2KJnTlEXGvTa9VS1VICZKdo4iaVlb4GA6j
+JfH175UCgYEA+UYHa2ATV1Px/8MUsvacW93+r1zyVX0TU6Wks9jkLWpeRCt/FYEw
+jtq53Xr4PSsXYILNNTcBwWr4HacKs7S+De4md0mwupRztO9hfEb2j/aCPMJ/6v0m
+kwvoq5v19GvPXY4tAfpneuveuhd2Ogx6oJUpGoB/4x3xSlSQosTyFP8CgYEA8k0D
+y3I3iRrYcOTyb9HmfyxeV/AipDhHMkU5HehJaDSYZtR4L48LgPNpvNdl17pGl0uF
++hK+ORSlseqFdVfLVi9a0uVU+Qhw3y8OoT8wcRsDYPcWGbi1BPSZjBmoSwSgn6hn
+1jKvhzu2uJp+8vGP9fOmuzv7Mim7MZAAFNMDPssCgYEAi+zXdVq1AKxKh7tF/z+X
+faobsOyHy50uICI3Vg1F6Ihw6etQpw2h6E63TrAccJmjwbUq49hA0AXvyRVfWIj4
+tnEcfpGK9vEmEkbdfhmHhkBl0x2LGKmJ4bkpnkspwU5TVLzeXuHk/Icyu1s4LlWa
+8FFKhWnkX+UK8SKPHg9XpJkCgYAGwxl5Aw4DuIkT1X/imQQKxo03fQ8qcBukjoQC
+jqoFy3n5XLKh+ScECUcJKyW/eIZh0IzDpuRCKY5aQcZJuRKGrDmnqxjM/mxP/js1
+StMqROu6OAsY2qvKoJzsaQbmWRG2gveq5a06Y/M8gatLUmyHG66qiQkApGOCBZfK
+/PyZMwKBgHKuwOZf/APOiIMIITOSsbU9UYVX9qiIqeWfLeyydsXhWzRLMkvMN9z9
+5N2Iew7LRXsg4BZyoO+GWhUy5IcLA4yArymq7pt3fFyZvF8hmgyOd1HEte+UNOAE
+b9xIuwHp2nEH3gRRKA1YwgxIji1qiXDyDGAx+EEgJyLkndLjCWlo
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/cakey2.pem b/cpp/test/IceSSL/certs/cakey2.pem
new file mode 100644
index 00000000000..23f03da7e4e
--- /dev/null
+++ b/cpp/test/IceSSL/certs/cakey2.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyCK1XP1wpSI725NdH/7/5yiRDdMoADAECrUlV3D7bjEUWqR3
+0lK8FyJxUgUxdZN1YledwK0gTQ8iG9dNFolptfw2uVj9Xs8W6D9bnHbMmL/tV+j3
+Yj9yida8ZwyVn485VOapQgs8Swqr8vMYutL5ajxJBlcqPSwrKKgeYRuGjmPzofGK
+z4M6iWGnv5VW4iNMtRsaiyacHVtYkrPdDJ3Rm+MBYdJw/A3fyh2nFa3Ox1HYx0xZ
+IcqKENpAPe79jXZNI2er8DZroaW10cit/2RFN4nbUEJZg77nq895a2hq50fRD9Hr
+ERV7WXjhFWTQxsrmpfCwhXojSKMNc7QUe6wYQQIDAQABAoIBAQC7V+I2HfhoXFdz
+/8pYvTeHh23hZxw2sLvX2iIObHCwgbjv8K1JcLEpZtB1Wu8lhNeJK0M8rdNizxu6
+vBwpUJBoDqSbdDYZnflvhn+XQ43aHy9p72ZDzejGJwFN5XXaWxPr6c/fRu01wdOc
+JPutRvi6/ZvOF6IuiT4NXPKzLDUU68rHIG9LKUTpATo37XUJ3l3zL2fSYU/A3rfN
+Kw5NMI0pbQldinlfKaAoy8iDWfbfCwsoCPDzTR1IFMorhIbQppaQJ9eghmIc8qyw
+R1K5rn+jPrufFNYzpYEH39BB72PzsHMhBBvxKq1w0aEPWShTC2uNP/mUN5CTsjy5
+WdSUMwCRAoGBAPKPznU/OrpoNMH4AoXJrOVPSqpem5FE8OKu3mgVp1kJxq2JoR7a
+XYTNnIKaDI9KUDu4inf/uI8s6V4k45Cynu1jQuyrU+ikhoW89ETWKu8M12G+RyO2
++UjRouLetcLC6ibmziNL1phNqlxdkTX2oW5CVDUOzPh8SCn8STHWI7WfAoGBANM5
+Lp/wbMEmm6Ifm08Nu3VDEr3Zew8+LLLU6o6vfm5yhVb9DGuL0ZMcPEz2vLraJ4ti
+kNXQrE8HL2JSZxHDd5V4NYo0ax81c/D1NzZ/Zd1LkeF8JY0yBlkTSh12A+/0E0IZ
+KS6vmjIzODgIUjqii3TH6dYZNw29vPNGc0Gp7KYfAoGAOmSWPjGPkMp/UObErLKF
+VdrFzcfiyZEAMIIKdqIn3E53LtXAHO5SryLUd7hgJ6qrMAVYCFVed9FHCOv2gKIP
+knRf6xu/onThEZcQcvXf9hZwT06AT7+/uWEGRnl45j8IIX9Uxrh+G8Iurfe0eno6
+GJINNYyvmW5J7RmYAVBc3l8CgYAgll7iIBa3SfyS66tra+Py+HEoxyfcNyxwPrcd
+YmfwJEz8GbhT01N3DdEj0qFVdpjJQWC1DCe5XZNq6Omr7OtDLTOdae7o9rc3gq2N
+A+S0WpdcIWotuX0POxGhL/b1i0N5XCZlZIQ2oH5Y7re5AiDf2IP0GxnKTe6b3c+k
+XtH64wKBgQDH15B8/yA5Nl8Uz0BUGxTTR42WDQG08pxOYsuVWc3Z4ReOUHSGt3Bt
+cc7hPZ3YZO8tcybMTKEVSYIdIqf5GXcLiO4FtaJSwzye7i3KbnXo0j2j8yZGPE8M
+xgU5oCzJcjSZ1Jf4KS26QPVHzCqNSNapijw/DNK/C0/Gk8iRhuwgyQ==
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/certs/openssl/generic.cnf b/cpp/test/IceSSL/certs/client.cnf
index 2845b04a0e1..6bef1e2adfd 100644
--- a/cpp/certs/openssl/generic.cnf
+++ b/cpp/test/IceSSL/certs/client.cnf
@@ -20,9 +20,9 @@ default_ca = ice
 
 
 [ ice ]
-dir              = $ENV::ICE_HOME/certs/openssl/ca  # Where everything is kept.
-private_key      = $dir/cakey.pem           # The CA Private Key.
-certificate      = $dir/cacert.pem          # The CA Certificate.
+dir              = tmp	       # Where everything is kept.
+private_key      = cakey.pem   # The CA Private Key.
+certificate      = cacert.pem  # The CA Certificate.
 database         = $dir/index.txt           # Database index file.
 new_certs_dir    = $dir                     # Default loc for new certs.
 serial           = $dir/serial              # The current serial number.
@@ -30,7 +30,7 @@ serial           = $dir/serial              # The current serial number.
 certs            = $dir                     # Where issued certs are kept.
 RANDFILE         = $dir/.rand               # Private random number file.
 
-default_days     = 1825                     # How long certs are valid.
+default_days     = 3650                     # How long certs are valid.
 default_md       = md5                      # The Message Digest type.
 preserve         = yes                      # Keep passed DN ordering?
 
@@ -39,9 +39,9 @@ x509_extensions  = certificate_extensions
 
 
 [ ca_policy ]
-countryName            = optional
-stateOrProvinceName    = optional
-organizationName       = optional
+countryName            = match
+stateOrProvinceName    = match
+organizationName       = match
 organizationalUnitName = optional
 emailAddress           = optional
 commonName             = supplied
@@ -54,12 +54,13 @@ basicConstraints = CA:false
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer:always
 
+subjectAltName = DNS:client, IP:127.0.0.1
 
 [ req ]
 default_bits        = 1024
-default_keyfile     = $ENV::ICE_HOME/certs/newkey.pem
+default_keyfile     = c_rsa1024_priv.pem
 default_md          = md5
-prompt              = yes
+prompt              = no
 distinguished_name  = root_ca_distinguished_name
 x509_extensions     = root_ca_extensions
 
@@ -70,7 +71,7 @@ stateOrProvinceName    = Florida
 localityName           = Palm Beach Gardens
 organizationName       = ZeroC, Inc.
 organizationalUnitName = Ice
-commonName             = Test
+commonName             = Client
 emailAddress           = info@zeroc.com
 
 
diff --git a/cpp/test/IceSSL/certs/dsaparam1024.pem b/cpp/test/IceSSL/certs/dsaparam1024.pem
new file mode 100644
index 00000000000..8b6941b0498
--- /dev/null
+++ b/cpp/test/IceSSL/certs/dsaparam1024.pem
@@ -0,0 +1,9 @@
+-----BEGIN DSA PARAMETERS-----
+MIIBHwKBgQDRqIk+hRip/xkMDFhb3SPSC9lUHFg2cGry7UpR/LQBobbaBx9+JTDL
+6iswzihT2Og/Ti8TAxCqhpjRGQRUrVThv+yb7DplfrKGiAby6xCD5BsJy6Ra0Hch
+qVeISqXkaJyAGF+PW81Oh2BRejQgFuYe9Np1b8uynHYN1JF2xeHv5wIVAKM3w9+f
+I7s7jtna4yLhgE66z8SpAoGBAJK1QvQwz3nCIawxq2b52an7vUbm78oGi9K0fBgz
+ugc7QREqNtFK8I1z7zoz42XR9rS9tqeE/Ncdjx+9d/X1R0miBiJauy2muodxHkPh
+40l1lSkUmUNDGE8Pm71VTG6+UShzs0ZSZ+zZ4JzmI/WxCglGJvfnP6DD3HYm4thB
+dXdW
+-----END DSA PARAMETERS-----
diff --git a/cpp/test/IceSSL/certs/f632d95f.0 b/cpp/test/IceSSL/certs/f632d95f.0
new file mode 100644
index 00000000000..2f0ad5b723c
--- /dev/null
+++ b/cpp/test/IceSSL/certs/f632d95f.0
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEozCCA4ugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTUzWhcNMDYwNDI3MTgwOTUzWjCBlzELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UE
+ChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVz
+dCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDr7zDFp/OVfg8QR++rulBks0qdjS9Nr72TCNlA
+9d3fmfCSG7UA/78OIJCOS4o88RIzcZGT2uAaBuAahFg6jV1IMu0FjmsoTRukX6Bm
+A6ONF8XtNRKRB3wtAUWFn5ypUqf6srT06M7+3N+TBqo9MVCPxNSoyaEFPHMNVT3n
+52lPRJY/ycXuaun+eR4NrR/tf0h2dE0rO7PwVbofURaH5vSj8WZv+OfCtzg/s8oE
+u4D3caheoMvim8HhIc39tUrHVi2Jg8fCyDrnKteDmw0eu3DyCisa5mLfr6M5ORrt
+kCeWHGoIvivwjRo2iIMZ5vEwch8K7dBjt01Yt0erltU5CWg1AgMBAAGjgfcwgfQw
+DAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUo419/6hpHnxUWEZh/rdovCz8y94wgcQG
+A1UdIwSBvDCBuYAUo419/6hpHnxUWEZh/rdovCz8y96hgZ2kgZowgZcxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRswGQYDVQQHExJQYWxtIEJlYWNoIEdh
+cmRlbnMxFDASBgNVBAoTC1plcm9DLCBJbmMuMQwwCgYDVQQLEwNJY2UxFjAUBgNV
+BAMTDVplcm9DIFRlc3QgQ0ExHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
+ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQBT4FUXOM52g4HEnY8PefjorPt3f3RDG3Z4
+J55+sT45Z/9LPMynwrADxdNgJdzF3ad8pCXNmkgSN8Gv0QTvVeCWPIgTbtEfm40a
+aNXLvlAekK2pneby7vXMwgM1ZN6+0xNA3+tWSqFC48ye8qfkoSmWH/HLcU5/nuiu
++aU+N+mrd9/ZCwNiOW5xr3iezAV6T6oaZxEuXYlONmvc7Y6ZOLmQ8PNFQfqOAVXA
+88H49sKBLTcBhlqDMRPQJ0pWJs0kAmSYWGJBT2I9QiE63gUGf/yxHYt5ztfrTqzb
+Y9jlTlEhDtGTDr+vYT0QwaXvAb3Z+OPHrr5f6Bt62u/9JBiaNR6q
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/f632d95f.1 b/cpp/test/IceSSL/certs/f632d95f.1
new file mode 100644
index 00000000000..b9ec5b9c980
--- /dev/null
+++ b/cpp/test/IceSSL/certs/f632d95f.1
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEozCCA4ugAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU2WhcNMDYwNDI3MTgwOTU2WjCBlzELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UE
+ChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVz
+dCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDIIrVc/XClIjvbk10f/v/nKJEN0ygAMAQKtSVX
+cPtuMRRapHfSUrwXInFSBTF1k3ViV53ArSBNDyIb100WiWm1/Da5WP1ezxboP1uc
+dsyYv+1X6PdiP3KJ1rxnDJWfjzlU5qlCCzxLCqvy8xi60vlqPEkGVyo9LCsoqB5h
+G4aOY/Oh8YrPgzqJYae/lVbiI0y1GxqLJpwdW1iSs90MndGb4wFh0nD8Dd/KHacV
+rc7HUdjHTFkhyooQ2kA97v2Ndk0jZ6vwNmuhpbXRyK3/ZEU3idtQQlmDvuerz3lr
+aGrnR9EP0esRFXtZeOEVZNDGyual8LCFeiNIow1ztBR7rBhBAgMBAAGjgfcwgfQw
+DAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUvVq6itK5ltyRXGSfmZTiSEQsqdowgcQG
+A1UdIwSBvDCBuYAUvVq6itK5ltyRXGSfmZTiSEQsqdqhgZ2kgZowgZcxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRswGQYDVQQHExJQYWxtIEJlYWNoIEdh
+cmRlbnMxFDASBgNVBAoTC1plcm9DLCBJbmMuMQwwCgYDVQQLEwNJY2UxFjAUBgNV
+BAMTDVplcm9DIFRlc3QgQ0ExHTAbBgkqhkiG9w0BCQEWDmluZm9AemVyb2MuY29t
+ggEAMA0GCSqGSIb3DQEBBAUAA4IBAQCYe9MyLIAFbXZE3lgm+W5WA5t1InVrr+ph
+3eGmNyhvs8di1qjKz/CRY7rx2u29nFla0hW2zMV9DuVT+rR3J6qI0kmwNRZBrnPi
+JcTukFH7b4BZ3EVfXnfObILATZLMrlgG+H5+MFKhnuBZDcSx+UCthtmHRlr819K0
+3xGKSQ8YbUVaoDv8wl7pKBpOHst2L6tVy+4KMl7IOC9G9xVzcE1TElcY7GCF1lSX
+LPzsns2dH+o3zxAMpVBknKqTrrK5839al/mzIfHI6ynwyBXRKBEjMmo2CiAKnM85
+AmAEMFc+LyE6u5AvB6LiuQf5v83f6EBLQi6sWZ3cZb7blhUQ3MRA
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/goodCert_1.pem b/cpp/test/IceSSL/certs/goodCert_1.pem
deleted file mode 100644
index db528aa1648..00000000000
--- a/cpp/test/IceSSL/certs/goodCert_1.pem
+++ /dev/null
@@ -1,74 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 2 (0x2)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
-        Validity
-            Not Before: Mar 15 17:51:49 2006 GMT
-            Not After : Mar 14 17:51:49 2011 GMT
-        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Client
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:a6:61:97:35:de:03:33:db:41:90:d7:33:01:d4:
-                    fd:66:56:a2:e6:da:53:6a:ed:94:cc:17:fc:e4:50:
-                    d5:8f:d0:3c:87:27:aa:cf:f5:b2:a1:72:66:f7:36:
-                    6e:7f:ea:31:4d:67:e0:89:71:e4:d9:3b:b3:84:94:
-                    5d:08:44:b0:dc:4a:dd:45:f7:61:ae:8c:0f:d9:b8:
-                    66:e1:f0:70:7c:41:d4:f7:b8:85:1a:fd:18:4e:b5:
-                    54:1b:2e:6d:71:df:ac:66:5b:24:ce:33:46:94:fe:
-                    85:fc:bb:7f:19:f2:b9:86:da:1c:d9:10:f3:9e:be:
-                    88:c7:e1:89:57:5a:1d:b0:79
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-            CA:FALSE
-            X509v3 Subject Key Identifier: 
-            5A:7C:B0:53:25:B0:40:B2:D8:4D:8E:0C:EE:1C:FB:EC:12:8F:8C:D6
-            X509v3 Authority Key Identifier: 
-            keyid:F6:04:02:42:46:5A:F1:21:FD:71:42:D6:7B:C4:79:65:7E:1D:1E:86
-            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
-            serial:00
-
-    Signature Algorithm: md5WithRSAEncryption
-        87:64:9b:c7:9d:fc:5a:d9:01:11:87:6d:bd:12:74:a9:97:02:
-        e3:4b:9a:3b:d0:02:f1:b1:ad:84:1f:0f:ed:f4:54:93:bb:d0:
-        02:cf:c3:15:7e:c6:f3:72:0f:2c:95:b7:90:ea:33:be:79:06:
-        bf:cb:74:9b:85:74:c2:e2:f9:7c:28:f3:96:f0:0b:97:b4:11:
-        69:d9:85:ba:79:e8:49:54:96:02:47:32:34:12:81:04:65:04:
-        65:a3:50:ec:1b:b4:cc:fc:1e:a6:c2:9a:6c:ef:a4:be:ef:d8:
-        ba:7f:f5:e6:6d:65:3c:4a:fc:a2:d3:27:80:1e:19:2d:7a:9f:
-        f9:9d:de:c5:67:0a:20:99:98:65:02:38:06:be:ad:20:49:9d:
-        c5:46:92:46:13:01:f6:fb:07:ae:aa:c1:43:62:1c:4e:6b:c5:
-        55:18:e0:e1:09:3b:11:42:46:3b:a7:c9:56:06:4c:eb:15:74:
-        16:d4:0e:8d:b3:fd:b1:24:af:29:7e:97:b8:39:83:f0:7b:0b:
-        d1:50:a3:a6:a4:9e:a4:98:02:a6:25:62:6f:08:24:08:e3:53:
-        3c:c1:bb:bc:d1:79:88:9b:3e:78:ec:8b:5e:40:2f:bf:f6:aa:
-        ed:f2:25:12:3e:4c:29:92:33:0a:8c:12:61:f9:cb:67:e2:2d:
-        48:a7:89:ee
------BEGIN CERTIFICATE-----
-MIID9zCCAt+gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
-MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
-b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
-MzE1MTc1MTQ5WhcNMTEwMzE0MTc1MTQ5WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
-CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
-MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBkNsaWVudDCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApmGXNd4DM9tBkNczAdT9Zlai5tpT
-au2UzBf85FDVj9A8hyeqz/WyoXJm9zZuf+oxTWfgiXHk2TuzhJRdCESw3ErdRfdh
-rowP2bhm4fBwfEHU97iFGv0YTrVUGy5tcd+sZlskzjNGlP6F/Lt/GfK5htoc2RDz
-nr6Ix+GJV1odsHkCAwEAAaOB9DCB8TAJBgNVHRMEAjAAMB0GA1UdDgQWBBRafLBT
-JbBAsthNjgzuHPvsEo+M1jCBxAYDVR0jBIG8MIG5gBT2BAJCRlrxIf1xQtZ7xHll
-fh0ehqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExGzAZ
-BgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UEChMLWmVyb0MsIEluYy4x
-DDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVzdCBDQTEdMBsGCSqGSIb3
-DQEJARYOaW5mb0B6ZXJvYy5jb22CAQAwDQYJKoZIhvcNAQEEBQADggEBAIdkm8ed
-/FrZARGHbb0SdKmXAuNLmjvQAvGxrYQfD+30VJO70ALPwxV+xvNyDyyVt5DqM755
-Br/LdJuFdMLi+Xwo85bwC5e0EWnZhbp56ElUlgJHMjQSgQRlBGWjUOwbtMz8HqbC
-mmzvpL7v2Lp/9eZtZTxK/KLTJ4AeGS16n/md3sVnCiCZmGUCOAa+rSBJncVGkkYT
-Afb7B66qwUNiHE5rxVUY4OEJOxFCRjunyVYGTOsVdBbUDo2z/bEkryl+l7g5g/B7
-C9FQo6aknqSYAqYlYm8IJAjjUzzBu7zReYibPnjsi15AL7/2qu3yJRI+TCmSMwqM
-EmH5y2fiLUinie4=
------END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/goodCert_2.pem b/cpp/test/IceSSL/certs/goodCert_2.pem
deleted file mode 100644
index e10ddf847ac..00000000000
--- a/cpp/test/IceSSL/certs/goodCert_2.pem
+++ /dev/null
@@ -1,74 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
-        Validity
-            Not Before: Mar 15 17:51:49 2006 GMT
-            Not After : Mar 14 17:51:49 2011 GMT
-        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Server
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:e1:6b:89:02:6f:57:9f:91:36:2f:79:18:f6:77:
-                    40:22:65:81:6c:87:f7:f8:5f:7d:ce:79:74:e1:da:
-                    f8:e9:85:59:ca:41:4b:5f:4a:bb:05:0b:93:64:0e:
-                    54:64:10:ec:b4:a9:a0:16:94:4f:6b:3c:89:b8:4a:
-                    af:4c:7d:2d:27:a8:29:09:72:1b:8d:e8:6f:4c:29:
-                    0d:07:68:76:4f:df:5b:0f:7b:59:79:d7:b2:89:ea:
-                    63:49:b4:76:ab:27:88:44:6b:34:10:e3:25:cd:b0:
-                    4b:c9:dc:5b:84:1b:52:63:9f:a7:ae:b8:4a:6f:df:
-                    f2:b0:e8:c1:fc:ec:3e:e0:51
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-            CA:FALSE
-            X509v3 Subject Key Identifier: 
-            40:C5:B7:F0:4D:C4:C2:27:02:AD:7E:A9:1B:7C:86:62:F6:21:68:55
-            X509v3 Authority Key Identifier: 
-            keyid:F6:04:02:42:46:5A:F1:21:FD:71:42:D6:7B:C4:79:65:7E:1D:1E:86
-            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
-            serial:00
-
-    Signature Algorithm: md5WithRSAEncryption
-        4f:2a:7f:f8:ec:16:74:33:ed:cd:1a:98:8a:4b:e7:50:06:d9:
-        23:96:25:f0:92:bd:1b:67:38:a4:50:0e:1b:04:40:7b:bc:82:
-        a2:bd:e1:97:3e:74:6e:d5:e9:2a:e7:24:de:7f:1d:47:04:47:
-        7f:ac:d1:f8:c2:9e:f7:df:18:bb:8a:cd:ee:ac:1d:81:1a:5d:
-        5e:1f:b3:71:25:00:cd:15:1b:a6:9a:11:9f:02:3c:c5:b1:40:
-        5f:51:35:b1:8c:79:95:69:5a:07:99:86:61:bf:a7:21:c0:4a:
-        d1:77:4a:71:b9:61:6d:48:48:5f:98:83:93:3e:a9:3a:3b:a8:
-        08:84:f9:d8:56:12:bb:29:31:72:57:40:af:eb:da:de:c3:e9:
-        3b:f8:d9:7f:b8:77:d0:a0:0b:da:07:c0:53:05:0b:bb:34:3d:
-        da:04:30:0d:b7:9e:8c:77:6c:ea:cc:ba:bb:51:1d:90:95:d5:
-        00:d2:c3:f0:e4:e4:52:6e:17:18:30:2d:7d:94:1c:93:8d:5d:
-        4a:d9:7c:bc:ad:d9:f2:4c:8e:37:73:8d:d4:b0:eb:cd:f1:8b:
-        53:03:19:88:40:6f:6b:1d:34:98:a7:6e:f6:8d:0d:72:ce:57:
-        1b:b5:99:4c:92:ce:44:95:3d:d2:86:c6:9f:79:4f:df:54:56:
-        f8:bd:e8:4d
------BEGIN CERTIFICATE-----
-MIID9zCCAt+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
-MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
-b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
-MzE1MTc1MTQ5WhcNMTEwMzE0MTc1MTQ5WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
-CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
-MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBlNlcnZlcjCB
-nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4WuJAm9Xn5E2L3kY9ndAImWBbIf3
-+F99znl04dr46YVZykFLX0q7BQuTZA5UZBDstKmgFpRPazyJuEqvTH0tJ6gpCXIb
-jehvTCkNB2h2T99bD3tZedeyiepjSbR2qyeIRGs0EOMlzbBLydxbhBtSY5+nrrhK
-b9/ysOjB/Ow+4FECAwEAAaOB9DCB8TAJBgNVHRMEAjAAMB0GA1UdDgQWBBRAxbfw
-TcTCJwKtfqkbfIZi9iFoVTCBxAYDVR0jBIG8MIG5gBT2BAJCRlrxIf1xQtZ7xHll
-fh0ehqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExGzAZ
-BgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEUMBIGA1UEChMLWmVyb0MsIEluYy4x
-DDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVyb0MgVGVzdCBDQTEdMBsGCSqGSIb3
-DQEJARYOaW5mb0B6ZXJvYy5jb22CAQAwDQYJKoZIhvcNAQEEBQADggEBAE8qf/js
-FnQz7c0amIpL51AG2SOWJfCSvRtnOKRQDhsEQHu8gqK94Zc+dG7V6SrnJN5/HUcE
-R3+s0fjCnvffGLuKze6sHYEaXV4fs3ElAM0VG6aaEZ8CPMWxQF9RNbGMeZVpWgeZ
-hmG/pyHAStF3SnG5YW1ISF+Yg5M+qTo7qAiE+dhWErspMXJXQK/r2t7D6Tv42X+4
-d9CgC9oHwFMFC7s0PdoEMA23nox3bOrMurtRHZCV1QDSw/Dk5FJuFxgwLX2UHJON
-XUrZfLyt2fJMjjdzjdSw683xi1MDGYhAb2sdNJinbvaNDXLOVxu1mUySzkSVPdKG
-xp95T99UVvi96E0=
------END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/goodKey_1.pem b/cpp/test/IceSSL/certs/goodKey_1.pem
deleted file mode 100644
index 67db8be940e..00000000000
--- a/cpp/test/IceSSL/certs/goodKey_1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCmYZc13gMz20GQ1zMB1P1mVqLm2lNq7ZTMF/zkUNWP0DyHJ6rP
-9bKhcmb3Nm5/6jFNZ+CJceTZO7OElF0IRLDcSt1F92GujA/ZuGbh8HB8QdT3uIUa
-/RhOtVQbLm1x36xmWyTOM0aU/oX8u38Z8rmG2hzZEPOevojH4YlXWh2weQIDAQAB
-AoGAEH8ooPysUJ3yuEu+EPZvUZBRgpYvIzD/SeUu++xP4HyDI9t5AjmYRo2zS9un
-xSMRVF1yU+5pBGj4+bJELyewaV5B6R5DWaqesBxabjdwNrjV5tj3hlOIvJ9qCtrs
-sK7s1supNtRouWZB03lpGa8AbeiAuhd1NBDoitzxYGiO7SECQQDYcWNA9jLvZXo/
-IWUdqEaxlzHe4zz9jIEf2SH/r4j7+DzeW/LvV3yhRedarkztXU+2oK3hbT5LUgEe
-rrSSjLGFAkEAxMn9VoJ+Ssj+rJ+a2U4SsgTlfapnm9SaIDWf3xl7smXaM5XHbJvl
-lSU5u2fOCo5e+KzW8rlf+Q9jgGv04oo7ZQJBAMkue8dCEI4ckMhlTguHAk7H7n7y
-URqLounrdYKnsngigNFePizh8OImi6jqIm7vMMzcBUNnu2NfUdMnKIifZdECQEk1
-j+7oGw29WqljsxrWpbPeiHXIuETLwg7rhC9ebps+sv9v4EHyeWWT9LdYddmNf51p
-x4mDF0YzyGOVRgQlQtUCQQDKxoGy/jG/hRps94Tg24u50sJvvK+7wfLJAxaGL96V
-W7slvcY4PBB7zzTOtzkWf//i+ALXHknXd9zSzYqVok2m
------END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/goodKey_2.pem b/cpp/test/IceSSL/certs/goodKey_2.pem
deleted file mode 100644
index 808ef1c0d87..00000000000
--- a/cpp/test/IceSSL/certs/goodKey_2.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDha4kCb1efkTYveRj2d0AiZYFsh/f4X33OeXTh2vjphVnKQUtf
-SrsFC5NkDlRkEOy0qaAWlE9rPIm4Sq9MfS0nqCkJchuN6G9MKQ0HaHZP31sPe1l5
-17KJ6mNJtHarJ4hEazQQ4yXNsEvJ3FuEG1Jjn6euuEpv3/Kw6MH87D7gUQIDAQAB
-AoGBAJCGQ4d+H228ykLRn0GV31auQbZ1znQ9tQlGMbwEioYd6x2Tk2F7JkDr1QnX
-bh/iAgEqp+sSF4EnhRzVNWMS9nk8c57SH+SCTev4KysjYoUl1RpU9X2n5dFBifSY
-J8saC5QXh8ZWxKckAeZHrdEezLigoIEQAL3SY0NyShPJt1QBAkEA88dms6q4az83
-7b/uyIfjRu2ZDe9z8kUXn/aua6y/h1qn51DikjFobnwaEVy0Tvka71rqhB1pvigo
-qejFqhtI8QJBAOy4hWEGNYgwP3n/4ejZmKrWhdqCgvtHZaV3D4sMv7YFrfIOHEEe
-tymOaJW7p2Z+Qerqjh9geJ4lsOwvx4h0DWECQHrE6C8BgkDYpKUCbRHmhYpZ7CO9
-fOn868nupKaraAWVnUt8S66OXWaO713hDxlakLsMUWDZo0BV3yy6gpmJhjECQHT3
-zDgf+E2eAY+H55nGA1DPBX7uJEiDg+9ZwF1l5EjNz6CeZkmrIrgu/PCXs+TKGEo6
-shVA9vi2CRD7nu2G4qECQGAG4AZnG10WEdTb48kBJ1BXiFr5SHPKkPXh2187HfnE
-JUGFX76iVQTXtVL1PZLbiOjYOZb4OA7SeDbKCI2zZIs=
------END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/makecerts b/cpp/test/IceSSL/certs/makecerts
new file mode 100755
index 00000000000..6c3e287afec
--- /dev/null
+++ b/cpp/test/IceSSL/certs/makecerts
@@ -0,0 +1,170 @@
+#!/bin/sh
+# **********************************************************************
+#
+# Copyright (c) 2003-2005 ZeroC, Inc. All rights reserved.
+#
+# This copy of Ice is licensed to you under the terms described in the
+# ICE_LICENSE file included in this distribution.
+#
+# **********************************************************************
+
+TMP=tmp
+
+#
+# Generate RSA certificates and keys.
+#
+if ! [ -f cakey1.pem ]; then
+
+    if [ -d $TMP ]; then
+	rm -rf $TMP
+    fi
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+
+    #
+    # Generate CA certificates. Also make copies of the certificates using their
+    # hash values as filenames, which allows OpenSSL to find them at run time.
+    #
+    openssl req -config test_ca.cnf -x509 -newkey rsa -keyout cakey1.pem -out cacert1.pem -outform PEM -nodes
+    openssl req -config test_ca.cnf -x509 -newkey rsa -keyout cakey2.pem -out cacert2.pem -outform PEM -nodes
+    cp cacert1.pem `openssl x509 -hash -noout -in cacert1.pem`.0
+    cp cacert2.pem `openssl x509 -hash -noout -in cacert2.pem`.1
+
+    #
+    # Create a server certificate and key (no password).
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config server.cnf -newkey rsa -nodes -keyout s_rsa_nopass_ca1_priv.pem \
+        -keyform PEM -out $TMP/req.pem
+    openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_rsa_nopass_ca1_pub.pem \
+	-cert cacert1.pem -keyfile cakey1.pem
+
+    #
+    # Create a server certificate and key (with password).
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config server.cnf -newkey rsa -passout pass:server -keyout s_rsa_pass_ca1_priv.pem \
+        -keyform PEM -out $TMP/req.pem
+    openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_rsa_pass_ca1_pub.pem \
+	-cert cacert1.pem -keyfile cakey1.pem -key server
+
+    #
+    # Create an expired server certificate and key (no password).
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config server.cnf -newkey rsa -nodes -keyout s_rsa_nopass_ca1_exp_priv.pem \
+        -keyform PEM -out $TMP/req.pem
+    openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_rsa_nopass_ca1_exp_pub.pem \
+	-cert cacert1.pem -keyfile cakey1.pem -enddate 051231000000Z
+
+    #
+    # Create a client certificate and key (no password).
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config client.cnf -newkey rsa -nodes -keyout c_rsa_nopass_ca1_priv.pem \
+        -keyform PEM -out $TMP/req.pem
+    openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_rsa_nopass_ca1_pub.pem \
+	-cert cacert1.pem -keyfile cakey1.pem
+
+    #
+    # Create a client certificate and key (with password).
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config client.cnf -newkey rsa -passout pass:client -keyout c_rsa_pass_ca1_priv.pem \
+        -keyform PEM -out $TMP/req.pem
+    openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_rsa_pass_ca1_pub.pem \
+	-cert cacert1.pem -keyfile cakey1.pem -key server
+
+    #
+    # Create an expired client certificate and key (no password).
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config client.cnf -newkey rsa -nodes -keyout c_rsa_nopass_ca1_exp_priv.pem \
+        -keyform PEM -out $TMP/req.pem
+    openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_rsa_nopass_ca1_exp_pub.pem \
+	-cert cacert1.pem -keyfile cakey1.pem -enddate 051231000000Z
+
+    #
+    # Create a server certificate and key (no password) using a different CA.
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config server.cnf -newkey rsa -nodes -keyout s_rsa_nopass_ca2_priv.pem \
+        -keyform PEM -out $TMP/req.pem
+    openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_rsa_nopass_ca2_pub.pem \
+	-cert cacert2.pem -keyfile cakey2.pem
+
+    #
+    # Create a client certificate and key (no password) using a different CA.
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config client.cnf -newkey rsa -nodes -keyout c_rsa_nopass_ca2_priv.pem \
+	-keyform PEM -out $TMP/req.pem
+    openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_rsa_nopass_ca2_pub.pem \
+	-cert cacert2.pem -keyfile cakey2.pem
+
+    rm -f dsaparam1024.pem
+fi
+
+#
+# Generate DSA parameters and keys.
+#
+if ! [ -f dsaparam1024.pem ]; then
+
+    if [ -d $TMP ]; then
+	rm -rf $TMP
+    fi
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+
+    openssl dsaparam -out dsaparam1024.pem -outform PEM 1024
+
+    #
+    # Create a server certificate and key (no password).
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config server.cnf -newkey dsa:dsaparam1024.pem -nodes -keyout s_dsa_nopass_ca1_priv.pem \
+        -keyform PEM -out $TMP/req.pem
+    openssl ca -config server.cnf -batch -in $TMP/req.pem -out s_dsa_nopass_ca1_pub.pem \
+	-cert cacert1.pem -keyfile cakey1.pem
+
+    #
+    # Create a client certificate and key (no password).
+    #
+    rm -rf $TMP
+    mkdir $TMP
+    echo '01' > $TMP/serial
+    touch $TMP/index.txt
+    openssl req -config client.cnf -newkey dsa:dsaparam1024.pem -nodes -keyout c_dsa_nopass_ca1_priv.pem \
+        -keyform PEM -out $TMP/req.pem
+    openssl ca -config client.cnf -batch -in $TMP/req.pem -out c_dsa_nopass_ca1_pub.pem \
+	-cert cacert1.pem -keyfile cakey1.pem
+fi
diff --git a/cpp/test/IceSSL/certs/s_dsa_nopass_ca1_priv.pem b/cpp/test/IceSSL/certs/s_dsa_nopass_ca1_priv.pem
new file mode 100644
index 00000000000..08574ce2352
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_dsa_nopass_ca1_priv.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQDRqIk+hRip/xkMDFhb3SPSC9lUHFg2cGry7UpR/LQBobbaBx9+
+JTDL6iswzihT2Og/Ti8TAxCqhpjRGQRUrVThv+yb7DplfrKGiAby6xCD5BsJy6Ra
+0HchqVeISqXkaJyAGF+PW81Oh2BRejQgFuYe9Np1b8uynHYN1JF2xeHv5wIVAKM3
+w9+fI7s7jtna4yLhgE66z8SpAoGBAJK1QvQwz3nCIawxq2b52an7vUbm78oGi9K0
+fBgzugc7QREqNtFK8I1z7zoz42XR9rS9tqeE/Ncdjx+9d/X1R0miBiJauy2muodx
+HkPh40l1lSkUmUNDGE8Pm71VTG6+UShzs0ZSZ+zZ4JzmI/WxCglGJvfnP6DD3HYm
+4thBdXdWAoGAW/+6i/QH/FpLMrCS1r9jnG2gUNee4iLDgI6sRuZVXrCP/Zsl6jV9
+dGzGarSKBjq/zfKqjW+qQ4nDNSQ/pXRr912jO3c9lqsu1xvpdQ9TMvEG+/V7DAX9
+9YkojFMIeuK6IhzIbC4X/G2te+CpdsYMVylPcr7IyWgO5kWjiJQUYeMCFBhUp1WA
+NZcS6kNHvgBTroogX3kl
+-----END DSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/s_dsa_nopass_ca1_pub.pem b/cpp/test/IceSSL/certs/s_dsa_nopass_ca1_pub.pem
new file mode 100644
index 00000000000..a3b0cad40f8
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_dsa_nopass_ca1_pub.pem
@@ -0,0 +1,104 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:10:00 2006 GMT
+            Not After : Mar 25 18:10:00 2016 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Server
+        Subject Public Key Info:
+            Public Key Algorithm: dsaEncryption
+            DSA Public Key:
+                pub: 
+                    5b:ff:ba:8b:f4:07:fc:5a:4b:32:b0:92:d6:bf:63:
+                    9c:6d:a0:50:d7:9e:e2:22:c3:80:8e:ac:46:e6:55:
+                    5e:b0:8f:fd:9b:25:ea:35:7d:74:6c:c6:6a:b4:8a:
+                    06:3a:bf:cd:f2:aa:8d:6f:aa:43:89:c3:35:24:3f:
+                    a5:74:6b:f7:5d:a3:3b:77:3d:96:ab:2e:d7:1b:e9:
+                    75:0f:53:32:f1:06:fb:f5:7b:0c:05:fd:f5:89:28:
+                    8c:53:08:7a:e2:ba:22:1c:c8:6c:2e:17:fc:6d:ad:
+                    7b:e0:a9:76:c6:0c:57:29:4f:72:be:c8:c9:68:0e:
+                    e6:45:a3:88:94:14:61:e3
+                P:   
+                    00:d1:a8:89:3e:85:18:a9:ff:19:0c:0c:58:5b:dd:
+                    23:d2:0b:d9:54:1c:58:36:70:6a:f2:ed:4a:51:fc:
+                    b4:01:a1:b6:da:07:1f:7e:25:30:cb:ea:2b:30:ce:
+                    28:53:d8:e8:3f:4e:2f:13:03:10:aa:86:98:d1:19:
+                    04:54:ad:54:e1:bf:ec:9b:ec:3a:65:7e:b2:86:88:
+                    06:f2:eb:10:83:e4:1b:09:cb:a4:5a:d0:77:21:a9:
+                    57:88:4a:a5:e4:68:9c:80:18:5f:8f:5b:cd:4e:87:
+                    60:51:7a:34:20:16:e6:1e:f4:da:75:6f:cb:b2:9c:
+                    76:0d:d4:91:76:c5:e1:ef:e7
+                Q:   
+                    00:a3:37:c3:df:9f:23:bb:3b:8e:d9:da:e3:22:e1:
+                    80:4e:ba:cf:c4:a9
+                G:   
+                    00:92:b5:42:f4:30:cf:79:c2:21:ac:31:ab:66:f9:
+                    d9:a9:fb:bd:46:e6:ef:ca:06:8b:d2:b4:7c:18:33:
+                    ba:07:3b:41:11:2a:36:d1:4a:f0:8d:73:ef:3a:33:
+                    e3:65:d1:f6:b4:bd:b6:a7:84:fc:d7:1d:8f:1f:bd:
+                    77:f5:f5:47:49:a2:06:22:5a:bb:2d:a6:ba:87:71:
+                    1e:43:e1:e3:49:75:95:29:14:99:43:43:18:4f:0f:
+                    9b:bd:55:4c:6e:be:51:28:73:b3:46:52:67:ec:d9:
+                    e0:9c:e6:23:f5:b1:0a:09:46:26:f7:e7:3f:a0:c3:
+                    dc:76:26:e2:d8:41:75:77:56
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            5F:EA:28:E5:A1:47:D1:65:90:15:19:BA:B8:AF:CC:C8:34:3D:84:83
+            X509v3 Authority Key Identifier: 
+            keyid:A3:8D:7D:FF:A8:69:1E:7C:54:58:46:61:FE:B7:68:BC:2C:FC:CB:DE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:server, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        c8:10:fb:07:49:82:f4:87:de:13:73:80:73:fb:90:e1:3b:c9:
+        d2:33:79:fc:48:95:6f:7a:a8:15:96:55:a9:2d:a3:43:c5:d9:
+        b0:5f:94:38:88:dc:a8:5e:9f:61:2d:a4:46:56:5b:92:ed:b4:
+        72:45:a5:0a:38:48:7b:28:20:29:ec:d4:24:ab:ca:68:00:a8:
+        26:0f:de:c0:b1:5a:11:c7:3f:09:09:12:8c:df:40:cd:d1:08:
+        63:4a:c2:e0:35:f3:1d:ad:e5:1c:2d:e2:a0:41:04:e9:d0:47:
+        fc:13:fd:79:55:c3:a7:db:1b:d5:11:b0:8b:ba:6a:2b:66:27:
+        7a:02:66:61:09:71:da:17:0e:ec:c6:2e:46:ae:1d:15:65:23:
+        41:00:5f:69:d0:88:38:98:08:fb:d9:69:e8:a3:ff:a2:d1:60:
+        31:1a:dc:32:e2:2c:7d:9c:6a:4b:94:db:86:c1:21:63:12:59:
+        b7:48:fe:a4:f4:57:dd:97:68:05:8c:04:04:8a:b0:88:ef:16:
+        51:24:80:46:a0:d4:ed:dc:1b:70:26:b2:cd:c0:38:61:e1:1e:
+        3a:6f:52:20:96:3e:8f:ac:65:6d:93:87:4a:1d:f8:37:bc:09:
+        e4:d4:2c:6b:17:68:fe:2d:f9:73:50:4c:a7:e7:20:dc:61:f2:
+        86:65:66:80
+-----BEGIN CERTIFICATE-----
+MIIFKzCCBBOgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgxMDAwWhcNMTYwMzI1MTgxMDAwWjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBlNlcnZlcjCC
+AbcwggEsBgcqhkjOOAQBMIIBHwKBgQDRqIk+hRip/xkMDFhb3SPSC9lUHFg2cGry
+7UpR/LQBobbaBx9+JTDL6iswzihT2Og/Ti8TAxCqhpjRGQRUrVThv+yb7DplfrKG
+iAby6xCD5BsJy6Ra0HchqVeISqXkaJyAGF+PW81Oh2BRejQgFuYe9Np1b8uynHYN
+1JF2xeHv5wIVAKM3w9+fI7s7jtna4yLhgE66z8SpAoGBAJK1QvQwz3nCIawxq2b5
+2an7vUbm78oGi9K0fBgzugc7QREqNtFK8I1z7zoz42XR9rS9tqeE/Ncdjx+9d/X1
+R0miBiJauy2muodxHkPh40l1lSkUmUNDGE8Pm71VTG6+UShzs0ZSZ+zZ4JzmI/Wx
+CglGJvfnP6DD3HYm4thBdXdWA4GEAAKBgFv/uov0B/xaSzKwkta/Y5xtoFDXnuIi
+w4COrEbmVV6wj/2bJeo1fXRsxmq0igY6v83yqo1vqkOJwzUkP6V0a/ddozt3PZar
+Ltcb6XUPUzLxBvv1ewwF/fWJKIxTCHriuiIcyGwuF/xtrXvgqXbGDFcpT3K+yMlo
+DuZFo4iUFGHjo4IBDjCCAQowCQYDVR0TBAIwADAdBgNVHQ4EFgQUX+oo5aFH0WWQ
+FRm6uK/MyDQ9hIMwgcQGA1UdIwSBvDCBuYAUo419/6hpHnxUWEZh/rdovCz8y96h
+gZ2kgZowgZcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdGbG9yaWRhMRswGQYDVQQH
+ExJQYWxtIEJlYWNoIEdhcmRlbnMxFDASBgNVBAoTC1plcm9DLCBJbmMuMQwwCgYD
+VQQLEwNJY2UxFjAUBgNVBAMTDVplcm9DIFRlc3QgQ0ExHTAbBgkqhkiG9w0BCQEW
+DmluZm9AemVyb2MuY29tggEAMBcGA1UdEQQQMA6CBnNlcnZlcocEfwAAATANBgkq
+hkiG9w0BAQQFAAOCAQEAyBD7B0mC9IfeE3OAc/uQ4TvJ0jN5/EiVb3qoFZZVqS2j
+Q8XZsF+UOIjcqF6fYS2kRlZbku20ckWlCjhIeyggKezUJKvKaACoJg/ewLFaEcc/
+CQkSjN9AzdEIY0rC4DXzHa3lHC3ioEEE6dBH/BP9eVXDp9sb1RGwi7pqK2YnegJm
+YQlx2hcO7MYuRq4dFWUjQQBfadCIOJgI+9lp6KP/otFgMRrcMuIsfZxqS5TbhsEh
+YxJZt0j+pPRX3ZdoBYwEBIqwiO8WUSSARqDU7dwbcCayzcA4YeEeOm9SIJY+j6xl
+bZOHSh34N7wJ5NQsaxdo/i35c1BMp+cg3GHyhmVmgA==
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_exp_priv.pem b/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_exp_priv.pem
new file mode 100644
index 00000000000..cda0d0e5da0
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_exp_priv.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDJGpWZGGfBrI0nlSKYsPS8ozlsEdbakt1i0FmTj0Fw2wPPWSro
+1JgxGlLgpE0VPumrWAhrVQcv9Uua1TQfSuj7hBwbo/3rF8PvqwivDM7bjxQZYXnq
++PW5CiGwzvms3+DHElYurPfjJkd3Hl/H/CwMH1ER4D5BMWWWVFigZ0R7CQIDAQAB
+AoGAdVXbfy3sK+ZfnX64ZtqokP+zW0i1UWZrYWIrQZtOFWjUOkDOdnbELbIsNQHo
+L8M7V0vP7b/4p5S5fidzd+afNEbA2si8Wf+Vb6IKBXeV2QOwoOP2qB2U+pTaejG8
+M8uE+4anmUm7Ki5KFJgfEFIk9QTWE89GQwp9bWSHyczb9eECQQD8foa9umnsz291
+l6EJSVNVofvS9I7RLJw0dIyOKS4Qh6BQz0R/dIPym9hQbSA2FB80jkhYLPnbp7vY
+3EUbvuQdAkEAy+Vk9AjCLQHsM4Cd9PwfK8OFjS9bS/9rsD6kTHKRo03Nn1Jmd3Lg
+T2YidxqRRVQQk1TWzh9gQwGRChsypw5m3QJBAKVsW+jHzgg5a2PWgMntwWxUIQF3
++m2u1XREe6XT8vsfcHghI1aBxsTXN+SRak4j5sHvChTC+rvfa+HLhneEHD0CQEo4
+RndOeOBJQuG8f8Mdw3r6wTKTeng/kcOmCciKK9l2CNNl+0af2mcMlp8kXJ0P7Li0
+uTxuz2uUtmcnX1jQNUECQQCAIQ0srCPIQC6alLHprL6e/+uPXbcBsZJ4QHXFzKSh
+jFxJy2T6uH2Eu8r0zVbULOXwMf12+sqG9VQ6ffUaX5dz
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_exp_pub.pem b/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_exp_pub.pem
new file mode 100644
index 00000000000..b51bfb4350c
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_exp_pub.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:09:56 2006 GMT
+            Not After : Dec 31 00:00:00 2005 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c9:1a:95:99:18:67:c1:ac:8d:27:95:22:98:b0:
+                    f4:bc:a3:39:6c:11:d6:da:92:dd:62:d0:59:93:8f:
+                    41:70:db:03:cf:59:2a:e8:d4:98:31:1a:52:e0:a4:
+                    4d:15:3e:e9:ab:58:08:6b:55:07:2f:f5:4b:9a:d5:
+                    34:1f:4a:e8:fb:84:1c:1b:a3:fd:eb:17:c3:ef:ab:
+                    08:af:0c:ce:db:8f:14:19:61:79:ea:f8:f5:b9:0a:
+                    21:b0:ce:f9:ac:df:e0:c7:12:56:2e:ac:f7:e3:26:
+                    47:77:1e:5f:c7:fc:2c:0c:1f:51:11:e0:3e:41:31:
+                    65:96:54:58:a0:67:44:7b:09
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            6D:C8:C2:15:B3:15:4C:BE:11:42:AD:60:0F:28:EF:E1:27:C7:5E:5A
+            X509v3 Authority Key Identifier: 
+            keyid:A3:8D:7D:FF:A8:69:1E:7C:54:58:46:61:FE:B7:68:BC:2C:FC:CB:DE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:server, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        e5:83:ab:70:ff:ec:a9:e0:7d:6f:9b:4c:7b:ca:a4:1e:ce:50:
+        1b:84:29:d8:dc:53:e7:82:33:18:f2:a9:c9:c6:9f:c7:07:cf:
+        15:b8:b4:e5:a5:ca:83:45:50:25:69:2a:f0:e4:ae:5c:a5:65:
+        99:73:66:9b:38:c2:c0:a4:e2:3e:4b:3e:18:d2:b7:7b:32:03:
+        e2:c9:7a:a7:f6:ad:6b:80:12:0c:04:69:fb:5d:76:e8:bd:9d:
+        7f:4e:b2:13:24:7a:2b:bb:25:84:5f:f4:2b:62:50:db:28:ea:
+        a1:0b:15:e6:bf:b4:21:ef:25:f4:62:7e:99:af:89:6c:81:f8:
+        a3:5d:bb:7e:6e:f9:a1:91:ee:59:4a:bb:01:42:87:a9:fe:de:
+        75:ab:d1:fc:5c:1a:5f:3b:b5:57:a6:0f:a3:d1:db:eb:c2:e1:
+        56:ac:03:12:2d:3a:03:0a:fc:87:a9:1d:09:78:8b:24:78:79:
+        9d:52:3d:55:4c:8f:24:76:0e:52:f5:a7:44:13:5d:6f:da:e1:
+        56:f6:df:19:e4:4d:5d:3a:d5:6c:87:2a:a2:69:3a:5f:64:d7:
+        09:c2:e9:96:d5:a6:eb:b9:cc:1a:d2:7c:a6:3a:50:e4:5e:83:
+        3c:10:40:37:85:ae:94:80:d6:03:7b:ac:5d:3c:ca:95:01:b4:
+        27:ca:2e:35
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU2WhcNMDUxMjMxMDAwMDAwWjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBlNlcnZlcjCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyRqVmRhnwayNJ5UimLD0vKM5bBHW
+2pLdYtBZk49BcNsDz1kq6NSYMRpS4KRNFT7pq1gIa1UHL/VLmtU0H0ro+4QcG6P9
+6xfD76sIrwzO248UGWF56vj1uQohsM75rN/gxxJWLqz34yZHdx5fx/wsDB9REeA+
+QTFlllRYoGdEewkCAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFG3I
+whWzFUy+EUKtYA8o7+Enx15aMIHEBgNVHSMEgbwwgbmAFKONff+oaR58VFhGYf63
+aLws/MveoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZzZXJ2ZXKHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBAOWDq3D/7KngfW+bTHvKpB7OUBuEKdjcU+eC
+MxjyqcnGn8cHzxW4tOWlyoNFUCVpKvDkrlylZZlzZps4wsCk4j5LPhjSt3syA+LJ
+eqf2rWuAEgwEaftddui9nX9OshMkeiu7JYRf9CtiUNso6qELFea/tCHvJfRifpmv
+iWyB+KNdu35u+aGR7llKuwFCh6n+3nWr0fxcGl87tVemD6PR2+vC4VasAxItOgMK
+/IepHQl4iyR4eZ1SPVVMjyR2DlL1p0QTXW/a4Vb23xnkTV061WyHKqJpOl9k1wnC
+6ZbVpuu5zBrSfKY6UORegzwQQDeFrpSA1gN7rF08ypUBtCfKLjU=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_priv.pem b/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_priv.pem
new file mode 100644
index 00000000000..755d58f138c
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_priv.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDM6oAR9/Q9GkmglDBZGum8bSyUg9Gj2wzGplAykI7zh5t7WSkG
+K2Dv4ntwZzy6BVOEw3KDdHH6Flmhfjxzt6cyRzPYtIJAoABM3aezuYFTTuSsaSxR
+BZg1tGB4vGIr9zdXSEHvc/01efdIb3Xv4gRHPL54ttNAb2+JbMWDK/TwzQIDAQAB
+AoGBAImsN3VbEMYIplTzmvQSx9znwJ7bXXroDdJdJN6EDvcBMe4SfiR9+nfQwzxG
+sB8OuwkkwwgcsQLkBz4f8P+R8Qr6fYMJAnNdcu4cmUpOjHVLdrqgt0cdYgC6rAbS
+Kq7D98yhHOkhOE53nNI8OelucM0AjizbWbr9KUZvtgqbKCMBAkEA+30jlV+xnvQ8
+lZXA9Do5DmbKOX1oPDpbi+Noy5jyqrGXyXUvL9aQ6CCFsbKvqYFiNTbvEWa8q/5n
+LNbPf6jsDQJBANCXfpOfiTg7krM0NJk/wSPPirX0S6yt4eYKb0jd0tJmbg1XMdOA
+IRcl/XmRhOgDkcUG4xNNBg1KePMPxr35J8ECQQCiuxPWaUh/CZ1WUcO8hRw8ZGkA
+kFRtfHmWaD18WOjVaPtF4az58IZtnfXEyVH/hfgtZPGHOgpl5MWQbyNvgLfVAkA+
+NG9y5qitNFbTSkZFTVXzr/jVujy3CkPLrmDxgfVU+WboY5BgWl2D4bhtgI/6ANZ/
+w0YEg3vCiur20UWbcaoBAkAtjAk0AoebwGh8qF3z12U1loz/eHVAnQBRZUEGEGhU
+NmO0JnFZfHDVfP8f7Ur/h8iEFWT2bDE/aRS5uc/XNEMB
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_pub.pem b/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_pub.pem
new file mode 100644
index 00000000000..032b0771f6d
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_nopass_ca1_pub.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:09:56 2006 GMT
+            Not After : Mar 25 18:09:56 2016 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cc:ea:80:11:f7:f4:3d:1a:49:a0:94:30:59:1a:
+                    e9:bc:6d:2c:94:83:d1:a3:db:0c:c6:a6:50:32:90:
+                    8e:f3:87:9b:7b:59:29:06:2b:60:ef:e2:7b:70:67:
+                    3c:ba:05:53:84:c3:72:83:74:71:fa:16:59:a1:7e:
+                    3c:73:b7:a7:32:47:33:d8:b4:82:40:a0:00:4c:dd:
+                    a7:b3:b9:81:53:4e:e4:ac:69:2c:51:05:98:35:b4:
+                    60:78:bc:62:2b:f7:37:57:48:41:ef:73:fd:35:79:
+                    f7:48:6f:75:ef:e2:04:47:3c:be:78:b6:d3:40:6f:
+                    6f:89:6c:c5:83:2b:f4:f0:cd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            B2:10:15:F0:FA:28:6C:F6:59:4B:75:21:A7:5C:B3:D4:E4:38:38:F8
+            X509v3 Authority Key Identifier: 
+            keyid:A3:8D:7D:FF:A8:69:1E:7C:54:58:46:61:FE:B7:68:BC:2C:FC:CB:DE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:server, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        38:2f:0c:79:31:36:fe:4e:ed:65:7e:3d:52:b4:41:d4:b4:e0:
+        ee:60:d1:cc:dd:4b:77:63:1d:d2:78:1e:c1:c3:99:79:9f:8e:
+        3b:de:8d:34:70:2c:57:c7:86:51:e6:7b:f7:09:6a:42:5f:98:
+        f6:42:6c:40:6f:03:99:a2:ee:4d:b0:10:6b:66:fe:88:29:38:
+        ae:8c:c4:79:5c:1b:3f:67:51:7b:5a:0e:61:25:e9:85:61:c4:
+        06:57:4e:dc:2d:30:2e:bc:34:b3:ac:1e:da:63:3f:4f:63:22:
+        5a:11:71:cc:0d:e5:81:b6:ef:cf:91:4e:e3:44:0c:39:60:d9:
+        5e:1a:a2:d4:b7:7b:ef:06:81:ad:00:a0:fd:c7:45:81:48:20:
+        54:b5:b9:2a:ff:09:3c:75:19:9c:bf:2b:03:49:c5:28:23:5a:
+        b4:df:00:9b:da:19:91:95:71:77:44:61:ed:54:4e:23:f6:97:
+        da:53:94:01:73:b2:03:d7:86:e4:c6:13:b3:46:c5:79:b3:49:
+        3a:69:75:1b:0c:be:3e:5e:56:3d:bd:8e:5f:72:8a:bc:68:2d:
+        8b:07:fd:de:0c:1e:2b:93:56:a0:84:10:3c:37:99:27:c1:12:
+        9d:37:da:0d:1d:55:32:d3:af:b6:df:a2:4b:20:26:15:82:7f:
+        65:02:60:fa
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU2WhcNMTYwMzI1MTgwOTU2WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBlNlcnZlcjCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzOqAEff0PRpJoJQwWRrpvG0slIPR
+o9sMxqZQMpCO84ebe1kpBitg7+J7cGc8ugVThMNyg3Rx+hZZoX48c7enMkcz2LSC
+QKAATN2ns7mBU07krGksUQWYNbRgeLxiK/c3V0hB73P9NXn3SG917+IERzy+eLbT
+QG9viWzFgyv08M0CAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLIQ
+FfD6KGz2WUt1Iadcs9TkODj4MIHEBgNVHSMEgbwwgbmAFKONff+oaR58VFhGYf63
+aLws/MveoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZzZXJ2ZXKHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBADgvDHkxNv5O7WV+PVK0QdS04O5g0czdS3dj
+HdJ4HsHDmXmfjjvejTRwLFfHhlHme/cJakJfmPZCbEBvA5mi7k2wEGtm/ogpOK6M
+xHlcGz9nUXtaDmEl6YVhxAZXTtwtMC68NLOsHtpjP09jIloRccwN5YG278+RTuNE
+DDlg2V4aotS3e+8Gga0AoP3HRYFIIFS1uSr/CTx1GZy/KwNJxSgjWrTfAJvaGZGV
+cXdEYe1UTiP2l9pTlAFzsgPXhuTGE7NGxXmzSTppdRsMvj5eVj29jl9yirxoLYsH
+/d4MHiuTVqCEEDw3mSfBEp032g0dVTLTr7bfoksgJhWCf2UCYPo=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_nopass_ca2_priv.pem b/cpp/test/IceSSL/certs/s_rsa_nopass_ca2_priv.pem
new file mode 100644
index 00000000000..939685211e7
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_nopass_ca2_priv.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDVFwbbRCG5853J4c3wmgg36GC8t26q+v47p1yMic7z06r9zwbp
+5TPCcL7jjNFxCBUGi3CTJbNwLexgH9fqZ52vCmCqwuvD20DqooXm1Z10soDwxA0Q
+lK5By+4OqSkV2YyVJ0E6E0gjyG0o7IR1fAH4gOKkGEJItWiG1q+b0qiMdQIDAQAB
+AoGAXR1o05vcGQPJqZRQh5jninay/wQxCeoP+kVR/d+iXY3bJHm5DbAohAj8gTbh
+tsDPX0LDeKl61cRbjE2d7kJE9pHger7zHpENEaEtxtA9pcd8gIhgY5i2fo95fLm4
+0EvXa6wpoBCGzN2++r6yi4gQxhTWcoE3tfZW2gIMwfqx5kECQQD3MaxLNdyGYjQC
+yl7jg41WETGivnLtJZpiU/rfyDjIooAyu832pcnoNZlXy1i6jJCgtUmCZL3bG4xO
+wxqy5LPtAkEA3K5V/LoFHYWaBDI+SWo2jVA6FulaZ3T+iLEe5WptpHLx5kKyxAV5
+Ws9qRZBrTsQtKqvnE5DsUzRkjzGITFY5qQJBAI7IS2v6BZI94SsHd73U++uN7OzD
+MyEWClHnjk56mYoSixhC8Joac0DEzPkwROUkUlnxvS8rP5rzE51fBun0PpUCQEjN
+xxZydD+SFQavYLctsEOcpR1r7ORWx6Zm8K91Fij7tuxlMr7So3+fEAtVIuHAfLoo
+LjrZQ+4LSeWnzLSKeckCQDDBZmUgzltfVEI+NLUEBbxLm12noc42Kar5SAXXhDIH
+wwA+pxHqfZh7FwgByKLT+yvAfSiqWMpAq5vAjC7XvP4=
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_nopass_ca2_pub.pem b/cpp/test/IceSSL/certs/s_rsa_nopass_ca2_pub.pem
new file mode 100644
index 00000000000..56b42af056c
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_nopass_ca2_pub.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:09:57 2006 GMT
+            Not After : Mar 25 18:09:57 2016 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d5:17:06:db:44:21:b9:f3:9d:c9:e1:cd:f0:9a:
+                    08:37:e8:60:bc:b7:6e:aa:fa:fe:3b:a7:5c:8c:89:
+                    ce:f3:d3:aa:fd:cf:06:e9:e5:33:c2:70:be:e3:8c:
+                    d1:71:08:15:06:8b:70:93:25:b3:70:2d:ec:60:1f:
+                    d7:ea:67:9d:af:0a:60:aa:c2:eb:c3:db:40:ea:a2:
+                    85:e6:d5:9d:74:b2:80:f0:c4:0d:10:94:ae:41:cb:
+                    ee:0e:a9:29:15:d9:8c:95:27:41:3a:13:48:23:c8:
+                    6d:28:ec:84:75:7c:01:f8:80:e2:a4:18:42:48:b5:
+                    68:86:d6:af:9b:d2:a8:8c:75
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            EC:AA:CA:77:2D:3E:F0:4B:21:BD:A3:BC:41:E4:57:B0:38:BE:58:0E
+            X509v3 Authority Key Identifier: 
+            keyid:BD:5A:BA:8A:D2:B9:96:DC:91:5C:64:9F:99:94:E2:48:44:2C:A9:DA
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:server, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        77:d1:04:70:ab:2d:6e:47:c6:a0:12:8d:46:5b:a0:1c:ed:c7:
+        81:35:bf:6a:22:21:52:bc:02:18:b9:6e:d2:e4:e9:30:5e:65:
+        ec:2a:8e:cd:d1:29:87:c0:a1:48:be:94:f1:3d:b3:34:0b:e1:
+        d7:bc:ef:96:2a:c0:8b:77:30:77:63:ab:d8:28:15:07:53:ef:
+        c8:11:af:cd:0b:33:49:6c:b2:1f:18:1b:ab:e5:32:5f:ca:8f:
+        6f:9d:f6:af:0c:aa:2d:0e:e2:bf:12:4b:37:84:0c:f7:21:a8:
+        6d:4f:44:d4:5a:c5:60:1b:e4:87:d3:7d:bf:b9:85:fb:37:68:
+        48:dd:cb:84:e5:2b:c0:99:83:c9:ae:9c:f5:32:50:0c:b3:28:
+        50:fe:6a:72:f6:f6:80:6c:76:96:a4:db:c7:63:78:7e:fe:d6:
+        1e:33:10:1a:bd:19:dc:8a:f0:27:e5:64:81:ea:8c:f4:db:73:
+        f7:4b:e9:f1:99:ee:c4:b1:0c:1c:b9:37:52:f8:66:ef:a1:91:
+        fc:96:65:c7:75:65:15:83:96:c3:12:1d:46:bd:c1:02:f1:8f:
+        de:37:12:fc:73:7a:3a:a3:70:4d:6f:40:3c:30:82:f0:f0:07:
+        3a:1b:a9:67:24:43:a9:74:f9:36:ec:5d:da:8c:f3:fe:29:51:
+        39:3a:e5:f7
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU3WhcNMTYwMzI1MTgwOTU3WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBlNlcnZlcjCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RcG20QhufOdyeHN8JoIN+hgvLdu
+qvr+O6dcjInO89Oq/c8G6eUzwnC+44zRcQgVBotwkyWzcC3sYB/X6medrwpgqsLr
+w9tA6qKF5tWddLKA8MQNEJSuQcvuDqkpFdmMlSdBOhNII8htKOyEdXwB+IDipBhC
+SLVohtavm9KojHUCAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFOyq
+ynctPvBLIb2jvEHkV7A4vlgOMIHEBgNVHSMEgbwwgbmAFL1auorSuZbckVxkn5mU
+4khELKnaoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZzZXJ2ZXKHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBAHfRBHCrLW5HxqASjUZboBztx4E1v2oiIVK8
+Ahi5btLk6TBeZewqjs3RKYfAoUi+lPE9szQL4de875YqwIt3MHdjq9goFQdT78gR
+r80LM0lssh8YG6vlMl/Kj2+d9q8Mqi0O4r8SSzeEDPchqG1PRNRaxWAb5IfTfb+5
+hfs3aEjdy4TlK8CZg8munPUyUAyzKFD+anL29oBsdpak28djeH7+1h4zEBq9GdyK
+8CflZIHqjPTbc/dL6fGZ7sSxDBy5N1L4Zu+hkfyWZcd1ZRWDlsMSHUa9wQLxj943
+EvxzejqjcE1vQDwwgvDwBzobqWckQ6l0+TbsXdqM8/4pUTk65fc=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_pass_ca1_priv.pem b/cpp/test/IceSSL/certs/s_rsa_pass_ca1_priv.pem
new file mode 100644
index 00000000000..caa69449055
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_pass_ca1_priv.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,ACC1D4981240C7FC
+
+2j4kmVaHJUn8Kw+5e7SgA6ywb6z6qTRZmhE9E5KxgCd3WFtkWbOspIzT9/Am8rJK
+6nyf/Q1F8fQXBkWzWd4MY4OwnUuVCMobabBhpWvq7FoShK8Sr+1VJKu8sjyikemw
+Vm+tqK9H5R7UmVTSuCbu4zwBZYyp4MSMmSM04HL88/o2PhmTzhyTWS457TtMW1oo
+/RGbMkjEAyi62uqPp5juf+1BtvQndmxwxVnnY5kl1jCLnp7/LbFwToZhwxkSqm+y
+xjmzWUCAPe3/yy/e+HhnRSa5M6m2B4he3PP3NSI0ju0u5NYxRH3w/gTc3LHGL0V7
+YNIDer3pNgLGoVxZmtTr0tydgUCbKD73PWw9SUEtLwi0b5z+MfnXL01Rh4Vj5nPC
+E0uVT+iMQPDJJ0zzXBlUjDNLzgdmTxPpoCaz2hthOBMyfM+jP5xe51ZL7vNciyHR
+P/eMVfj5Dr8W2/N7U0BKk/z3/R6VXbNK+SZN8nnZPvOEAdYs6BvrJMv5TUj3/mZr
+qXuRWTeGdidBcKlP2X5gEBgfH94eNilFPA5h2ccyaHuREolWtiJ+S7pWYF4EThRy
+MhH6g52FA7mIbvjOcfuuYgoBab1afMskrMd24oWy1CCIn7+HCOkHyLHG68GWwhGX
+S/cBG40/6V7t4JhUfLZe38HjJTm3bsS39jFbW7rOiZ7jzNq+XOzvncH82Xetx3GU
+AnBieWWJlHTume/8PzzTGIsVOf09YZfd6LVJHePVa4/o2OXCggdNf79b1jMyJ+ia
+8uv0ymMTK3GRsev+9tXv6B42cWqkMSsCcq6vi1GDziU=
+-----END RSA PRIVATE KEY-----
diff --git a/cpp/test/IceSSL/certs/s_rsa_pass_ca1_pub.pem b/cpp/test/IceSSL/certs/s_rsa_pass_ca1_pub.pem
new file mode 100644
index 00000000000..83077d6525d
--- /dev/null
+++ b/cpp/test/IceSSL/certs/s_rsa_pass_ca1_pub.pem
@@ -0,0 +1,76 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=Florida, L=Palm Beach Gardens, O=ZeroC, Inc., OU=Ice, CN=ZeroC Test CA/emailAddress=info@zeroc.com
+        Validity
+            Not Before: Mar 28 18:09:56 2006 GMT
+            Not After : Mar 25 18:09:56 2016 GMT
+        Subject: C=US, ST=Florida, O=ZeroC, Inc., OU=Ice/emailAddress=info@zeroc.com, CN=Server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c6:fe:39:df:e9:b1:c0:9c:d8:41:4c:ae:69:c3:
+                    0c:88:26:6d:71:95:34:f2:19:22:23:f2:d4:c9:47:
+                    c9:fd:b7:fb:1c:91:7e:b5:01:94:ba:b7:f9:fb:69:
+                    6a:aa:dc:e7:5e:a1:ec:7e:5d:92:15:cf:90:35:bd:
+                    39:20:1e:6b:ba:71:a7:fb:9f:c0:d4:1f:90:4b:7c:
+                    d1:6a:7a:cb:4b:2d:cc:6a:cc:2e:6c:9f:34:a9:ad:
+                    2d:aa:40:86:18:19:9a:57:ed:8b:d9:6e:d8:e8:0a:
+                    19:9d:12:de:19:67:c8:26:fc:a9:21:01:fe:3d:41:
+                    b7:bb:bb:b3:8a:3f:41:61:01
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+            CA:FALSE
+            X509v3 Subject Key Identifier: 
+            36:E7:80:CD:7C:6C:38:62:1F:28:11:A4:BA:FF:43:4A:9C:FE:D7:38
+            X509v3 Authority Key Identifier: 
+            keyid:A3:8D:7D:FF:A8:69:1E:7C:54:58:46:61:FE:B7:68:BC:2C:FC:CB:DE
+            DirName:/C=US/ST=Florida/L=Palm Beach Gardens/O=ZeroC, Inc./OU=Ice/CN=ZeroC Test CA/emailAddress=info@zeroc.com
+            serial:00
+
+            X509v3 Subject Alternative Name: 
+            DNS:server, IP Address:127.0.0.1
+    Signature Algorithm: md5WithRSAEncryption
+        3f:b8:5b:fd:c5:7d:0c:33:b6:c3:36:56:f2:51:22:45:43:c4:
+        89:cd:b3:d3:a5:e6:96:7a:cf:66:6d:12:e7:83:b8:61:3b:48:
+        24:8c:51:e2:ef:38:45:49:64:70:c6:c4:ef:06:84:76:b8:21:
+        8a:04:b7:d9:3b:22:d8:68:e2:06:e6:c1:4a:d9:1e:1c:cb:39:
+        58:fa:3f:07:cb:e5:82:c8:5d:97:56:f1:ea:ab:0f:da:64:09:
+        7c:75:ea:6e:ed:b3:4b:45:73:4e:b1:75:74:a3:ef:44:77:32:
+        e3:e9:cf:1e:ab:69:89:66:ed:14:c5:ae:30:e7:0f:4c:03:58:
+        7e:65:ee:67:6e:73:80:81:36:84:74:41:4b:8d:26:65:e2:db:
+        9c:29:80:8a:f9:cd:71:76:0d:06:3b:4f:cb:c6:ed:08:19:56:
+        26:39:5b:5c:bb:66:a1:75:58:02:1b:3b:cb:bd:6f:5c:56:ec:
+        f5:e9:71:bb:cd:fb:f6:bd:8c:8e:db:e3:7e:59:39:37:99:4d:
+        b7:1a:64:30:ba:43:08:69:7a:f8:05:15:04:7b:02:00:cc:15:
+        d1:c3:78:4e:9a:bd:fb:e2:35:4b:0d:08:8c:4f:ad:52:9e:8f:
+        05:ed:12:57:7c:07:5e:26:20:bb:78:0e:d1:c7:3b:c4:fd:4b:
+        a1:27:85:82
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0Zsb3JpZGExGzAZBgNVBAcTElBhbG0gQmVhY2ggR2FyZGVuczEU
+MBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEWMBQGA1UEAxMNWmVy
+b0MgVGVzdCBDQTEdMBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20wHhcNMDYw
+MzI4MTgwOTU2WhcNMTYwMzI1MTgwOTU2WjBzMQswCQYDVQQGEwJVUzEQMA4GA1UE
+CBMHRmxvcmlkYTEUMBIGA1UEChMLWmVyb0MsIEluYy4xDDAKBgNVBAsTA0ljZTEd
+MBsGCSqGSIb3DQEJARYOaW5mb0B6ZXJvYy5jb20xDzANBgNVBAMTBlNlcnZlcjCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxv453+mxwJzYQUyuacMMiCZtcZU0
+8hkiI/LUyUfJ/bf7HJF+tQGUurf5+2lqqtznXqHsfl2SFc+QNb05IB5runGn+5/A
+1B+QS3zRanrLSy3MaswubJ80qa0tqkCGGBmaV+2L2W7Y6AoZnRLeGWfIJvypIQH+
+PUG3u7uzij9BYQECAwEAAaOCAQ4wggEKMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDbn
+gM18bDhiHygRpLr/Q0qc/tc4MIHEBgNVHSMEgbwwgbmAFKONff+oaR58VFhGYf63
+aLws/MveoYGdpIGaMIGXMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHRmxvcmlkYTEb
+MBkGA1UEBxMSUGFsbSBCZWFjaCBHYXJkZW5zMRQwEgYDVQQKEwtaZXJvQywgSW5j
+LjEMMAoGA1UECxMDSWNlMRYwFAYDVQQDEw1aZXJvQyBUZXN0IENBMR0wGwYJKoZI
+hvcNAQkBFg5pbmZvQHplcm9jLmNvbYIBADAXBgNVHREEEDAOggZzZXJ2ZXKHBH8A
+AAEwDQYJKoZIhvcNAQEEBQADggEBAD+4W/3FfQwztsM2VvJRIkVDxInNs9Ol5pZ6
+z2ZtEueDuGE7SCSMUeLvOEVJZHDGxO8GhHa4IYoEt9k7Itho4gbmwUrZHhzLOVj6
+PwfL5YLIXZdW8eqrD9pkCXx16m7ts0tFc06xdXSj70R3MuPpzx6raYlm7RTFrjDn
+D0wDWH5l7mduc4CBNoR0QUuNJmXi25wpgIr5zXF2DQY7T8vG7QgZViY5W1y7ZqF1
+WAIbO8u9b1xW7PXpcbvN+/a9jI7b435ZOTeZTbcaZDC6QwhpevgFFQR7AgDMFdHD
+eE6avfviNUsNCIxPrVKejwXtEld8B14mILt4DtHHO8T9S6EnhYI=
+-----END CERTIFICATE-----
diff --git a/cpp/test/IceSSL/certs/server.cnf b/cpp/test/IceSSL/certs/server.cnf
new file mode 100644
index 00000000000..7561151cb46
--- /dev/null
+++ b/cpp/test/IceSSL/certs/server.cnf
@@ -0,0 +1,82 @@
+# **********************************************************************
+#
+# Copyright (c) 2003-2005 ZeroC, Inc. All rights reserved.
+#
+# This copy of Ice is licensed to you under the terms described in the
+# ICE_LICENSE file included in this distribution.
+#
+# **********************************************************************
+
+#
+# ZeroC base OpenSSL configuration file.
+#
+
+###############################################################################
+###  CA Configuration
+###############################################################################
+
+[ ca ]
+default_ca = ice
+
+
+[ ice ]
+dir              = tmp	       # Where everything is kept.
+database         = $dir/index.txt           # Database index file.
+new_certs_dir    = $dir                     # Default loc for new certs.
+serial           = $dir/serial              # The current serial number.
+
+certs            = $dir                     # Where issued certs are kept.
+RANDFILE         = $dir/.rand               # Private random number file.
+
+default_days     = 3650                     # How long certs are valid.
+default_md       = md5                      # The Message Digest type.
+preserve         = yes                      # Keep passed DN ordering?
+
+policy           = ca_policy
+x509_extensions  = certificate_extensions
+
+
+[ ca_policy ]
+countryName            = match
+stateOrProvinceName    = match
+organizationName       = match
+organizationalUnitName = optional
+emailAddress           = optional
+commonName             = supplied
+
+
+[ certificate_extensions ]
+basicConstraints = CA:false
+
+# PKIX recommendation.
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+
+subjectAltName = DNS:server, IP:127.0.0.1
+
+[ req ]
+default_bits        = 1024
+default_md          = md5
+prompt              = no
+distinguished_name  = root_ca_distinguished_name
+x509_extensions     = root_ca_extensions
+
+
+[ root_ca_distinguished_name ]
+countryName            = US
+stateOrProvinceName    = Florida
+localityName           = Palm Beach Gardens
+organizationName       = ZeroC, Inc.
+organizationalUnitName = Ice
+commonName             = Server
+emailAddress           = info@zeroc.com
+
+
+[ root_ca_extensions ]
+basicConstraints = CA:false
+
+# PKIX recommendation.
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
diff --git a/cpp/test/IceSSL/certs/sslconfig.dtd b/cpp/test/IceSSL/certs/sslconfig.dtd
deleted file mode 100644
index 4e8e79d89c0..00000000000
--- a/cpp/test/IceSSL/certs/sslconfig.dtd
+++ /dev/null
@@ -1,43 +0,0 @@
-<!ELEMENT SSLConfig (client?,server?)>  

-<!ELEMENT client (general, certauthority?, basecerts)>  

-<!ELEMENT server (general, certauthority?, basecerts, tempcerts?)>  

-<!ELEMENT general EMPTY>  

-<!ELEMENT certauthority EMPTY> 

-<!ELEMENT basecerts (rsacert?,dsacert?,dhparams?)>  

-<!ELEMENT tempcerts (rsacert*,dhparams*)>  

-  

-<!ATTLIST general  

-        version (SSLv23|SSLv3|TLSv1) "SSLv23"  

-        cipherlist CDATA #IMPLIED  

-        context CDATA #IMPLIED  

-        verifymode CDATA "none"  

-        verifydepth CDATA "10"  

-        randombytes CDATA #IMPLIED>  

-  

-<!ATTLIST certauthority 

-        file CDATA #IMPLIED 

-        path CDATA #IMPLIED>  

-  

-<!ELEMENT rsacert (public,private)>  

-<!ATTLIST rsacert  

-        keysize CDATA #REQUIRED>  

-  

-<!ELEMENT dsacert (public,private)>  

-<!ATTLIST dsacert  

-        keysize CDATA #REQUIRED>  

-  

-<!ELEMENT dhparams EMPTY>  

-<!ATTLIST dhparams  

-        keysize CDATA #REQUIRED  

-        encoding CDATA #FIXED "PEM"  

-        filename CDATA #REQUIRED>  

-  

-<!ELEMENT public EMPTY>  

-<!ATTLIST public  

-        encoding CDATA #FIXED "PEM"  

-        filename CDATA #REQUIRED>  

-  

-<!ELEMENT private EMPTY>  

-<!ATTLIST private  

-        encoding CDATA #FIXED "PEM"  

-        filename CDATA #REQUIRED>

diff --git a/cpp/test/IceSSL/certs/sslconfig_1.xml b/cpp/test/IceSSL/certs/sslconfig_1.xml
deleted file mode 100644
index 4d6bae9d2e0..00000000000
--- a/cpp/test/IceSSL/certs/sslconfig_1.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 
-<SSLConfig> 
-    <client> 
-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="10" /> 
-        <certauthority file="cacert.pem" />
-        <basecerts> 
-            <rsacert keysize="1024"> 
-                <public  encoding="PEM" filename="badCert.pem" /> 
-                <private encoding="PEM" filename="badKey.pem" /> 
-            </rsacert> 
-        </basecerts> 
-    </client> 
-</SSLConfig>
diff --git a/cpp/test/IceSSL/certs/sslconfig_2.xml b/cpp/test/IceSSL/certs/sslconfig_2.xml
deleted file mode 100644
index fb361270579..00000000000
--- a/cpp/test/IceSSL/certs/sslconfig_2.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 
-<SSLConfig> 
-    <client> 
-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="10" /> 
-        <certauthority file="cacert.pem" />
-        <basecerts> 
-            <rsacert keysize="1024"> 
-                <public  encoding="PEM" filename="goodCert_1.pem" /> 
-                <private encoding="PEM" filename="badKey.pem" /> 
-            </rsacert> 
-        </basecerts> 
-    </client> 
-</SSLConfig>
diff --git a/cpp/test/IceSSL/certs/sslconfig_3.xml b/cpp/test/IceSSL/certs/sslconfig_3.xml
deleted file mode 100644
index be7c6665951..00000000000
--- a/cpp/test/IceSSL/certs/sslconfig_3.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 
-<SSLConfig> 
-    <client> 
-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="10" /> 
-        <certauthority file="cacert.pem" />
-        <basecerts> 
-            <rsacert keysize="1024"> 
-                <public  encoding="PEM" filename="badCert.pem" /> 
-                <private encoding="PEM" filename="goodKey_1.pem" /> 
-            </rsacert> 
-        </basecerts> 
-    </client> 
-</SSLConfig>
diff --git a/cpp/test/IceSSL/certs/sslconfig_4.xml b/cpp/test/IceSSL/certs/sslconfig_4.xml
deleted file mode 100644
index c9af36cb392..00000000000
--- a/cpp/test/IceSSL/certs/sslconfig_4.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 
-<SSLConfig> 
-    <client> 
-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="10" /> 
-        <certauthority file="cacert.pem" />
-        <basecerts> 
-            <rsacert keysize="1024"> 
-                <public  encoding="PEM" filename="goodCert_2.pem" /> 
-                <private encoding="PEM" filename="goodKey_1.pem" /> 
-            </rsacert> 
-        </basecerts> 
-    </client> 
-</SSLConfig>
diff --git a/cpp/test/IceSSL/certs/sslconfig_5.xml b/cpp/test/IceSSL/certs/sslconfig_5.xml
deleted file mode 100644
index c1de8e1d58c..00000000000
--- a/cpp/test/IceSSL/certs/sslconfig_5.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 
-<SSLConfig> 
-    <client> 
-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="10" /> 
-        <certauthority file="cacert.pem" />
-        <basecerts> 
-            <rsacert keysize="1024"> 
-                <public  encoding="PEM" filename="goodCert_1.pem" /> 
-                <private encoding="PEM" filename="goodKey_2.pem" /> 
-            </rsacert> 
-        </basecerts> 
-    </client> 
-</SSLConfig>
diff --git a/cpp/test/IceSSL/certs/sslconfig_6.xml b/cpp/test/IceSSL/certs/sslconfig_6.xml
deleted file mode 100644
index ca36f7df390..00000000000
--- a/cpp/test/IceSSL/certs/sslconfig_6.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 
-<SSLConfig> 
-    <client> 
-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="10" /> 
-        <certauthority file="cacert.pem" />
-        <basecerts> 
-            <rsacert keysize="1024"> 
-                <public  encoding="PEM" filename="goodCert_1.pem" /> 
-                <private encoding="PEM" filename="goodKey_1.pem" /> 
-            </rsacert> 
-        </basecerts> 
-    </client> 
-</SSLConfig>
diff --git a/cpp/test/IceSSL/certs/sslconfig_7.xml b/cpp/test/IceSSL/certs/sslconfig_7.xml
deleted file mode 100644
index 29104b02040..00000000000
--- a/cpp/test/IceSSL/certs/sslconfig_7.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 
-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 
-<SSLConfig> 
-    <client> 
-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer" verifydepth="2" /> 
-        <basecerts> 
-            <rsacert keysize="1024"> 
-                <public  encoding="PEM" filename="goodCert_1.pem" /> 
-                <private encoding="PEM" filename="goodKey_1.pem" /> 
-            </rsacert> 
-        </basecerts> 
-    </client> 
-</SSLConfig>
diff --git a/cpp/test/IceSSL/certs/sslconfig_8.xml b/cpp/test/IceSSL/certs/sslconfig_8.xml
deleted file mode 100644
index bdf8a0404a6..00000000000
--- a/cpp/test/IceSSL/certs/sslconfig_8.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1" standalone="no" ?> 

-<!DOCTYPE SSLConfig SYSTEM "sslconfig.dtd"> 

-<SSLConfig> 

-    <server> 

-        <general version="SSLv23" cipherlist="RC4-MD5" verifymode="peer|client_once|fail_no_cert" verifydepth="2" /> 

-        <certauthority file="cacert.pem" />

-        <basecerts> 

-            <rsacert keysize="1024"> 

-                <public  encoding="PEM" filename="goodCert_2.pem" /> 

-                <private encoding="PEM" filename="goodKey_2.pem" /> 

-            </rsacert>

-        </basecerts>

-    </server> 

-</SSLConfig>

diff --git a/cpp/test/IceSSL/certs/test_ca.cnf b/cpp/test/IceSSL/certs/test_ca.cnf
new file mode 100644
index 00000000000..e3068e2ceb3
--- /dev/null
+++ b/cpp/test/IceSSL/certs/test_ca.cnf
@@ -0,0 +1,52 @@
+# **********************************************************************
+#
+# Copyright (c) 2003-2005 ZeroC, Inc. All rights reserved.
+#
+# This copy of Ice is licensed to you under the terms described in the
+# ICE_LICENSE file included in this distribution.
+#
+# **********************************************************************
+
+#
+# ZeroC base OpenSSL configuration file.
+#
+
+###############################################################################
+###  Self Signed Root Certificate
+###############################################################################
+
+[ ca ]
+default_ca = ice
+
+
+[ ice ]
+default_days     = 3650    # How long certs are valid.
+default_md       = md5     # The Message Digest type.
+preserve         = no      # Keep passed DN ordering?
+
+
+[ req ]
+default_bits        = 2048
+default_md          = md5
+prompt              = no
+distinguished_name  = root_ca_distinguished_name
+x509_extensions     = root_ca_extensions
+
+
+[ root_ca_distinguished_name ]
+countryName            = US
+stateOrProvinceName    = Florida
+localityName           = Palm Beach Gardens
+organizationName       = ZeroC, Inc.
+organizationalUnitName = Ice
+commonName             = ZeroC Test CA
+emailAddress           = info@zeroc.com
+
+
+[ root_ca_extensions ]
+basicConstraints = CA:true
+
+# PKIX recommendation.
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+
diff --git a/cpp/test/IceSSL/configuration/.depend b/cpp/test/IceSSL/configuration/.depend
index c5f73d07f93..511c5dbba31 100644
--- a/cpp/test/IceSSL/configuration/.depend
+++ b/cpp/test/IceSSL/configuration/.depend
@@ -1 +1,7 @@
-Configuration.o: Configuration.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/StreamF.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/LoggerF.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Process.h ../../../include/Ice/Outgoing.h ../../../include/Ice/Direct.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h ../../include/TestCommon.h ../../../include/IceSSL/Exception.h ../../../include/IceSSL/Plugin.h ../../../include/Ice/Plugin.h ../../../include/IceSSL/CertificateVerifierF.h
+Test.o: Test.cpp ./Test.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Exception.h ../../../include/IceUtil/Config.h ../../../include/Ice/Config.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/IceUtil/Shared.h ../../../include/Ice/Proxy.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/StreamF.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/Object.h ../../../include/Ice/GCShared.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/Outgoing.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/BasicStream.h ../../../include/Ice/InstanceF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/Buffer.h ../../../include/Ice/Protocol.h ../../../include/IceUtil/AutoArray.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/Direct.h ../../../include/Ice/LocalException.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/ObjectFactory.h ../../../include/IceUtil/Iterator.h
+Client.o: Client.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/LoggerF.h ../../../include/Ice/StreamF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/Outgoing.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Protocol.h ../../../include/IceUtil/AutoArray.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Direct.h ../../../include/Ice/UserExceptionFactory.h ../../../include/Ice/FactoryTable.h ../../../include/Ice/FactoryTableDef.h ../../../include/IceUtil/StaticMutex.h ../../../include/Ice/UserExceptionFactoryF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/Locator.h ../../../include/Ice/ProcessF.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/Process.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h
+AllTests.o: AllTests.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/LoggerF.h ../../../include/Ice/StreamF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/Outgoing.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Protocol.h ../../../include/IceUtil/AutoArray.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Direct.h ../../../include/Ice/UserExceptionFactory.h ../../../include/Ice/FactoryTable.h ../../../include/Ice/FactoryTableDef.h ../../../include/IceUtil/StaticMutex.h ../../../include/Ice/UserExceptionFactoryF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/Locator.h ../../../include/Ice/ProcessF.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/Process.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h ../../../include/IceSSL/Plugin.h ../../../include/Ice/Plugin.h ../../include/TestCommon.h ./Test.h
+Test.o: Test.cpp ./Test.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Exception.h ../../../include/IceUtil/Config.h ../../../include/Ice/Config.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/IceUtil/Shared.h ../../../include/Ice/Proxy.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/StreamF.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/Object.h ../../../include/Ice/GCShared.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/Outgoing.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/BasicStream.h ../../../include/Ice/InstanceF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/Buffer.h ../../../include/Ice/Protocol.h ../../../include/IceUtil/AutoArray.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/Direct.h ../../../include/Ice/LocalException.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/ObjectFactory.h ../../../include/IceUtil/Iterator.h
+TestI.o: TestI.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/LoggerF.h ../../../include/Ice/StreamF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/Outgoing.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Protocol.h ../../../include/IceUtil/AutoArray.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Direct.h ../../../include/Ice/UserExceptionFactory.h ../../../include/Ice/FactoryTable.h ../../../include/Ice/FactoryTableDef.h ../../../include/IceUtil/StaticMutex.h ../../../include/Ice/UserExceptionFactoryF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/Locator.h ../../../include/Ice/ProcessF.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/Process.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h ./TestI.h ./Test.h
+Server.o: Server.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/LoggerF.h ../../../include/Ice/StreamF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/Outgoing.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Protocol.h ../../../include/IceUtil/AutoArray.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Direct.h ../../../include/Ice/UserExceptionFactory.h ../../../include/Ice/FactoryTable.h ../../../include/Ice/FactoryTableDef.h ../../../include/IceUtil/StaticMutex.h ../../../include/Ice/UserExceptionFactoryF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/Locator.h ../../../include/Ice/ProcessF.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/Process.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h ./TestI.h ./Test.h
+Test.cpp: Test.ice
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
new file mode 100644
index 00000000000..f08674c7d19
--- /dev/null
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -0,0 +1,838 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <Ice/Ice.h>
+#include <IceSSL/Plugin.h>
+#include <TestCommon.h>
+#include <Test.h>
+
+using namespace std;
+using namespace Ice;
+
+class PasswordPromptI : public IceSSL::PasswordPrompt
+{
+public:
+
+    PasswordPromptI(const string& password) : _password(password), _count(0)
+    {
+    }
+
+    virtual string getPassword()
+    {
+	++_count; 
+	return _password;
+    }
+
+    int count() const
+    {
+	return _count;
+    }
+
+private:
+
+    string _password;
+    int _count;
+};
+typedef IceUtil::Handle<PasswordPromptI> PasswordPromptIPtr;
+
+class CertificateVerifierI : public IceSSL::CertificateVerifier
+{
+public:
+
+    CertificateVerifierI()
+    {
+	reset();
+    }
+
+    virtual void verify(IceSSL::VerifyInfo& info)
+    {
+	if(info.cert)
+	{
+	    test(find(info.dnsNames.begin(), info.dnsNames.end(), "server") != info.dnsNames.end());
+	    test(find(info.ipAddresses.begin(), info.ipAddresses.end(), "127.0.0.1") != info.ipAddresses.end());
+	}
+
+	_incoming = info.incoming;
+	_hadCert = info.cert != 0;
+	_invoked = true;
+
+	if(_throwException)
+	{
+	    throw SecurityException(__FILE__, __LINE__);
+	}
+    }
+
+    void reset()
+    {
+	_throwException = false;
+       	_invoked = false;
+	_incoming = false;
+	_hadCert = false;
+    }
+
+    void throwException(bool b)
+    {
+	_throwException = b;
+    }
+
+    bool invoked() const
+    {
+	return _invoked;
+    }
+
+    bool incoming() const
+    {
+	return _incoming;
+    }
+
+    bool hadCert() const
+    {
+	return _hadCert;
+    }
+
+private:
+
+    bool _throwException;
+    bool _invoked;
+    bool _incoming;
+    bool _hadCert;
+};
+typedef IceUtil::Handle<CertificateVerifierI> CertificateVerifierIPtr;
+
+static PropertiesPtr
+createClientProps(const string& defaultHost)
+{
+    PropertiesPtr result = createProperties();
+    result->setProperty("Ice.Plugin.IceSSL", "IceSSL:create");
+    if(!defaultHost.empty())
+    {
+	result->setProperty("Ice.Default.Host", defaultHost);
+    }
+    return result;
+}
+
+static Test::Properties
+createServerProps(const string& defaultHost)
+{
+    Test::Properties result;
+    result["Ice.Plugin.IceSSL"] = "IceSSL:create";
+    if(!defaultHost.empty())
+    {
+	result["Ice.Default.Host"] = defaultHost;
+    }
+    return result;
+}
+
+void
+allTests(const CommunicatorPtr& communicator, const string& testDir)
+{
+    string factoryRef = "factory:tcp -p 12010 -t 10000";
+    ObjectPrx base = communicator->stringToProxy(factoryRef);
+    test(base);
+    Test::ServerFactoryPrx factory = Test::ServerFactoryPrx::checkedCast(base);
+
+    string defaultHost = communicator->getProperties()->getProperty("Ice.Default.Host");
+    string defaultDir = testDir + "/../certs";
+#ifdef _WIN32
+    string sep = ";";
+#else
+    string sep = ":";
+#endif
+
+    int argc = 0;
+    char* argv[] = { "" };
+
+    cout << "testing manual initialization... " << flush;
+    {
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.DelayInit", "1");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	ObjectPrx p = comm->stringToProxy("dummy:ssl -p 9999");
+	try
+	{
+	    p->ice_ping();
+	    test(false);
+	}
+	catch(const PluginInitializationException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	comm->destroy();
+    }
+    {
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.DelayInit", "1");
+	props->setProperty("IceSSL.Client.Ciphers", "ADH");
+	props->setProperty("IceSSL.Client.VerifyPeer", "0");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	IceSSL::PluginPtr plugin =
+	    IceSSL::PluginPtr::dynamicCast(comm->getPluginManager()->getPlugin("IceSSL"));
+	test(plugin);
+	plugin->initialize();
+	ObjectPrx obj = comm->stringToProxy(factoryRef);
+	test(obj);
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(obj);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.Ciphers"] = "ADH";
+	d["IceSSL.Server.VerifyPeer"] = "0";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	    fact->destroyServer(server);
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	comm->destroy();
+    }
+    cout << "ok" << endl;
+
+    cout << "testing certificate verification... " << flush;
+    {
+	//
+	// Test IceSSL.Server.VerifyPeer=0. Client does not have a certificate,
+	// but it still verifies the server's.
+	//
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.VerifyPeer", "0");
+	props->setProperty("IceSSL.Client.CertAuthFile", "cacert1.pem");
+	props->setProperty("IceSSL.Client.DefaultDir", defaultDir);
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertAuthFile"] = "cacert1.pem";
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.VerifyPeer"] = "0";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+
+	//
+	// Test IceSSL.Server.VerifyPeer=1. Client does not have a certificate.
+	//
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertAuthFile"] = "cacert1.pem";
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.VerifyPeer"] = "1";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+
+	//
+	// Test IceSSL.Server.VerifyPeer=2. This should fail because the client
+	// does not supply a certificate.
+	//
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertAuthFile"] = "cacert1.pem";
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.VerifyPeer"] = "2";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	    test(false);
+	}
+	catch(const ProtocolException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+
+	comm->destroy();
+
+	//
+	// Test IceSSL.Server.VerifyPeer=1. Client has a certificate.
+	//
+	props->setProperty("IceSSL.Client.CertFile", "c_rsa_nopass_ca1_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_rsa_nopass_ca1_priv.pem");
+	comm = initializeWithProperties(argc, argv, props);
+	fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertAuthFile"] = "cacert1.pem";
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.VerifyPeer"] = "1";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+
+	//
+	// Test IceSSL.Server.VerifyPeer=2. Client has a certificate.
+	//
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertAuthFile"] = "cacert1.pem";
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.VerifyPeer"] = "2";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+
+	comm->destroy();
+
+	//
+	// Test IceSSL.Server.VerifyPeer=1. This should fail because the
+	// client doesn't trust the server's CA.
+	//
+	props->setProperty("IceSSL.Client.CertAuthFile", "cacert2.pem");
+	props->setProperty("IceSSL.Client.CertFile", "c_rsa_nopass_ca2_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_rsa_nopass_ca2_priv.pem");
+	comm = initializeWithProperties(argc, argv, props);
+	fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertAuthFile"] = "cacert1.pem";
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.VerifyPeer"] = "1";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	    test(false);
+	}
+	catch(const ProtocolException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+
+	comm->destroy();
+
+	//
+	// Test IceSSL.Server.VerifyPeer=1. This should fail because the
+	// server doesn't trust the client's CA.
+	//
+	props->setProperty("IceSSL.Client.CertAuthFile", "cacert1.pem");
+	props->setProperty("IceSSL.Client.CertFile", "c_rsa_nopass_ca2_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_rsa_nopass_ca2_priv.pem");
+	comm = initializeWithProperties(argc, argv, props);
+	fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertAuthFile"] = "cacert1.pem";
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.VerifyPeer"] = "1";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	    test(false);
+	}
+	catch(const ProtocolException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+
+	comm->destroy();
+    }
+    cout << "ok" << endl;
+
+    cout << "testing custom certificate verifier... " << flush;
+    {
+	//
+	// ADH is allowed but will not have a certificate.
+	//
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.Ciphers", "ADH");
+	props->setProperty("IceSSL.Client.VerifyPeer", "0");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	IceSSL::PluginPtr plugin =
+	    IceSSL::PluginPtr::dynamicCast(comm->getPluginManager()->getPlugin("IceSSL"));
+	test(plugin);
+	CertificateVerifierIPtr verifier = new CertificateVerifierI;
+	plugin->setCertificateVerifier(verifier);
+
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.Ciphers"] = "ADH";
+	d["IceSSL.Server.VerifyPeer"] = "0";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	test(verifier->invoked());
+	test(!verifier->incoming());
+	test(!verifier->hadCert());
+
+	//
+	// Have the verifier raise an exception. Close the connection explicitly
+	// to force a new connection to be established.
+	//
+	verifier->reset();
+	verifier->throwException(true);
+	server->ice_connection()->close(false);
+	try
+	{
+	    server->ice_ping();
+	    test(false);
+	}
+	catch(const SecurityException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	test(verifier->invoked());
+	test(!verifier->incoming());
+	test(!verifier->hadCert());
+	verifier->throwException(false);
+	fact->destroyServer(server);
+
+	comm->destroy();
+    }
+    cout << "ok" << endl;
+
+    cout << "testing protocols... " << flush;
+    {
+	//
+	// This should fail because the client and server have no protocol
+	// in common.
+	//
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.Ciphers", "ADH");
+	props->setProperty("IceSSL.Client.VerifyPeer", "0");
+	props->setProperty("IceSSL.Client.Protocols", "ssl3");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.Ciphers"] = "ADH";
+	d["IceSSL.Server.VerifyPeer"] = "0";
+	d["IceSSL.Server.Protocols"] = "tls1";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	    test(false);
+	}
+	catch(const ConnectionLostException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	comm->destroy();
+
+	//
+	// This should succeed.
+	//
+	comm = initializeWithProperties(argc, argv, props);
+	fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.Ciphers"] = "ADH";
+	d["IceSSL.Server.VerifyPeer"] = "0";
+	d["IceSSL.Server.Protocols"] = "tls1, ssl3";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	comm->destroy();
+    }
+    cout << "ok" << endl;
+
+    cout << "testing expired certificates... " << flush;
+    {
+	//
+	// This should fail because the server's certificate is expired.
+	//
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.DefaultDir", defaultDir);
+	props->setProperty("IceSSL.Client.CertAuthFile", "cacert1.pem");
+	props->setProperty("IceSSL.Client.CertFile", "c_rsa_nopass_ca1_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_rsa_nopass_ca1_priv.pem");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertAuthFile"] = "cacert1.pem";
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_exp_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_exp_priv.pem";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	    test(false);
+	}
+	catch(const ProtocolException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+	comm->destroy();
+
+	//
+	// This should fail because the client's certificate is expired.
+	//
+	props->setProperty("IceSSL.Client.CertFile", "c_rsa_nopass_ca1_exp_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_rsa_nopass_ca1_exp_priv.pem");
+	comm = initializeWithProperties(argc, argv, props);
+	fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertAuthFile"] = "cacert1.pem";
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	    test(false);
+	}
+	catch(const ProtocolException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+	comm->destroy();
+    }
+    cout << "ok" << endl;
+
+    cout << "testing CA certificate directory... " << flush;
+    {
+	//
+	// Don't specify CertAuthFile explicitly; we let OpenSSL find the CA
+	// certificate in the default directory.
+	//
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.DefaultDir", defaultDir);
+	props->setProperty("IceSSL.Client.CertFile", "c_rsa_nopass_ca1_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_rsa_nopass_ca1_priv.pem");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+	comm->destroy();
+    }
+    cout << "ok" << endl;
+
+    cout << "testing password prompt... " << flush;
+    {
+	//
+	// Use the correct password.
+	//
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.DefaultDir", defaultDir);
+	props->setProperty("IceSSL.Client.CertFile", "c_rsa_pass_ca1_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_rsa_pass_ca1_priv.pem");
+	props->setProperty("IceSSL.DelayInit", "1");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	IceSSL::PluginPtr plugin =
+	    IceSSL::PluginPtr::dynamicCast(comm->getPluginManager()->getPlugin("IceSSL"));
+	test(plugin);
+	PasswordPromptIPtr prompt = new PasswordPromptI("client");
+	plugin->setPasswordPrompt(prompt);
+	plugin->initialize();
+	test(prompt->count() == 1);
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+	comm->destroy();
+
+	//
+	// Use an incorrect password and check that retries are attempted.
+	//
+	props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.DefaultDir", defaultDir);
+	props->setProperty("IceSSL.Client.CertFile", "c_rsa_pass_ca1_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_rsa_pass_ca1_priv.pem");
+	props->setProperty("IceSSL.Client.PasswordRetryMax", "4");
+	props->setProperty("IceSSL.DelayInit", "1");
+	comm = initializeWithProperties(argc, argv, props);
+	plugin = IceSSL::PluginPtr::dynamicCast(comm->getPluginManager()->getPlugin("IceSSL"));
+	test(plugin);
+	prompt = new PasswordPromptI("invalid");
+	plugin->setPasswordPrompt(prompt);
+	try
+	{
+	    plugin->initialize();
+	}
+	catch(const PluginInitializationException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	test(prompt->count() == 4);
+	comm->destroy();
+    }
+    cout << "ok" << endl;
+
+    cout << "testing ciphers... " << flush;
+    {
+	//
+	// The server has a certificate but the client doesn't. They should
+	// negotiate to use ADH since we explicitly enable it.
+	//
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.Ciphers", "ADH");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.Ciphers"] = "RSA:ADH";
+	d["IceSSL.Server.VerifyPeer"] = "1";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException& ex)
+	{
+	    cout << ex << endl;
+	    test(false);
+	}
+	fact->destroyServer(server);
+	comm->destroy();
+    }
+    {
+	//
+	// Configure a server with RSA and DSA certificates.
+	//
+	// First try a client with a DSA certificate.
+	//
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.DefaultDir", defaultDir);
+	props->setProperty("IceSSL.Client.CertFile", "c_dsa_nopass_ca1_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_dsa_nopass_ca1_priv.pem");
+	props->setProperty("IceSSL.Client.Ciphers", "DEFAULT:DSS");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem" + sep + "s_dsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem" + sep + "s_dsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.Ciphers"] = "DEFAULT:DSS";
+	d["IceSSL.Server.VerifyPeer"] = "1";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+	comm->destroy();
+
+	//
+	// Next try a client with an RSA certificate.
+	//
+	props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.DefaultDir", defaultDir);
+	props->setProperty("IceSSL.Client.CertFile", "c_rsa_nopass_ca1_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_rsa_nopass_ca1_priv.pem");
+	comm = initializeWithProperties(argc, argv, props);
+	fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem" + sep + "s_dsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem" + sep + "s_dsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.Ciphers"] = "DEFAULT:DSS";
+	d["IceSSL.Server.VerifyPeer"] = "1";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+	comm->destroy();
+
+	//
+	// Next try a client with ADH. This should fail.
+	//
+	props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.Ciphers", "ADH");
+	comm = initializeWithProperties(argc, argv, props);
+	fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem" + sep + "s_dsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem" + sep + "s_dsa_nopass_ca1_priv.pem";
+	d["IceSSL.Server.Ciphers"] = "DEFAULT:DSS";
+	d["IceSSL.Server.VerifyPeer"] = "1";
+	server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	    test(false);
+	}
+	catch(const ProtocolException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+	comm->destroy();
+    }
+    {
+	//
+	// Configure a server with RSA and a client with DSA. This should fail.
+	//
+	PropertiesPtr props = createClientProps(defaultHost);
+	props->setProperty("IceSSL.Client.DefaultDir", defaultDir);
+	props->setProperty("IceSSL.Client.CertFile", "c_dsa_nopass_ca1_pub.pem");
+	props->setProperty("IceSSL.Client.KeyFile", "c_dsa_nopass_ca1_priv.pem");
+	props->setProperty("IceSSL.Client.Ciphers", "DSS");
+	CommunicatorPtr comm = initializeWithProperties(argc, argv, props);
+	Test::ServerFactoryPrx fact = Test::ServerFactoryPrx::checkedCast(comm->stringToProxy(factoryRef));
+	test(fact);
+	Test::Properties d = createServerProps(defaultHost);
+	d["IceSSL.Server.DefaultDir"] = defaultDir;
+	d["IceSSL.Server.CertFile"] = "s_rsa_nopass_ca1_pub.pem";
+	d["IceSSL.Server.KeyFile"] = "s_rsa_nopass_ca1_priv.pem";
+	Test::ServerPrx server = fact->createServer(d);
+	try
+	{
+	    server->ice_ping();
+	    test(false);
+	}
+	catch(const ProtocolException&)
+	{
+	    // Expected.
+	}
+	catch(const LocalException&)
+	{
+	    test(false);
+	}
+	fact->destroyServer(server);
+	comm->destroy();
+    }
+    cout << "ok" << endl;
+
+    factory->shutdown();
+}
diff --git a/cpp/test/IceSSL/configuration/Client.cpp b/cpp/test/IceSSL/configuration/Client.cpp
new file mode 100644
index 00000000000..bf6e9e23137
--- /dev/null
+++ b/cpp/test/IceSSL/configuration/Client.cpp
@@ -0,0 +1,61 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <Ice/Ice.h>
+
+using namespace std;
+
+int
+run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
+{
+    if(argc < 2)
+    {
+	cerr << "Usage: " << argv[0] << " testdir" << endl;
+	return 1;
+    }
+
+    void allTests(const Ice::CommunicatorPtr&, const string&);
+
+    allTests(communicator, argv[1]);
+
+    return EXIT_SUCCESS;
+}
+
+int
+main(int argc, char* argv[])
+{
+    int status;
+    Ice::CommunicatorPtr communicator;
+
+    try
+    {
+	communicator = Ice::initialize(argc, argv);
+	status = run(argc, argv, communicator);
+    }
+    catch(const Ice::Exception& ex)
+    {
+	cerr << ex << endl;
+	status = EXIT_FAILURE;
+    }
+
+    if(communicator)
+    {
+	try
+	{
+	    communicator->destroy();
+	}
+	catch(const Ice::Exception& ex)
+	{
+	    cerr << ex << endl;
+	    status = EXIT_FAILURE;
+	}
+    }
+
+    return status;
+}
diff --git a/cpp/test/IceSSL/configuration/Configuration.cpp b/cpp/test/IceSSL/configuration/Configuration.cpp
deleted file mode 100644
index c26336f9426..00000000000
--- a/cpp/test/IceSSL/configuration/Configuration.cpp
+++ /dev/null
@@ -1,223 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Ice.h>
-#include <TestCommon.h>
-#include <IceSSL/Exception.h>
-#include <IceSSL/Plugin.h>
-
-// Note: This test must have a valid IceSSL.Client.CertPath
-//       and IceSSL.Server.CertPath specified.
-
-using namespace std;
-using namespace Ice;
-
-void testContextWithConfig(const Ice::CommunicatorPtr&, IceSSL::ContextType, const std::string&,
-                           const std::string&, bool expectFailure = true);
-
-void
-testContextNoConfig(const Ice::CommunicatorPtr& communicator, IceSSL::ContextType contextType)
-{
-    testContextWithConfig(communicator, contextType, "", "");
-}
-
-void
-testContextWithConfig(const Ice::CommunicatorPtr& communicator,
-                      IceSSL::ContextType contextType,
-                      const std::string& clientFile,
-                      const std::string& serverFile,
-                      bool expectFailure)
-{
-    PropertiesPtr properties = communicator->getProperties();
-
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-
-    std::string contextString;
-
-    std::string clientPropertyString = "IceSSL.Client.Config";
-    std::string serverPropertyString = "IceSSL.Server.Config";
-
-    switch(contextType)
-    {
-        case IceSSL::Client:
-        {
-            contextString = "client";
-            break;
-        }
-
-        case IceSSL::Server:
-        {
-            contextString = "server";
-            break;
-        }
-
-        case IceSSL::ClientServer:
-        {
-            contextString = "client/server";
-            break;
-        }
-    }
-
-    std::string configFileDesc = "";
-
-    if(!clientFile.empty() && !serverFile.empty())
-    {
-        configFileDesc = "client and server configuration files";
-    }
-    else if(!clientFile.empty())
-    {
-        configFileDesc = "client configuration file";
-    }
-    else if(!serverFile.empty())
-    {
-        configFileDesc = "server configuration file";
-    }
-    else
-    {
-        configFileDesc = "no configuration file";
-    }
-
-    std::cout << contextString << " with " << configFileDesc << "... " << std::flush;
-
-    try
-    {
-        properties->setProperty(clientPropertyString, clientFile);
-        properties->setProperty(serverPropertyString, serverFile);
-        sslPlugin->configure(contextType);
-
-        if(expectFailure)
-        {
-            test(false);
-        }
-        else
-        {
-            std::cout << "ok" << std::endl;
-        }
-    }
-    catch(const IceSSL::ConfigurationLoadingException&)
-    {
-        //
-        // Depending on the context type, and if we supplied
-        // a configuration file, this might be a valid response.
-        //
-
-        switch(contextType)
-        {
-            case IceSSL::Client:
-            {
-                if(clientFile.empty())
-                {
-                    std::cout << "ok" << std::endl;
-                }
-                else
-                {
-                    test(false);
-                }
-                break;
-            }
-
-            case IceSSL::Server:
-            {
-                if(serverFile.empty())
-                {
-                    std::cout << "ok" << std::endl;
-                }
-                else
-                {
-                    test(false);
-                }
-                break;
-            }
-
-            case IceSSL::ClientServer:
-            {
-                if(clientFile.empty() || serverFile.empty())
-                {
-                    std::cout << "ok" << std::endl;
-                }
-                else
-                {
-                    test(false);
-                }
-                break;
-            }
-        }
-    }
-    catch(const LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-}
-
-int
-run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
-{
-    // Testing Client context.
-    testContextNoConfig(communicator, IceSSL::Client);
-    testContextWithConfig(communicator, IceSSL::Client,"client_sslconfig.xml","", false);
-
-    // Testing Server context.
-    testContextNoConfig(communicator, IceSSL::Server);
-    testContextWithConfig(communicator, IceSSL::Server,"","server_sslconfig.xml", false);
-
-    // Testing ClientServer context.
-    testContextNoConfig(communicator, IceSSL::ClientServer);
-    testContextWithConfig(communicator, IceSSL::ClientServer, "client_sslconfig.xml", "");
-    testContextWithConfig(communicator, IceSSL::ClientServer, "", "server_sslconfig.xml");
-    testContextWithConfig(communicator, IceSSL::ClientServer, "client_sslconfig.xml", "server_sslconfig.xml", false);
-    testContextWithConfig(communicator, IceSSL::ClientServer, "sslconfig.xml", "sslconfig.xml", false);
-
-    return EXIT_SUCCESS;
-}
-
-int
-main(int argc, char* argv[])
-{
-    int status;
-    Ice::CommunicatorPtr communicator;
-
-    try
-    {
-	communicator = Ice::initialize(argc, argv);
-	status = run(argc, argv, communicator);
-    }
-    catch(const Ice::Exception& ex)
-    {
-	cerr << ex << endl;
-	status = EXIT_FAILURE;
-    }
-
-    if(communicator)
-    {
-	try
-	{
-	    communicator->destroy();
-	}
-	catch(const Ice::Exception& ex)
-	{
-	    cerr << ex << endl;
-	    status = EXIT_FAILURE;
-	}
-    }
-
-    return status;
-}
diff --git a/cpp/test/IceSSL/configuration/Makefile b/cpp/test/IceSSL/configuration/Makefile
index 919e0efe346..8ffecfbd44e 100644
--- a/cpp/test/IceSSL/configuration/Makefile
+++ b/cpp/test/IceSSL/configuration/Makefile
@@ -9,20 +9,34 @@
 
 top_srcdir	= ../../..
 
-CLIENT		= configuration
+CLIENT		= client
+SERVER		= server
 
-TARGETS		= $(CLIENT)
+TARGETS		= $(CLIENT) $(SERVER)
 
-OBJS		= Configuration.o
+COBJS		= Test.o \
+		  Client.o \
+		  AllTests.o
 
-SRCS		= $(OBJS:.o=.cpp)
+SOBJS		= Test.o \
+		  TestI.o \
+		  Server.o
+
+SRCS		= $(COBJS:.o=.cpp) \
+		  $(SOBJS:.o=.cpp)
+
+SLICE_SRCS	= Test.ice
 
 include $(top_srcdir)/config/Make.rules
 
 CPPFLAGS	:= -I. -I../../include $(CPPFLAGS)
 
-$(CLIENT): $(OBJS)
+$(CLIENT): $(COBJS)
+	rm -f $@
+	$(CXX) $(LDFLAGS) -o $@ $(COBJS) $(LIBS)
+
+$(SERVER): $(SOBJS)
 	rm -f $@
-	$(CXX) $(LDFLAGS) -o $@ $(OBJS) $(OPENSSL_RPATH_LINK) -lIceSSL $(EXPAT_RPATH_LINK) -lIceXML $(LIBS) $(OPENSSL_LIBS)
+	$(CXX) $(LDFLAGS) -o $@ $(SOBJS) $(LIBS)
 
 include .depend
diff --git a/cpp/test/IceSSL/configuration/Server.cpp b/cpp/test/IceSSL/configuration/Server.cpp
new file mode 100644
index 00000000000..7ca8b133cd6
--- /dev/null
+++ b/cpp/test/IceSSL/configuration/Server.cpp
@@ -0,0 +1,59 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <Ice/Ice.h>
+#include <TestI.h>
+
+using namespace std;
+
+int
+run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
+{
+    communicator->getProperties()->setProperty("TestAdapter.Endpoints", "tcp -p 12010");
+    Ice::ObjectAdapterPtr adapter = communicator->createObjectAdapter("TestAdapter");
+    Ice::Identity id = Ice::stringToIdentity("factory");
+    adapter->add(new ServerFactoryI, id);
+    adapter->activate();
+
+    communicator->waitForShutdown();
+    return EXIT_SUCCESS;
+}
+
+int
+main(int argc, char* argv[])
+{
+    int status;
+    Ice::CommunicatorPtr communicator;
+
+    try
+    {
+	communicator = Ice::initialize(argc, argv);
+	status = run(argc, argv, communicator);
+    }
+    catch(const Ice::Exception& ex)
+    {
+	cerr << ex << endl;
+	status = EXIT_FAILURE;
+    }
+
+    if(communicator)
+    {
+	try
+	{
+	    communicator->destroy();
+	}
+	catch(const Ice::Exception& ex)
+	{
+	    cerr << ex << endl;
+	    status = EXIT_FAILURE;
+	}
+    }
+
+    return status;
+}
diff --git a/cpp/slice/IceSSL/CertificateVerifierF.ice b/cpp/test/IceSSL/configuration/Test.ice
index 52624e54da6..f5e6b6992bc 100644
--- a/cpp/slice/IceSSL/CertificateVerifierF.ice
+++ b/cpp/test/IceSSL/configuration/Test.ice
@@ -7,13 +7,24 @@
 //
 // **********************************************************************
 
-#ifndef ICE_SSL_CERTIFICATE_VERIFIER_F_ICE
-#define ICE_SSL_CERTIFICATE_VERIFIER_F_ICE
+#ifndef TEST_ICE
+#define TEST_ICE
 
-module IceSSL
+module Test
 {
 
-local interface CertificateVerifier;
+interface Server
+{
+};
+
+dictionary<string, string> Properties;
+
+interface ServerFactory
+{
+    Server* createServer(Properties props);
+    void destroyServer(Server* srv);
+    void shutdown();
+};
 
 };
 
diff --git a/cpp/test/IceSSL/configuration/TestI.cpp b/cpp/test/IceSSL/configuration/TestI.cpp
new file mode 100644
index 00000000000..9e24210437f
--- /dev/null
+++ b/cpp/test/IceSSL/configuration/TestI.cpp
@@ -0,0 +1,64 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#include <Ice/Ice.h>
+#include <IceUtil/Thread.h>
+#include <TestI.h>
+
+using namespace std;
+using namespace Ice;
+
+ServerI::ServerI(const CommunicatorPtr& communicator) :
+    _communicator(communicator)
+{
+}
+
+void
+ServerI::destroy()
+{
+    _communicator->destroy();
+}
+
+Test::ServerPrx
+ServerFactoryI::createServer(const Test::Properties& props, const Current& current)
+{
+    PropertiesPtr properties = createProperties();
+    for(Test::Properties::const_iterator p = props.begin(); p != props.end(); ++p)
+    {
+	properties->setProperty(p->first, p->second);
+    }
+
+    int argc = 0;
+    char* argv[] = { "" };
+    CommunicatorPtr communicator = initializeWithProperties(argc, argv, properties);
+    ObjectAdapterPtr adapter = communicator->createObjectAdapterWithEndpoints("ServerAdapter", "ssl");
+    ServerIPtr server = new ServerI(communicator);
+    ObjectPrx obj = adapter->addWithUUID(server);
+    _servers[obj->ice_getIdentity()] = server;
+    adapter->activate();
+
+    return Test::ServerPrx::uncheckedCast(obj);;
+}
+
+void
+ServerFactoryI::destroyServer(const Test::ServerPrx& srv, const Ice::Current&)
+{
+    map<Identity, ServerIPtr>::iterator p = _servers.find(srv->ice_getIdentity());
+    if(p != _servers.end())
+    {
+	p->second->destroy();
+	_servers.erase(p);
+    }
+}
+
+void
+ServerFactoryI::shutdown(const Ice::Current& current)
+{
+    current.adapter->getCommunicator()->shutdown();
+}
diff --git a/cpp/test/IceSSL/configuration/TestI.h b/cpp/test/IceSSL/configuration/TestI.h
new file mode 100644
index 00000000000..aece08878ce
--- /dev/null
+++ b/cpp/test/IceSSL/configuration/TestI.h
@@ -0,0 +1,42 @@
+// **********************************************************************
+//
+// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
+//
+// This copy of Ice is licensed to you under the terms described in the
+// ICE_LICENSE file included in this distribution.
+//
+// **********************************************************************
+
+#ifndef TEST_I_H
+#define TEST_I_H
+
+#include <Test.h>
+
+class ServerI : public Test::Server
+{
+public:
+
+    ServerI(const Ice::CommunicatorPtr&);
+
+    void destroy();
+
+private:
+
+    Ice::CommunicatorPtr _communicator;
+};
+typedef IceUtil::Handle<ServerI> ServerIPtr;
+
+class ServerFactoryI : public Test::ServerFactory
+{
+public:
+
+    virtual Test::ServerPrx createServer(const Test::Properties&, const Ice::Current&);
+    virtual void destroyServer(const Test::ServerPrx&, const Ice::Current&);
+    virtual void shutdown(const Ice::Current&);
+
+private:
+
+    std::map<Ice::Identity, ServerIPtr> _servers;
+};
+
+#endif
diff --git a/cpp/test/IceSSL/configuration/configuration.dsp b/cpp/test/IceSSL/configuration/configuration.dsp
deleted file mode 100644
index cf25f0a849a..00000000000
--- a/cpp/test/IceSSL/configuration/configuration.dsp
+++ /dev/null
@@ -1,106 +0,0 @@
-# Microsoft Developer Studio Project File - Name="configuration" - Package Owner=<4>

-# Microsoft Developer Studio Generated Build File, Format Version 6.00

-# ** DO NOT EDIT **

-

-# TARGTYPE "Win32 (x86) Console Application" 0x0103

-

-CFG=configuration - Win32 Debug

-!MESSAGE This is not a valid makefile. To build this project using NMAKE,

-!MESSAGE use the Export Makefile command and run

-!MESSAGE 

-!MESSAGE NMAKE /f "configuration.mak".

-!MESSAGE 

-!MESSAGE You can specify a configuration when running NMAKE

-!MESSAGE by defining the macro CFG on the command line. For example:

-!MESSAGE 

-!MESSAGE NMAKE /f "configuration.mak" CFG="configuration - Win32 Debug"

-!MESSAGE 

-!MESSAGE Possible choices for configuration are:

-!MESSAGE 

-!MESSAGE "configuration - Win32 Release" (based on "Win32 (x86) Console Application")

-!MESSAGE "configuration - Win32 Debug" (based on "Win32 (x86) Console Application")

-!MESSAGE 

-

-# Begin Project

-# PROP AllowPerConfigDependencies 0

-# PROP Scc_ProjName ""

-# PROP Scc_LocalPath ""

-CPP=cl.exe

-RSC=rc.exe

-

-!IF  "$(CFG)" == "configuration - Win32 Release"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 0

-# PROP BASE Output_Dir "Release"

-# PROP BASE Intermediate_Dir "Release"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 0

-# PROP Output_Dir "Release"

-# PROP Intermediate_Dir "Release"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /c

-# ADD CPP /nologo /MD /W3 /WX /GR /GX /O2 /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "NDEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /c

-# SUBTRACT CPP /Z<none> /YX

-# ADD BASE RSC /l 0x409 /d "NDEBUG"

-# ADD RSC /l 0x409 /d "NDEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386

-# ADD LINK32 /nologo /subsystem:console /pdb:none /machine:I386 /out:"configuration.exe" /FIXED:no

-# SUBTRACT LINK32 /debug

-

-!ELSEIF  "$(CFG)" == "configuration - Win32 Debug"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 1

-# PROP BASE Output_Dir "Debug"

-# PROP BASE Intermediate_Dir "Debug"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 1

-# PROP Output_Dir "Debug"

-# PROP Intermediate_Dir "Debug"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c

-# ADD CPP /nologo /MDd /W3 /WX /Gm /GR /GX /Zi /Od /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "_DEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /GZ /c

-# SUBTRACT CPP /YX

-# ADD BASE RSC /l 0x409 /d "_DEBUG"

-# ADD RSC /l 0x409 /d "_DEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept

-# ADD LINK32 /nologo /subsystem:console /debug /machine:I386 /out:"configuration.exe" /pdbtype:sept /FIXED:no

-# SUBTRACT LINK32 /pdb:none

-

-!ENDIF 

-

-# Begin Target

-

-# Name "configuration - Win32 Release"

-# Name "configuration - Win32 Debug"

-# Begin Group "Source Files"

-

-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"

-# Begin Source File

-

-SOURCE=.\configuration.cpp

-# End Source File

-# End Group

-# Begin Group "Header Files"

-

-# PROP Default_Filter "h;hpp;hxx;hm;inl"

-# End Group

-# Begin Group "Resource Files"

-

-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"

-# End Group

-# End Target

-# End Project

diff --git a/cpp/test/IceSSL/configuration/run.py b/cpp/test/IceSSL/configuration/run.py
index 5b3ec087ec6..7995139ca8c 100755
--- a/cpp/test/IceSSL/configuration/run.py
+++ b/cpp/test/IceSSL/configuration/run.py
@@ -20,25 +20,8 @@ else:
 sys.path.append(os.path.join(toplevel, "config"))
 import TestUtil
 
-if TestUtil.protocol != "ssl":
-    print "This test may only be run with SSL enabled."
-    sys.exit(0)
-
 name = os.path.join("IceSSL", "configuration")
-testdir = os.path.join(toplevel, "test", name)
-
-client = os.path.join(testdir, "configuration")
-
-localClientOptions = TestUtil.clientServerProtocol + TestUtil.defaultHost
-print "starting configuration...",
-clientPipe = os.popen(client + localClientOptions + " 2>&1")
-print "ok"
-
-TestUtil.printOutputFromPipe(clientPipe)
-    
-clientStatus = TestUtil.closePipe(clientPipe)
-
-if clientStatus:
-    sys.exit(1)
 
+testdir = os.path.join(toplevel, "test", name)
+TestUtil.clientServerTestWithOptions(name, "", " " + testdir)
 sys.exit(0)
diff --git a/cpp/test/IceSSL/loadPEM/.depend b/cpp/test/IceSSL/loadPEM/.depend
deleted file mode 100644
index a48edec6712..00000000000
--- a/cpp/test/IceSSL/loadPEM/.depend
+++ /dev/null
@@ -1 +0,0 @@
-LoadPEM.o: LoadPEM.cpp ../../../include/Ice/Ice.h ../../../include/Ice/GCRecMutex.h ../../../include/IceUtil/RecMutex.h ../../../include/IceUtil/Config.h ../../../include/IceUtil/Lock.h ../../../include/IceUtil/ThreadException.h ../../../include/IceUtil/Exception.h ../../../include/Ice/Config.h ../../../include/Ice/GCShared.h ../../../include/Ice/GC.h ../../../include/IceUtil/Thread.h ../../../include/IceUtil/Shared.h ../../../include/IceUtil/Handle.h ../../../include/IceUtil/Mutex.h ../../../include/IceUtil/Monitor.h ../../../include/IceUtil/Cond.h ../../../include/IceUtil/Time.h ../../../include/Ice/Initialize.h ../../../include/Ice/CommunicatorF.h ../../../include/Ice/LocalObjectF.h ../../../include/Ice/Handle.h ../../../include/Ice/ProxyF.h ../../../include/Ice/ProxyHandle.h ../../../include/Ice/ObjectF.h ../../../include/Ice/Exception.h ../../../include/Ice/LocalObject.h ../../../include/Ice/UndefSysMacros.h ../../../include/Ice/PropertiesF.h ../../../include/Ice/InstanceF.h ../../../include/Ice/BuiltinSequences.h ../../../include/Ice/Proxy.h ../../../include/Ice/ProxyFactoryF.h ../../../include/Ice/ConnectionIF.h ../../../include/Ice/EndpointIF.h ../../../include/Ice/Endpoint.h ../../../include/Ice/ObjectAdapterF.h ../../../include/Ice/ReferenceF.h ../../../include/Ice/OutgoingAsyncF.h ../../../include/Ice/Current.h ../../../include/Ice/ConnectionF.h ../../../include/Ice/Identity.h ../../../include/Ice/StreamF.h ../../../include/Ice/LocalException.h ../../../include/Ice/Properties.h ../../../include/Ice/Logger.h ../../../include/Ice/LoggerUtil.h ../../../include/Ice/LoggerF.h ../../../include/Ice/Stats.h ../../../include/Ice/Communicator.h ../../../include/Ice/StatsF.h ../../../include/Ice/ObjectFactoryF.h ../../../include/Ice/RouterF.h ../../../include/Ice/LocatorF.h ../../../include/Ice/PluginF.h ../../../include/Ice/ObjectFactory.h ../../../include/Ice/ObjectAdapter.h ../../../include/Ice/ServantLocatorF.h ../../../include/Ice/FacetMap.h ../../../include/Ice/ServantLocator.h ../../../include/Ice/Object.h ../../../include/Ice/IncomingAsyncF.h ../../../include/Ice/IdentityUtil.h ../../../include/Ice/OutgoingAsync.h ../../../include/Ice/IncomingAsync.h ../../../include/Ice/Incoming.h ../../../include/Ice/ServantManagerF.h ../../../include/Ice/BasicStream.h ../../../include/Ice/Buffer.h ../../../include/Ice/Process.h ../../../include/Ice/Outgoing.h ../../../include/Ice/Direct.h ../../../include/Ice/Application.h ../../../include/Ice/Connection.h ../../../include/Ice/Functional.h ../../../include/IceUtil/Functional.h ../../../include/Ice/Stream.h ../../include/TestCommon.h ../../../include/IceSSL/Exception.h ../../../include/IceSSL/Plugin.h ../../../include/Ice/Plugin.h ../../../include/IceSSL/CertificateVerifierF.h
diff --git a/cpp/test/IceSSL/loadPEM/LoadPEM.cpp b/cpp/test/IceSSL/loadPEM/LoadPEM.cpp
deleted file mode 100644
index 5d5d9e4a11a..00000000000
--- a/cpp/test/IceSSL/loadPEM/LoadPEM.cpp
+++ /dev/null
@@ -1,261 +0,0 @@
-// **********************************************************************
-//
-// Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-//
-// This copy of Ice is licensed to you under the terms described in the
-// ICE_LICENSE file included in this distribution.
-//
-// **********************************************************************
-
-#include <Ice/Ice.h>
-#include <TestCommon.h>
-#include <IceSSL/Exception.h>
-#include <IceSSL/Plugin.h>
-
-using namespace std;
-using namespace Ice;
-
-void
-testExpectCertificateAndPrivateKeyLoadException(const Ice::CommunicatorPtr& communicator,
-                                                const std::string& configFile)
-{
-    PropertiesPtr properties = communicator->getProperties();
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-
-    try
-    {
-        properties->setProperty("IceSSL.Client.Config", configFile);
-        sslPlugin->configure(IceSSL::Client);
-        test(false);
-    }
-    catch(const IceSSL::CertificateLoadException&)
-    {
-        std::cout << "ok" << std::endl;
-    }
-    catch(const IceSSL::PrivateKeyLoadException&)
-    {
-        std::cout << "ok" << std::endl;
-    }
-    catch(const LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-}
-
-void
-testExpectPrivateKeyLoadException(const Ice::CommunicatorPtr& communicator, const std::string& configFile)
-{
-    PropertiesPtr properties = communicator->getProperties();
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-
-    try
-    {
-        properties->setProperty("IceSSL.Client.Config", configFile);
-        sslPlugin->configure(IceSSL::Client);
-        test(false);
-    }
-    catch(const IceSSL::PrivateKeyLoadException&)
-    {
-        std::cout << "ok" << std::endl;
-    }
-    catch(const LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-}
-
-void
-testExpectCertificateLoadException(const Ice::CommunicatorPtr& communicator, const std::string& configFile)
-{
-    PropertiesPtr properties = communicator->getProperties();
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-
-    try
-    {
-        properties->setProperty("IceSSL.Client.Config", configFile);
-        sslPlugin->configure(IceSSL::Client);
-        test(false);
-    }
-    catch(const IceSSL::CertificateLoadException&)
-    {
-        std::cout << "ok" << std::endl;
-    }
-    catch(const LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-}
-
-void
-testExpectCertificateKeyMatchException(const Ice::CommunicatorPtr& communicator, const std::string& configFile)
-{
-    PropertiesPtr properties = communicator->getProperties();
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-
-    try
-    {
-        properties->setProperty("IceSSL.Client.Config", configFile);
-        sslPlugin->configure(IceSSL::Client);
-        test(false);
-    }
-    catch(const IceSSL::CertificateKeyMatchException&)
-    {
-        std::cout << "ok" << std::endl;
-    }
-    catch(const LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-}
-
-void
-testNoException(const Ice::CommunicatorPtr& communicator, const std::string& configFile)
-{
-    PropertiesPtr properties = communicator->getProperties();
-    Ice::PluginPtr plugin = communicator->getPluginManager()->getPlugin("IceSSL");
-    IceSSL::PluginPtr sslPlugin = IceSSL::PluginPtr::dynamicCast(plugin);
-
-    try
-    {
-        properties->setProperty("IceSSL.Client.Config", configFile);
-        sslPlugin->configure(IceSSL::Client);
-        std::cout << "ok" << std::endl;
-    }
-    catch(const LocalException&)
-    {
-        //
-        // Any other exception is bad.
-        //
-
-        test(false);
-    }
-    catch(...)
-    {
-        //
-        // Unknown exceptions are always bad.
-        //
-
-        test(false);
-    }
-}
-
-int
-run(int argc, char* argv[], const Ice::CommunicatorPtr& communicator)
-{
-    PropertiesPtr properties = communicator->getProperties();
-    // properties->setProperty("IceSSL.Client.CertPath", "../certs");
-
-    std::cout << "bad private key and certificate... " << std::flush;
-    testExpectCertificateAndPrivateKeyLoadException(communicator, "sslconfig_1.xml");
-
-    std::cout << "bad private key and good certificate 1... " << std::flush;
-    testExpectPrivateKeyLoadException(communicator, "sslconfig_2.xml");
-
-    std::cout << "good private key 1 and bad certificate... " << std::flush;
-    testExpectCertificateLoadException(communicator, "sslconfig_3.xml");
-
-#if !defined(_AIX) || defined(ICE_32)
-    //
-    // TODO: On AIX 64 bit with OpenSSL 0.9.7d, OpenSSL reports an
-    // error but does not put an error code on the error queue.
-    // This needs more investigation!
-    //
-
-    std::cout << "good private key 1 and good certificate 2, mismatched... " << std::flush;
-    testExpectCertificateKeyMatchException(communicator, "sslconfig_4.xml");
-
-    std::cout << "good private key 2 and good certificate 1, mismatched (again)... " << std::flush;
-    testExpectCertificateKeyMatchException(communicator, "sslconfig_5.xml");
-
-#endif
-
-    std::cout << "good matched private key and certificate... " << std::flush;
-    testNoException(communicator, "sslconfig_6.xml");
-
-    return EXIT_SUCCESS;
-}
-
-int
-main(int argc, char* argv[])
-{
-    int status;
-    Ice::CommunicatorPtr communicator;
-
-    try
-    {
-	communicator = Ice::initialize(argc, argv);
-	status = run(argc, argv, communicator);
-    }
-    catch(const Ice::Exception& ex)
-    {
-	cerr << ex << endl;
-	status = EXIT_FAILURE;
-    }
-
-    if(communicator)
-    {
-	try
-	{
-	    communicator->destroy();
-	}
-	catch(const Ice::Exception& ex)
-	{
-	    cerr << ex << endl;
-	    status = EXIT_FAILURE;
-	}
-    }
-
-    return status;
-}
diff --git a/cpp/test/IceSSL/loadPEM/Makefile b/cpp/test/IceSSL/loadPEM/Makefile
deleted file mode 100644
index 858d9724e40..00000000000
--- a/cpp/test/IceSSL/loadPEM/Makefile
+++ /dev/null
@@ -1,28 +0,0 @@
-# **********************************************************************
-#
-# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-#
-# This copy of Ice is licensed to you under the terms described in the
-# ICE_LICENSE file included in this distribution.
-#
-# **********************************************************************
-
-top_srcdir	= ../../..
-
-CLIENT		= loadPEM
-
-TARGETS		= $(CLIENT)
-
-OBJS		= LoadPEM.o
-
-SRCS		= $(OBJS:.o=.cpp)
-
-include $(top_srcdir)/config/Make.rules
-
-CPPFLAGS	:= -I. -I../../include $(CPPFLAGS)
-
-$(CLIENT): $(OBJS)
-	rm -f $@
-	$(CXX) $(LDFLAGS) -o $@ $(OBJS) $(OPENSSL_RPATH_LINK) -lIceSSL $(EXPAT_RPATH_LINK) -lIceXML $(LIBS) $(OPENSSL_LIBS)
-
-include .depend
diff --git a/cpp/test/IceSSL/loadPEM/loadpem.dsp b/cpp/test/IceSSL/loadPEM/loadpem.dsp
deleted file mode 100644
index 7c1f51c7a8e..00000000000
--- a/cpp/test/IceSSL/loadPEM/loadpem.dsp
+++ /dev/null
@@ -1,106 +0,0 @@
-# Microsoft Developer Studio Project File - Name="loadpem" - Package Owner=<4>

-# Microsoft Developer Studio Generated Build File, Format Version 6.00

-# ** DO NOT EDIT **

-

-# TARGTYPE "Win32 (x86) Console Application" 0x0103

-

-CFG=loadpem - Win32 Debug

-!MESSAGE This is not a valid makefile. To build this project using NMAKE,

-!MESSAGE use the Export Makefile command and run

-!MESSAGE 

-!MESSAGE NMAKE /f "loadPEM.mak".

-!MESSAGE 

-!MESSAGE You can specify a configuration when running NMAKE

-!MESSAGE by defining the macro CFG on the command line. For example:

-!MESSAGE 

-!MESSAGE NMAKE /f "loadPEM.mak" CFG="loadpem - Win32 Debug"

-!MESSAGE 

-!MESSAGE Possible choices for configuration are:

-!MESSAGE 

-!MESSAGE "loadpem - Win32 Release" (based on "Win32 (x86) Console Application")

-!MESSAGE "loadpem - Win32 Debug" (based on "Win32 (x86) Console Application")

-!MESSAGE 

-

-# Begin Project

-# PROP AllowPerConfigDependencies 0

-# PROP Scc_ProjName ""

-# PROP Scc_LocalPath ""

-CPP=cl.exe

-RSC=rc.exe

-

-!IF  "$(CFG)" == "loadpem - Win32 Release"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 0

-# PROP BASE Output_Dir "Release"

-# PROP BASE Intermediate_Dir "Release"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 0

-# PROP Output_Dir "Release"

-# PROP Intermediate_Dir "Release"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /c

-# ADD CPP /nologo /MD /W3 /WX /GR /GX /O2 /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "NDEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /c

-# SUBTRACT CPP /Z<none> /YX

-# ADD BASE RSC /l 0x409 /d "NDEBUG"

-# ADD RSC /l 0x409 /d "NDEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386

-# ADD LINK32 /nologo /subsystem:console /pdb:none /machine:I386 /out:"loadpem.exe" /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /debug

-

-!ELSEIF  "$(CFG)" == "loadpem - Win32 Debug"

-

-# PROP BASE Use_MFC 0

-# PROP BASE Use_Debug_Libraries 1

-# PROP BASE Output_Dir "Debug"

-# PROP BASE Intermediate_Dir "Debug"

-# PROP BASE Target_Dir ""

-# PROP Use_MFC 0

-# PROP Use_Debug_Libraries 1

-# PROP Output_Dir "Debug"

-# PROP Intermediate_Dir "Debug"

-# PROP Ignore_Export_Lib 0

-# PROP Target_Dir ""

-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /Yu"stdafx.h" /FD /GZ /c

-# ADD CPP /nologo /MDd /W3 /WX /Gm /GR /GX /Zi /Od /I "." /I "../../../include" /I "../../include" /D "_CONSOLE" /D "_DEBUG" /D "WIN32_LEAN_AND_MEAN" /FD /GZ /c

-# SUBTRACT CPP /YX

-# ADD BASE RSC /l 0x409 /d "_DEBUG"

-# ADD RSC /l 0x409 /d "_DEBUG"

-BSC32=bscmake.exe

-# ADD BASE BSC32 /nologo

-# ADD BSC32 /nologo

-LINK32=link.exe

-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept

-# ADD LINK32 /nologo /subsystem:console /debug /machine:I386 /out:"loadpem.exe" /pdbtype:sept /libpath:"../../../lib" /FIXED:no

-# SUBTRACT LINK32 /pdb:none

-

-!ENDIF 

-

-# Begin Target

-

-# Name "loadpem - Win32 Release"

-# Name "loadpem - Win32 Debug"

-# Begin Group "Source Files"

-

-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"

-# Begin Source File

-

-SOURCE=.\loadpem.cpp

-# End Source File

-# End Group

-# Begin Group "Header Files"

-

-# PROP Default_Filter "h;hpp;hxx;hm;inl"

-# End Group

-# Begin Group "Resource Files"

-

-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"

-# End Group

-# End Target

-# End Project

diff --git a/cpp/test/IceSSL/loadPEM/run.py b/cpp/test/IceSSL/loadPEM/run.py
deleted file mode 100755
index fb6816617ce..00000000000
--- a/cpp/test/IceSSL/loadPEM/run.py
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/bin/env python
-# **********************************************************************
-#
-# Copyright (c) 2003-2006 ZeroC, Inc. All rights reserved.
-#
-# This copy of Ice is licensed to you under the terms described in the
-# ICE_LICENSE file included in this distribution.
-#
-# **********************************************************************
-
-import os, sys
-
-for toplevel in [".", "..", "../..", "../../..", "../../../.."]:
-    toplevel = os.path.normpath(toplevel)
-    if os.path.exists(os.path.join(toplevel, "config", "TestUtil.py")):
-        break
-else:
-    raise "can't find toplevel directory!"
-
-sys.path.append(os.path.join(toplevel, "config"))
-import TestUtil
-
-if TestUtil.protocol != "ssl":
-    print "This test may only be run with SSL enabled."
-    sys.exit(0)
-
-testOptions = " --IceSSL.Client.CertPath=" + os.path.join(toplevel, "test", "IceSSL", "certs") + \
-              " --IceSSL.Client.Config= " + \
-              " --IceSSL.Server.CertPath=" + os.path.join(toplevel, "test", "IceSSL", "certs") + \
-              " --IceSSL.Server.Config= "
-
-name = os.path.join("IceSSL", "loadPEM")
-testdir = os.path.join(toplevel, "test", name)
-
-client = os.path.join(testdir, "loadPEM")
-
-localClientOptions = TestUtil.clientServerProtocol + TestUtil.defaultHost
-print "starting loadPEM...",
-clientPipe = os.popen(client + localClientOptions + testOptions + " 2>&1")
-print "ok"
-
-TestUtil.printOutputFromPipe(clientPipe)
-    
-clientStatus = TestUtil.closePipe(clientPipe)
-
-if clientStatus:
-    sys.exit(1)
-
-sys.exit(0)