@@ -220,11 +220,11 @@
     dprintf("Verify: %d", ok);
 
     if (!ok) {
 	errStr = (char*)X509_verify_cert_error_string(err);
     } else {
-	errStr = (char *)0;
+	errStr = NULL;
     }
 
     if (statePtr->callback == (Tcl_Obj*)NULL) {
 	if (statePtr->vflags & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
 	    return ok;
@@ -677,13 +677,13 @@
     size_t len, remaining;
 
     dprintf("Called");
 
     if (statePtr->callback == (Tcl_Obj*)NULL) {
-	return SSL_TLSEXT_ERR_OK;
+	return SSL_CLIENT_HELLO_SUCCESS;
     } else if (ssl == NULL) {
-	return SSL_TLSEXT_ERR_NOACK;
+	return SSL_CLIENT_HELLO_ERROR;
     }
 
     /* Get names */
     if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &p, &remaining) || remaining <= 2) {
         return SSL_CLIENT_HELLO_ERROR;
@@ -1214,12 +1214,12 @@
 	    Tls_Free((char *) statePtr);
 	    return TCL_ERROR;
 	}
 	ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx;
     } else {
-	if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert,
-	    key_len, cert_len, CAdir, CAfile, ciphers, ciphersuites, level, DHparams)) == (SSL_CTX*)0) {
+	if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, key_len,
+	    cert_len, CAdir, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) {
 	    Tls_Free((char *) statePtr);
 	    return TCL_ERROR;
 	}
     }
 
@@ -1461,48 +1461,48 @@
 
     dprintf("Called");
 
     if (!proto) {
 	Tcl_AppendResult(interp, "no valid protocol selected", NULL);
-	return (SSL_CTX *)0;
+	return NULL;
     }
 
     /* create SSL context */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(NO_SSL2) || defined(OPENSSL_NO_SSL2)
     if (ENABLED(proto, TLS_PROTO_SSL2)) {
 	Tcl_AppendResult(interp, "SSL2 protocol not supported", NULL);
-	return (SSL_CTX *)0;
+	return NULL;
     }
 #endif
 #if defined(NO_SSL3) || defined(OPENSSL_NO_SSL3)
     if (ENABLED(proto, TLS_PROTO_SSL3)) {
 	Tcl_AppendResult(interp, "SSL3 protocol not supported", NULL);
-	return (SSL_CTX *)0;
+	return NULL;
     }
 #endif
 #if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1)
     if (ENABLED(proto, TLS_PROTO_TLS1)) {
 	Tcl_AppendResult(interp, "TLS 1.0 protocol not supported", NULL);
-	return (SSL_CTX *)0;
+	return NULL;
     }
 #endif
 #if defined(NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1)
     if (ENABLED(proto, TLS_PROTO_TLS1_1)) {
 	Tcl_AppendResult(interp, "TLS 1.1 protocol not supported", NULL);
-	return (SSL_CTX *)0;
+	return NULL;
     }
 #endif
 #if defined(NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2)
     if (ENABLED(proto, TLS_PROTO_TLS1_2)) {
 	Tcl_AppendResult(interp, "TLS 1.2 protocol not supported", NULL);
-	return (SSL_CTX *)0;
+	return NULL;
     }
 #endif
 #if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3)
     if (ENABLED(proto, TLS_PROTO_TLS1_3)) {
 	Tcl_AppendResult(interp, "TLS 1.3 protocol not supported", NULL);
-	return (SSL_CTX *)0;
+	return NULL;
     }
 #endif
 
     switch (proto) {
 #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(NO_SSL2) && !defined(OPENSSL_NO_SSL2)
@@ -1593,16 +1593,16 @@
 
     /* Set user defined ciphers, cipher suites, and security level */
     if ((ciphers != NULL) && !SSL_CTX_set_cipher_list(ctx, ciphers)) {
 	    Tcl_AppendResult(interp, "Set ciphers failed: No valid ciphers", (char *) NULL);
 	    SSL_CTX_free(ctx);
-	    return (SSL_CTX *)0;
+	    return NULL;
     }
     if ((ciphersuites != NULL) && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
 	    Tcl_AppendResult(interp, "Set cipher suites failed: No valid ciphers", (char *) NULL);
 	    SSL_CTX_free(ctx);
-	    return (SSL_CTX *)0;
+	    return NULL;
     }
 
     /* Set security level */
     if (level > -1 && level < 6) {
 	/* SSL_set_security_level */
@@ -1616,11 +1616,11 @@
     /* read a Diffie-Hellman parameters file, or use the built-in one */
 #ifdef OPENSSL_NO_DH
     if (DHparams != NULL) {
 	Tcl_AppendResult(interp, "DH parameter support not available", (char *) NULL);
 	SSL_CTX_free(ctx);
-	return (SSL_CTX *)0;
+	return NULL;
     }
 #else
     {
 	DH* dh;
 	if (DHparams != NULL) {
@@ -1629,20 +1629,20 @@
 	    bio = BIO_new_file(F2N(DHparams, &ds), "r");
 	    if (!bio) {
 		Tcl_DStringFree(&ds);
 		Tcl_AppendResult(interp, "Could not find DH parameters file", (char *) NULL);
 		SSL_CTX_free(ctx);
-		return (SSL_CTX *)0;
+		return NULL;
 	    }
 
 	    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
 	    BIO_free(bio);
 	    Tcl_DStringFree(&ds);
 	    if (!dh) {
 		Tcl_AppendResult(interp, "Could not read DH parameters from file", (char *) NULL);
 		SSL_CTX_free(ctx);
-		return (SSL_CTX *)0;
+		return NULL;
 	    }
 	} else {
 	    dh = get_dhParams();
 	}
 	SSL_CTX_set_tmp_dh(ctx, dh);
@@ -1660,20 +1660,20 @@
 	if (SSL_CTX_use_certificate_file(ctx, F2N(certfile, &ds), SSL_FILETYPE_PEM) <= 0) {
 	    Tcl_DStringFree(&ds);
 	    Tcl_AppendResult(interp, "unable to set certificate file ", certfile, ": ",
 			     REASON(), (char *) NULL);
 	    SSL_CTX_free(ctx);
-	    return (SSL_CTX *)0;
+	    return NULL;
 	}
     } else if (cert != NULL) {
 	load_private_key = 1;
 	if (SSL_CTX_use_certificate_ASN1(ctx, cert_len, cert) <= 0) {
 	    Tcl_DStringFree(&ds);
 	    Tcl_AppendResult(interp, "unable to set certificate: ",
 			     REASON(), (char *) NULL);
 	    SSL_CTX_free(ctx);
-	    return (SSL_CTX *)0;
+	    return NULL;
 	}
     } else {
 	certfile = (char*)X509_get_default_cert_file();
 
 	if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) {
@@ -1680,11 +1680,11 @@
 #if 0
 	    Tcl_DStringFree(&ds);
 	    Tcl_AppendResult(interp, "unable to use default certificate file ", certfile, ": ",
 			     REASON(), (char *) NULL);
 	    SSL_CTX_free(ctx);
-	    return (SSL_CTX *)0;
+	    return NULL;
 #endif
 	}
     }
 
     /* set our private key */
@@ -1704,11 +1704,11 @@
 		/* flush the passphrase which might be left in the result */
 		Tcl_SetResult(interp, NULL, TCL_STATIC);
 		Tcl_AppendResult(interp, "unable to set public key file ", keyfile, " ",
 			         REASON(), (char *) NULL);
 		SSL_CTX_free(ctx);
-		return (SSL_CTX *)0;
+		return NULL;
 	    }
 	    Tcl_DStringFree(&ds);
 
 	} else if (key != NULL) {
 	    if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key,key_len) <= 0) {
@@ -1715,20 +1715,20 @@
 		Tcl_DStringFree(&ds);
 		/* flush the passphrase which might be left in the result */
 		Tcl_SetResult(interp, NULL, TCL_STATIC);
 		Tcl_AppendResult(interp, "unable to set public key: ", REASON(), (char *) NULL);
 		SSL_CTX_free(ctx);
-		return (SSL_CTX *)0;
+		return NULL;
 	    }
 	}
 	/* Now we know that a key and cert have been set against
 	 * the SSL context */
 	if (!SSL_CTX_check_private_key(ctx)) {
 	    Tcl_AppendResult(interp, "private key does not match the certificate public key",
 			     (char *) NULL);
 	    SSL_CTX_free(ctx);
-	    return (SSL_CTX *)0;
+	    return NULL;
 	}
     }
 
     /* Set verification CAs */
     Tcl_DStringInit(&ds);
@@ -1739,11 +1739,11 @@
 	Tcl_DStringFree(&ds);
 	Tcl_DStringFree(&ds1);
 	/* Don't currently care if this fails */
 	Tcl_AppendResult(interp, "SSL default verify paths: ", REASON(), (char *) NULL);
 	SSL_CTX_free(ctx);
-	return (SSL_CTX *)0;
+	return NULL;
 #endif
     }
 
     /* https://sourceforge.net/p/tls/bugs/57/ */
     /* XXX:TODO: Let the user supply values here instead of something that exists on the filesystem */