Index: generic/tls.c
==================================================================
--- generic/tls.c
+++ generic/tls.c
@@ -867,11 +867,11 @@
 
     dprintf("Called");
 
     if (statePtr->vcmd == (Tcl_Obj*)NULL) {
 	return SSL_CLIENT_HELLO_SUCCESS;
-    } else if (ssl == (const SSL *)NULL || arg == (void *)NULL) {
+    } else if (ssl == (const SSL *)NULL || arg == NULL) {
 	return SSL_CLIENT_HELLO_ERROR;
     }
 
     /* Get names */
     if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &p, &remaining) || remaining <= 2) {
@@ -1437,11 +1437,11 @@
     if (model != NULL) {
 	int mode;
 	/* Get the "model" context */
 	chan = Tcl_GetChannel(interp, model, &mode);
 	if (chan == (Tcl_Channel) NULL) {
-	    Tls_Free((tls_free_type *)statePtr);
+	    Tls_Free(statePtr);
 	    return TCL_ERROR;
 	}
 
 	/*
 	 * Make sure to operate on the topmost channel
@@ -1449,18 +1449,18 @@
 	chan = Tcl_GetTopChannel(chan);
 	if (Tcl_GetChannelType(chan) != Tls_ChannelType()) {
 	    Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan),
 		    "\": not a TLS channel", (char *)NULL);
 	    Tcl_SetErrorCode(interp, "TLS", "IMPORT", "CHANNEL", "INVALID", (char *)NULL);
-	    Tls_Free((tls_free_type *)statePtr);
+	    Tls_Free(statePtr);
 	    return TCL_ERROR;
 	}
 	ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx;
     } else {
 	if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, (int)key_len,
 		(int)cert_len, CApath, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) {
-	    Tls_Free((tls_free_type *)statePtr);
+	    Tls_Free(statePtr);
 	    return TCL_ERROR;
 	}
     }
 
     statePtr->ctx = ctx;
@@ -1486,11 +1486,11 @@
     dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self));
     if (statePtr->self == (Tcl_Channel) NULL) {
 	/*
 	 * No use of Tcl_EventuallyFree because no possible Tcl_Preserve.
 	 */
-	Tls_Free((tls_free_type *)statePtr);
+	Tls_Free(statePtr);
 	return TCL_ERROR;
     }
 
     Tcl_SetChannelOption(interp, statePtr->self, "-translation", Tcl_DStringValue(&upperChannelTranslation));
     Tcl_SetChannelOption(interp, statePtr->self, "-encoding", Tcl_DStringValue(&upperChannelEncoding));
@@ -1507,11 +1507,11 @@
     statePtr->ssl = SSL_new(statePtr->ctx);
     if (!statePtr->ssl) {
 	/* SSL library error */
 	Tcl_AppendResult(interp, "couldn't construct ssl session: ", GET_ERR_REASON(), (char *)NULL);
 	Tcl_SetErrorCode(interp, "TLS", "IMPORT", "INIT", "FAILED", (char *)NULL);
-	Tls_Free((tls_free_type *)statePtr);
+	Tls_Free(statePtr);
 	return TCL_ERROR;
     }
 
     /* Set host server name */
     if (servername) {
@@ -1518,20 +1518,20 @@
 	/* Sets the server name indication (SNI) in ClientHello extension */
 	/* Per RFC 6066, hostname is a ASCII encoded string, though RFC 4366 says UTF-8. */
 	if (!SSL_set_tlsext_host_name(statePtr->ssl, servername) && require) {
 	    Tcl_AppendResult(interp, "Set SNI extension failed: ", GET_ERR_REASON(), (char *)NULL);
 	    Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SNI", "FAILED", (char *)NULL);
-	    Tls_Free((tls_free_type *)statePtr);
+	    Tls_Free(statePtr);
 	    return TCL_ERROR;
 	}
 
 	/* Set hostname for peer certificate hostname verification in clients.
 	   Don't use SSL_set1_host since it has limitations. */
 	if (!SSL_add1_host(statePtr->ssl, servername)) {
 	    Tcl_AppendResult(interp, "Set DNS hostname failed: ", GET_ERR_REASON(), (char *)NULL);
 	    Tcl_SetErrorCode(interp, "TLS", "IMPORT", "HOSTNAME", "FAILED", (char *)NULL);
-	    Tls_Free((tls_free_type *)statePtr);
+	    Tls_Free(statePtr);
 	    return TCL_ERROR;
 	}
     }
 
     /* Resume session id */
@@ -1539,11 +1539,11 @@
 	/* SSL_set_session() */
 	if (!SSL_SESSION_set1_id_context(SSL_get_session(statePtr->ssl),
 		(const unsigned char *) session_id, (unsigned int) strlen(session_id))) {
 	    Tcl_AppendResult(interp, "Resume session failed: ", GET_ERR_REASON(), (char *)NULL);
 	    Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SESSION", "FAILED", (char *)NULL);
-	    Tls_Free((tls_free_type *)statePtr);
+	    Tls_Free(statePtr);
 	    return TCL_ERROR;
 	}
     }
 
     /* Enable Application-Layer Protocol Negotiation. Examples are: http/1.0,
@@ -1555,21 +1555,21 @@
 	Tcl_Size cnt, i;
 	int j;
 	Tcl_Obj **list;
 
 	if (Tcl_ListObjGetElements(interp, alpn, &cnt, &list) != TCL_OK) {
-	    Tls_Free((tls_free_type *)statePtr);
+	    Tls_Free(statePtr);
 	    return TCL_ERROR;
 	}
 
 	/* Determine the memory required for the protocol-list */
 	for (i = 0; i < cnt; i++) {
 	    Tcl_GetStringFromObj(list[i], &len);
 	    if (len > 255) {
 		Tcl_AppendResult(interp, "ALPN protocol names too long", (char *)NULL);
 		Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *)NULL);
-		Tls_Free((tls_free_type *)statePtr);
+		Tls_Free(statePtr);
 		return TCL_ERROR;
 	    }
 	    protos_len += 1 + (int) len;
 	}
 
@@ -1586,11 +1586,11 @@
 	/* SSL_set_alpn_protos makes a copy of the protocol-list */
 	/* Note: This function reverses the return value convention */
 	if (SSL_set_alpn_protos(statePtr->ssl, protos, protos_len)) {
 	    Tcl_AppendResult(interp, "Set ALPN protocols failed: ", GET_ERR_REASON(), (char *)NULL);
 	    Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *)NULL);
-	    Tls_Free((tls_free_type *)statePtr);
+	    Tls_Free(statePtr);
 	    ckfree(protos);
 	    return TCL_ERROR;
 	}
 
 	/* Store protocols list */
@@ -2747,12 +2747,18 @@
  * Side effects:
  *	Frees all the state
  *
  *-------------------------------------------------------------------
  */
+#undef Tls_Free
 void
-Tls_Free(tls_free_type *blockPtr) {
+#if TCL_MAJOR_VERSION > 8
+Tls_Free(void *blockPtr)
+#else
+Tls_Free(char *blockPtr)
+#endif
+{
     State *statePtr = (State *)blockPtr;
 
     dprintf("Called");
 
     Tls_Clean(statePtr);

Index: generic/tlsInt.h
==================================================================
--- generic/tlsInt.h
+++ generic/tlsInt.h
@@ -164,16 +164,10 @@
 #ifndef Tcl_StackChannel
 #error "Unable to compile on this version of Tcl"
 #endif /* Tcl_GetStackedChannel */
 #endif /* USE_TCL_STUBS */
 
-#if TCL_MAJOR_VERSION < 9
-    typedef char tls_free_type;
-#else
-    typedef void tls_free_type;
-#endif
-
 #ifndef JOIN
 #  define JOIN(a,b) JOIN1(a,b)
 #  define JOIN1(a,b) a##b
 #endif
 
@@ -198,14 +192,19 @@
 Tcl_Channel     Tls_GetParent(State *statePtr, int maskFlags);
 
 Tcl_Obj         *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert);
 Tcl_Obj		*Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer);
 void            Tls_Error(State *statePtr, const char *msg);
-void            Tls_Free(tls_free_type *blockPtr);
+#if TCL_MAJOR_VERSION > 8
+void            Tls_Free(void *blockPtr);
+#else
+void            Tls_Free(char *blockPtr);
+#define Tls_Free(blockPtr) (Tls_Free)((char *)blockPtr)
+#endif
 void            Tls_Clean(State *statePtr);
 int             Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent);
 
 BIO             *BIO_new_tcl(State* statePtr, int flags);
 
 #define PTR2INT(x) ((int) ((intptr_t) (x)))
 
 #endif /* _TLSINT_H */