Index: generic/tls.c
==================================================================
--- generic/tls.c
+++ generic/tls.c
@@ -296,22 +296,24 @@
 	type = "Handshake";
 	break;
     case SSL3_RT_APPLICATION_DATA:
 	type = "App Data";
 	break;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     case DTLS1_RT_HEARTBEAT:
 	type = "Heartbeat";
 	break;
+#endif
     default:
 	type = "unknown";
     }
 
     /* Needs compile time option "enable-ssl-trace". */
     if ((bio = BIO_new(BIO_s_mem())) != NULL) {
 	int n;
 	SSL_trace(write_p, version, content_type, buf, len, ssl, (void *)bio);
-	n = BIO_read(bio, buffer, min(BIO_pending(bio), 14999));
+	n = BIO_read(bio, buffer, BIO_pending(bio) < 15000 ? BIO_pending(bio) : 14999);
 	n = (n<0) ? 0 : n;
 	buffer[n] = 0;
 	(void)BIO_flush(bio);
 	BIO_free(bio);
    }
@@ -482,11 +484,10 @@
  *-------------------------------------------------------------------
  */
 void KeyLogCallback(const SSL *ssl, const char *line) {
     char *str = getenv(SSLKEYLOGFILE);
     FILE *fd;
-    (void *) ssl;
 
     dprintf("Called");
 
     if (str) {
 	fd = fopen(str, "a");
@@ -595,11 +596,11 @@
  *	1 = success where app retains session in session cache, and must call SSL_SESSION_free() when done.
  *
  *-------------------------------------------------------------------
  */
 static int
-SessionCallback(const SSL *ssl, SSL_SESSION *session) {
+SessionCallback(SSL *ssl, SSL_SESSION *session) {
     State *statePtr = (State*)SSL_get_app_data((SSL *)ssl);
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr;
     const unsigned char *ticket;
     const unsigned char *session_id;
@@ -662,11 +663,11 @@
  *	    protocols are configured for this connection. The connection continues.
  *
  *-------------------------------------------------------------------
  */
 static int
-ALPNCallback(const SSL *ssl, const unsigned char **out, unsigned char *outlen,
+ALPNCallback(SSL *ssl, const unsigned char **out, unsigned char *outlen,
 	const unsigned char *in, unsigned int inlen, void *arg) {
     State *statePtr = (State*)arg;
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr;
     int code, res;
@@ -676,11 +677,11 @@
     if (ssl == NULL || arg == NULL) {
 	return SSL_TLSEXT_ERR_NOACK;
     }
 
     /* Select protocol */
-    if (SSL_select_next_proto(out, outlen, statePtr->protos, statePtr->protos_len,
+    if (SSL_select_next_proto((unsigned char **) out, outlen, statePtr->protos, statePtr->protos_len,
 	in, inlen) == OPENSSL_NPN_NEGOTIATED) {
 	/* Match found */
 	res = SSL_TLSEXT_ERR_OK;
     } else {
 	/* OPENSSL_NPN_NO_OVERLAP = No overlap, so use first item from client protocol list */
@@ -694,11 +695,11 @@
     /* Create command to eval */
     cmdPtr = Tcl_DuplicateObj(statePtr->vcmd);
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("alpn", -1));
     Tcl_ListObjAppendElement(interp, cmdPtr,
 	    Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1));
-    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(*out, -1));
+    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj((const char *) *out, -1));
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewBooleanObj(res == SSL_TLSEXT_ERR_OK));
 
     /* Eval callback command */
     Tcl_IncrRefCount(cmdPtr);
     if ((code = EvalCallback(interp, statePtr, cmdPtr)) > 1) {
@@ -784,11 +785,11 @@
 SNICallback(const SSL *ssl, int *alert, void *arg) {
     State *statePtr = (State*)arg;
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr;
     int code, res;
-    char *servername = NULL;
+    const char *servername = NULL;
 
     dprintf("Called");
 
     if (ssl == NULL || arg == NULL) {
 	return SSL_TLSEXT_ERR_NOACK;
@@ -851,11 +852,11 @@
  *	SSL_CLIENT_HELLO_SUCCESS: success
  *
  *-------------------------------------------------------------------
  */
 static int
-HelloCallback(const SSL *ssl, int *alert, void *arg) {
+HelloCallback(SSL *ssl, int *alert, void *arg) {
     State *statePtr = (State*)arg;
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr;
     int code, res;
     const char *servername;
@@ -2086,11 +2087,11 @@
 
 	/* Get protocol */
 	LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(ssl), -1);
 
 	/* Renegotiation allowed */
-	LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support(ssl));
+	LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support((SSL *) ssl));
 
 	/* Get security level */
 	LAPPEND_INT(interp, objPtr, "security_level", SSL_get_security_level(ssl));
 
 	/* Session info */
@@ -2160,11 +2161,11 @@
     if (session != NULL) {
 	const unsigned char *ticket;
 	size_t len2;
 	unsigned int ulen;
 	const unsigned char *session_id, *proto;
-	char buffer[SSL_MAX_MASTER_KEY_LENGTH];
+	unsigned char buffer[SSL_MAX_MASTER_KEY_LENGTH];
 
 	/* Report the selected protocol as a result of the ALPN negotiation */
 	SSL_SESSION_get0_alpn_selected(session, &proto, &len2);
 	LAPPEND_STR(interp, objPtr, "alpn", (char *) proto, (Tcl_Size) len2);
 
@@ -2197,12 +2198,14 @@
 
 	/* Session ticket lifetime hint (in seconds) */
 	LAPPEND_LONG(interp, objPtr, "lifetime", SSL_SESSION_get_ticket_lifetime_hint(session));
 
 	/* Ticket app data */
-	SSL_SESSION_get0_ticket_appdata(session, &ticket, &len2);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+	SSL_SESSION_get0_ticket_appdata((SSL_SESSION *) session, &ticket, &len2);
 	LAPPEND_BARRAY(interp, objPtr, "ticket_app_data", ticket, (Tcl_Size) len2);
+#endif
 
 	/* Get master key */
 	len2 = SSL_SESSION_get_master_key(session, buffer, SSL_MAX_MASTER_KEY_LENGTH);
 	LAPPEND_BARRAY(interp, objPtr, "master_key", buffer, (Tcl_Size) len2);
 

Index: generic/tlsDigest.c
==================================================================
--- generic/tlsDigest.c
+++ generic/tlsDigest.c
@@ -150,13 +150,12 @@
 int DigestInitialize(Tcl_Interp *interp, DigestState *statePtr, Tcl_Obj *digestObj,
 	Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
     int res = 0, type = statePtr->format & 0xFF0;
     const EVP_MD *md = NULL;
     const EVP_CIPHER *cipher = NULL;
-    const void *key = NULL, *iv = NULL, *salt = NULL;
+    const void *key = NULL;
     Tcl_Size key_len = 0;
-    (void *) macObj;
 
     dprintf("Called");
 
     /* Get digest */
     md = Util_GetDigest(interp, digestObj, type != TYPE_CMAC);
@@ -241,11 +240,11 @@
     switch(statePtr->format & 0xFF0) {
     case TYPE_MD:
         res = EVP_DigestUpdate(statePtr->ctx, buf, (size_t) read);
 	break;
     case TYPE_HMAC:
-        res = HMAC_Update(statePtr->hctx, buf, (size_t) read);
+        res = HMAC_Update(statePtr->hctx, (const unsigned char *) buf, (size_t) read);
 	break;
     case TYPE_CMAC:
         res = CMAC_Update(statePtr->cctx, buf, (size_t) read);
 	break;
     }
@@ -399,11 +398,14 @@
 	Tcl_Obj *resultObj;
 	Tcl_Size written, toWrite;
 
 	if (DigestFinalize(statePtr->interp, statePtr, &resultObj) == TCL_OK) {
 	    unsigned char *data = Tcl_GetByteArrayFromObj(resultObj, &toWrite);
-	    written = Tcl_WriteRaw(parent, data, toWrite);
+	    written = Tcl_WriteRaw(parent, (const char *) data, toWrite);
+            if (written != toWrite) {
+                /* Error */
+            }
 	    Tcl_DecrRefCount(resultObj);
 	}
 	statePtr->flags |= CHAN_EOF;
     }
 
@@ -514,11 +516,11 @@
     if (toWrite <= 0 || statePtr->self == (Tcl_Channel) NULL) {
 	return 0;
     }
 
     /* Update hash function */
-    if (DigestUpdate(statePtr, buf, (Tcl_Size) toWrite, 0) != TCL_OK) {
+    if (DigestUpdate(statePtr, (char *) buf, (Tcl_Size) toWrite, 0) != TCL_OK) {
 	Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Update failed: %s", GET_ERR_REASON()));
 	*errorCodePtr = EINVAL;
 	return 0;
     }
     return toWrite;
@@ -902,11 +904,11 @@
  */
 int DigestInstanceObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
     DigestState *statePtr = (DigestState *) clientData;
     int fn;
     Tcl_Size data_len = 0;
-    char *data = NULL;
+    unsigned char *data = NULL;
     static const char *instance_fns [] = { "finalize", "update", NULL };
 
     dprintf("Called");
 
     /* Validate arg count */
@@ -929,11 +931,11 @@
 	    Tcl_WrongNumArgs(interp, 1, objv, "update data");
 	    return TCL_ERROR;
 	}
 
 	/* Update hash function */
-	if (DigestUpdate(statePtr, data, data_len, 1) != TCL_OK) {
+	if (DigestUpdate(statePtr, (char *) data, data_len, 1) != TCL_OK) {
 	    return TCL_ERROR;
 	}
 
     } else {
 	/* Finalize hash function and calculate message digest */
@@ -1032,11 +1034,11 @@
  *
  *-------------------------------------------------------------------
  */
 int DigestDataHandler(Tcl_Interp *interp, Tcl_Obj *dataObj, Tcl_Obj *digestObj,
 	Tcl_Obj *cipherObj, int format, Tcl_Obj *keyObj, Tcl_Obj *macObj) {
-    char *data;
+    unsigned char *data;
     Tcl_Size data_len;
     DigestState *statePtr;
 
     dprintf("Called");
 
@@ -1053,11 +1055,11 @@
 	return TCL_ERROR;
     }
 
     /* Calc Digest */
     if (DigestInitialize(interp, statePtr, digestObj, cipherObj, keyObj, macObj) != TCL_OK ||
-	DigestUpdate(statePtr, data, data_len, 1) != TCL_OK ||
+	DigestUpdate(statePtr, (char *) data, data_len, 1) != TCL_OK ||
 	DigestFinalize(interp, statePtr, NULL) != TCL_OK) {
 	DigestStateFree(statePtr);
 	return TCL_ERROR;
     }
 
@@ -1118,11 +1120,11 @@
 
     /* Read file data and update hash function */
     while (!Tcl_Eof(chan)) {
 	Tcl_Size len = Tcl_ReadRaw(chan, (char *) buf, BUFFER_SIZE);
 	if (len > 0) {
-	    if ((res = DigestUpdate(statePtr, &buf[0], len, 1)) != TCL_OK) {
+	    if ((res = DigestUpdate(statePtr, (char *) &buf[0], len, 1)) != TCL_OK) {
 		goto done;
 	    }
 	}
     }
 

Index: generic/tlsEncrypt.c
==================================================================
--- generic/tlsEncrypt.c
+++ generic/tlsEncrypt.c
@@ -136,11 +136,11 @@
  *-------------------------------------------------------------------
  */
 int EncryptInitialize(Tcl_Interp *interp, int type, EVP_CIPHER_CTX **ctx,
 	Tcl_Obj *cipherObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) {
     const EVP_CIPHER *cipher;
-    char *keyString = NULL, *ivString = NULL;
+    void *keyString = NULL, *ivString = NULL;
     Tcl_Size key_len = 0, iv_len = 0;
     int res, max;
     unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
 
     dprintf("Called");
@@ -156,22 +156,22 @@
     }
 
     /*  Get key - Only support internally defined cipher lengths.
 	Custom ciphers can be up to size_t bytes. */
     max = EVP_CIPHER_key_length(cipher);
-    keyString = (const void *) Util_GetKey(interp, keyObj, &key_len, "key", max, FALSE);
+    keyString = Util_GetKey(interp, keyObj, &key_len, "key", max, 0);
     if (keyString != NULL) {
-	memcpy((void *) key, (const void *) keyString, (size_t) key_len);
+	memcpy((void *) key, keyString, (size_t) key_len);
     } else if (keyObj != NULL)  {
 	return TCL_ERROR;
     }
 
     /*  Get IV */
     max = EVP_CIPHER_iv_length(cipher);
-    ivString = (const void *) Util_GetIV(interp, ivObj, &iv_len, max, FALSE);
+    ivString = Util_GetIV(interp, ivObj, &iv_len, max, 0);
     if (ivString != NULL) {
-	memcpy((void *) iv, (const void *) ivString, (size_t) iv_len);
+	memcpy((void *) iv, ivString, (size_t) iv_len);
     } else if (ivObj != NULL) {
 	return TCL_ERROR;
     }
 
     /* Create context */
@@ -399,11 +399,11 @@
     read = Tcl_ReadRaw(parent, in_buf, (Tcl_Size) toRead);
 
     /* Update function */
     if (read > 0) {
 	/* Have data - Update function */
-	if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, buf, &out_len, in_buf, read) == TCL_OK) {
+	if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, (unsigned char *) buf, &out_len, (unsigned char *) in_buf, read) == TCL_OK) {
 	    /* If have data, put in buf, otherwise tell TCL to try again */
 	    if (out_len > 0) {
 		read = (Tcl_Size) out_len;
 	    } else {
 		*errorCodePtr = EAGAIN;
@@ -419,11 +419,11 @@
 	/* Error */
 	*errorCodePtr = Tcl_GetErrno();
 
     } else if (!(statePtr->flags & CHAN_EOF)) {
 	/* EOF - Finalize function and put any remaining data in buf */
-	if (EncryptFinalize(statePtr->interp, statePtr->type, statePtr->ctx, buf, &out_len) == TCL_OK) {
+	if (EncryptFinalize(statePtr->interp, statePtr->type, statePtr->ctx, (unsigned char *) buf, &out_len) == TCL_OK) {
 	    read = (Tcl_Size) out_len;
 	} else {
 	    Tcl_SetChannelError(statePtr->self, Tcl_ObjPrintf("Finalize failed: %s", GET_ERR_REASON()));
 	    *errorCodePtr = EINVAL;
 	    read = 0;
@@ -464,11 +464,11 @@
     }
 
     out_buf = Tcl_Alloc((Tcl_Size) toWrite+EVP_MAX_BLOCK_LENGTH);
 
     /* Update function */
-    if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, out_buf, &out_len, buf, (Tcl_Size) toWrite) == TCL_OK) {
+    if (EncryptUpdate(statePtr->interp, statePtr->type, statePtr->ctx, (unsigned char *) out_buf, &out_len, (unsigned char *) buf, (Tcl_Size) toWrite) == TCL_OK) {
 	/* If have data, output it, otherwise tell TCL to try again */
 	if (out_len > 0) {
 	    Tcl_Channel parent = Tcl_GetStackedChannel(statePtr->self);
 	    write = (int) Tcl_WriteRaw(parent, (const char *) out_buf, (Tcl_Size) out_len);
 	    write = toWrite;
@@ -742,11 +742,10 @@
 static int EncryptChannelHandler(Tcl_Interp *interp, int type, const char *channel,
 	Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) {
     int mode; /* OR-ed combination of TCL_READABLE and TCL_WRITABLE */
     Tcl_Channel chan;
     EncryptState *statePtr;
-    (void *) digestObj;
 
     dprintf("Called");
 
     /* Validate args */
     if (channel == (const char *) NULL) {
@@ -862,11 +861,11 @@
  */
 int EncryptInstanceObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
     EncryptState *statePtr = (EncryptState *) clientData;
     int fn, out_len;
     Tcl_Size data_len = 0;
-    char *data = NULL;
+    unsigned char *data = NULL;
     Tcl_Obj *resultObj;
     unsigned char *out_buf;
     static const char *instance_fns [] = { "finalize", "update", NULL };
 
     dprintf("Called");
@@ -966,11 +965,10 @@
  */
 int EncryptCommandHandler(Tcl_Interp *interp, int type, Tcl_Obj *cmdObj,
 	Tcl_Obj *cipherObj, Tcl_Obj *digestObj, Tcl_Obj *keyObj, Tcl_Obj *ivObj) {
     EncryptState *statePtr;
     char *cmdName = Tcl_GetStringFromObj(cmdObj, (Tcl_Size *) NULL);
-    (void *) digestObj;
 
     dprintf("Called");
 
     if ((statePtr = EncryptStateNew(interp, type)) == NULL) {
 	Tcl_AppendResult(interp, "Memory allocation error", (char *) NULL);
@@ -1014,11 +1012,10 @@
     EVP_CIPHER_CTX *ctx = NULL;
     int out_len = 0, len = 0, res = TCL_OK;
     Tcl_Size data_len = 0;
     unsigned char *data, *out_buf;
     Tcl_Obj *resultObj;
-    (void *) digestObj;
 
     dprintf("Called");
 
     /* Get data */
     if (dataObj != NULL) {
@@ -1085,11 +1082,10 @@
     EVP_CIPHER_CTX *ctx = NULL;
     int total = 0, res, out_len = 0, len;
     Tcl_Channel in = NULL, out = NULL;
     unsigned char in_buf[BUFFER_SIZE];
     unsigned char out_buf[BUFFER_SIZE+EVP_MAX_BLOCK_LENGTH];
-    (void *) digestObj;
 
     dprintf("Called");
 
     /* Open input file */
     if ((in = Tcl_FSOpenFileChannel(interp, inFileObj, "rb", 0444)) == (Tcl_Channel) NULL) {

Index: generic/tlsIO.c
==================================================================
--- generic/tlsIO.c
+++ generic/tlsIO.c
@@ -71,11 +71,10 @@
  *
  *-------------------------------------------------------------------
  */
 static int TlsCloseProc(ClientData instanceData, Tcl_Interp *interp) {
     State *statePtr = (State *) instanceData;
-    (void *) interp;
 
     dprintf("TlsCloseProc(%p)", (void *) statePtr);
 
     Tls_Clean(statePtr);
     Tcl_EventuallyFree((ClientData)statePtr, Tls_Free);
@@ -227,32 +226,32 @@
 		dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno());
 		*errorCodePtr = Tcl_GetErrno();
 		if (*errorCodePtr == ECONNRESET) {
 		    *errorCodePtr = ECONNABORTED;
 		}
-		Tls_Error(statePtr, Tcl_ErrnoMsg(Tcl_GetErrno()));
+		Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(Tcl_GetErrno()));
 
 	    } else {
 		dprintf("I/O error occurred (backingError = %lu)", backingError);
 		*errorCodePtr = backingError;
 		if (*errorCodePtr == ECONNRESET) {
 		    *errorCodePtr = ECONNABORTED;
 		}
-		Tls_Error(statePtr, ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
 	    }
 
 	    statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
 	    return(-1);
 
 	case SSL_ERROR_SSL:
 	    /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */
 	    dprintf("SSL_ERROR_SSL: Got permanent fatal SSL error, aborting immediately");
 	    if (backingError != 0) {
-		Tls_Error(statePtr, ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
 	    }
 	    if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) {
-		Tls_Error(statePtr, X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)));
+		Tls_Error(statePtr, (char *) X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)));
 	    }
 	    statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
 	    *errorCodePtr = ECONNABORTED;
 	    return(-1);
 
@@ -365,11 +364,11 @@
 
 	case SSL_ERROR_SSL:
 	    /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */
 	    dprintf("SSL error, indicating that the connection has been aborted");
 	    if (backingError != 0) {
-		Tls_Error(statePtr, ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
 	    }
 	    *errorCodePtr = ECONNABORTED;
 	    bytesRead = -1;
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -394,17 +393,17 @@
 
 	    } else if (backingError == 0 && bytesRead == -1) {
 		dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno());
 		*errorCodePtr = Tcl_GetErrno();
 		bytesRead = -1;
-		Tls_Error(statePtr, Tcl_ErrnoMsg(Tcl_GetErrno()));
+		Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(Tcl_GetErrno()));
 
 	    } else {
 		dprintf("I/O error occurred (backingError = %lu)", backingError);
 		*errorCodePtr = backingError;
 		bytesRead = -1;
-		Tls_Error(statePtr, ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
 	    }
 	    break;
 
 	case SSL_ERROR_ZERO_RETURN:
 	    dprintf("Got SSL_ERROR_ZERO_RETURN, this means an EOF has been reached");
@@ -561,25 +560,25 @@
 
 	    } else if (backingError == 0 && written == -1) {
 		dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno());
 		*errorCodePtr = Tcl_GetErrno();
 		written = -1;
-		Tls_Error(statePtr, Tcl_ErrnoMsg(Tcl_GetErrno()));
+		Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(Tcl_GetErrno()));
 
 	    } else {
 		dprintf("I/O error occurred (backingError = %lu)", backingError);
 		*errorCodePtr = backingError;
 		written = -1;
-		Tls_Error(statePtr, ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
 	    }
 	    break;
 
 	case SSL_ERROR_SSL:
 	    /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */
 	    dprintf("SSL error, indicating that the connection has been aborted");
 	    if (backingError != 0) {
-		Tls_Error(statePtr, ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
 	    }
 	    *errorCodePtr = ECONNABORTED;
 	    written = -1;
 	    break;
 
@@ -942,8 +941,8 @@
     NULL,			/* Wide seek proc */
     NULL,			/* Thread action */
     NULL			/* Truncate */
 };
 
-Tcl_ChannelType *Tls_ChannelType(void) {
+const Tcl_ChannelType *Tls_ChannelType(void) {
     return &tlsChannelType;
 }

Index: generic/tlsInfo.c
==================================================================
--- generic/tlsInfo.c
+++ generic/tlsInfo.c
@@ -67,11 +67,11 @@
  */
 int CipherInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
     const EVP_CIPHER *cipher;
     Tcl_Obj *resultObj, *listObj;
     unsigned long flags, mode;
-    unsigned char *modeName = NULL;
+    char *modeName = NULL;
     char *name = Tcl_GetStringFromObj(nameObj, (Tcl_Size *) NULL);
 
     /* Get cipher */
     cipher = EVP_get_cipherbyname(name);
 
@@ -378,11 +378,11 @@
 
     if (sk != NULL) {
 	Tcl_Obj *resultObj = NULL;
 
 	if (!verbose) {
-	    char *cp;
+	    const char *cp;
 	    resultObj = Tcl_NewListObj(0, NULL);
 	    if (resultObj == NULL) {
 		res = TCL_ERROR;
 		goto done;
 	    }
@@ -392,11 +392,11 @@
 		if (c == NULL) continue;
 
 		/* cipher name or (NONE) */
 		cp = SSL_CIPHER_get_name(c);
 		if (cp == NULL) break;
-		Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj(cp, -1));
+		Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj((char *) cp, -1));
 	    }
 
 	} else {
 	    char buf[BUFSIZ];
 	    resultObj = Tcl_NewStringObj("", 0);
@@ -447,14 +447,13 @@
  *	None.
  *
  *-------------------------------------------------------------------
  */
 int DigestInfo(Tcl_Interp *interp, Tcl_Obj *nameObj) {
-    EVP_MD *md;
+    const EVP_MD *md;
     Tcl_Obj *resultObj, *listObj;
     unsigned long flags;
-    int res = TCL_OK;
     char *name = Tcl_GetStringFromObj(nameObj, (Tcl_Size *) NULL);
 
     /* Get message digest */
     md = EVP_get_digestbyname(name);
 

Index: generic/tlsInt.h
==================================================================
--- generic/tlsInt.h
+++ generic/tlsInt.h
@@ -177,11 +177,11 @@
 	SSL *ssl;		/* Struct for SSL processing */
 	SSL_CTX *ctx;		/* SSL Context */
 	BIO *bio;		/* Struct for SSL processing */
 	BIO *p_bio;		/* Parent BIO (that is layered on Tcl_Channel) */
 
-	char *protos;		/* List of supported protocols in protocol format */
+	unsigned char *protos;	/* List of supported protocols in protocol format */
 	unsigned int protos_len; /* Length of protos */
 
 	char *err;
 } State;
 
@@ -192,11 +192,11 @@
 #endif /* USE_TCL_STUBS */
 
 /*
  * Forward declarations
  */
-Tcl_ChannelType *Tls_ChannelType(void);
+const Tcl_ChannelType *Tls_ChannelType(void);
 Tcl_Channel     Tls_GetParent(State *statePtr, int maskFlags);
 
 Tcl_Obj         *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert);
 Tcl_Obj		*Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer);
 void            Tls_Error(State *statePtr, char *msg);

Index: generic/tlsKDF.c
==================================================================
--- generic/tlsKDF.c
+++ generic/tlsKDF.c
@@ -79,17 +79,17 @@
 	    return TCL_ERROR;
 	}
 
 	switch(fn) {
 	case _opt_cipher:
-	    if ((cipher = Util_GetCipher(interp, objv[idx], TRUE)) == NULL) {
+	    if ((cipher = Util_GetCipher(interp, objv[idx], 1)) == NULL) {
 		return TCL_ERROR;
 	    }
 	    break;
 	case _opt_digest:
 	case _opt_hash:
-	    if ((md = Util_GetDigest(interp, objv[idx], TRUE)) == NULL) {
+	    if ((md = Util_GetDigest(interp, objv[idx], 1)) == NULL) {
 		return TCL_ERROR;
 	    }
 	    break;
 	case _opt_iter:
 	    if (Util_GetInt(interp, objv[idx], &iter, "iterations", 1, -1) != TCL_OK) {
@@ -96,18 +96,18 @@
 		return TCL_ERROR;
 	    }
 	    break;
 	case _opt_key:
 	case _opt_password:
-	    pass = Util_GetKey(interp, objv[idx], &pass_len, command_opts[fn], 0, FALSE);
+	    pass = Util_GetKey(interp, objv[idx], &pass_len, (char *) command_opts[fn], 0, 0);
 	    break;
 	case _opt_salt:
 	    GET_OPT_BYTE_ARRAY(objv[idx], salt, &salt_len);
 	    break;
 	case _opt_length:
 	case _opt_size:
-	    if (Util_GetInt(interp, objv[idx], &dk_len, command_opts[fn], 1, buf_len) != TCL_OK) {
+	    if (Util_GetInt(interp, objv[idx], &dk_len, (char *) command_opts[fn], 1, buf_len) != TCL_OK) {
 		return TCL_ERROR;
 	    }
 	    break;
 	}
     }
@@ -128,11 +128,11 @@
 	ivlen = EVP_CIPHER_iv_length(cipher);
 	dk_len = iklen+ivlen;
     }
 
     /* Derive key */
-    if (!PKCS5_PBKDF2_HMAC(pass, (int) pass_len, salt, (int) salt_len, iter, md, dk_len, tmpkeyiv)) {
+    if (!PKCS5_PBKDF2_HMAC((const char *) pass, (int) pass_len, salt, (int) salt_len, iter, md, dk_len, tmpkeyiv)) {
 	Tcl_AppendResult(interp, "Key derivation failed: ", GET_ERR_REASON(), (char *) NULL);
 	return TCL_ERROR;
     }
 
    /* Set result to key and iv */
@@ -204,30 +204,30 @@
 	}
 
 	switch(fn) {
 	case _opt_digest:
 	case _opt_hash:
-	    if ((md = Util_GetDigest(interp, objv[idx], TRUE)) == NULL) {
+	    if ((md = Util_GetDigest(interp, objv[idx], 1)) == NULL) {
 		goto error;
 	    }
 	    break;
 	case _opt_info:
 	    /* Max 1024/2048 */
 	    GET_OPT_BYTE_ARRAY(objv[idx], info, &info_len);
 	    break;
 	case _opt_key:
 	case _opt_password:
-	    if ((key = Util_GetKey(interp, objv[idx], &key_len, command_opts[fn], 0, 1)) == NULL) {
+	    if ((key = Util_GetKey(interp, objv[idx], &key_len, (char *) command_opts[fn], 0, 1)) == NULL) {
 		goto error;
 	    }
 	    break;
 	case _opt_salt:
 	    GET_OPT_BYTE_ARRAY(objv[idx], salt, &salt_len);
 	    break;
 	case _opt_length:
 	case _opt_size:
-	    if (Util_GetInt(interp, objv[idx], &dk_len, command_opts[fn], 1, 0) != TCL_OK) {
+	    if (Util_GetInt(interp, objv[idx], &dk_len, (char *) command_opts[fn], 1, 0) != TCL_OK) {
 		goto error;
 	    }
 	    break;
 	}
     }
@@ -321,11 +321,11 @@
     EVP_PKEY_CTX *pctx = NULL;
     unsigned char *salt = NULL, *pass = NULL, *out = NULL;
     Tcl_Size salt_len = 0, pass_len = 0;
     int dk_len = 64, res = TCL_OK;
     Tcl_Size fn;
-    uint64_t N = 0, p = 0, r = 0, maxmem = 0;
+    Tcl_WideInt N = 0, p = 0, r = 0, maxmem = 0;
     size_t out_len;
     Tcl_Obj *resultObj;
     (void) clientData;
 
     dprintf("Called");
@@ -361,11 +361,11 @@
 	case _opt_salt:
 	    GET_OPT_BYTE_ARRAY(objv[idx], salt, &salt_len);
 	    break;
 	case _opt_length:
 	case _opt_size:
-	    if (Util_GetInt(interp, objv[idx], &dk_len, command_opts[fn], 1, 0) != TCL_OK) {
+	    if (Util_GetInt(interp, objv[idx], &dk_len, (char *) command_opts[fn], 1, 0) != TCL_OK) {
 		goto error;
 	    }
 	    break;
 	case _opt_N:
 	case _opt_n:
@@ -401,27 +401,27 @@
 	Tcl_AppendResult(interp, "Initialize failed: ", GET_ERR_REASON(), (char *) NULL);
 	goto error;
     }
 
     /* Set config parameters */
-    if (EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, (int) pass_len) < 1) {
+    if (EVP_PKEY_CTX_set1_pbe_pass(pctx, (const char *) pass, (int) pass_len) < 1) {
 	Tcl_AppendResult(interp, "Set key failed: ", GET_ERR_REASON(), (char *) NULL);
 	goto error;
     }
     if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, (int) salt_len) < 1) {
 	Tcl_AppendResult(interp, "Set salt failed: ", GET_ERR_REASON(), (char *) NULL);
 	goto error;
     }
-    if (N != 0 && EVP_PKEY_CTX_set_scrypt_N(pctx, N) < 1) {
+    if (N != 0 && EVP_PKEY_CTX_set_scrypt_N(pctx, (uint64_t) N) < 1) {
 	Tcl_AppendResult(interp, "Set cost parameter (N) failed: ", GET_ERR_REASON(), (char *) NULL);
 	goto error;
     }
-    if (r != 0 && EVP_PKEY_CTX_set_scrypt_r(pctx, r) < 1) {
+    if (r != 0 && EVP_PKEY_CTX_set_scrypt_r(pctx, (uint64_t) r) < 1) {
 	Tcl_AppendResult(interp, "Set lock size parameter (r) failed: ", GET_ERR_REASON(), (char *) NULL);
 	goto error;
    }
-    if (p != 0 && EVP_PKEY_CTX_set_scrypt_p(pctx, p) < 1) {
+    if (p != 0 && EVP_PKEY_CTX_set_scrypt_p(pctx, (uint64_t) p) < 1) {
 	Tcl_AppendResult(interp, "Set Parallelization parameter (p) failed: ", GET_ERR_REASON(), (char *) NULL);
 	goto error;
     }
     if (maxmem != 0 && EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem) < 1) {
 	Tcl_AppendResult(interp, "Set max memory failed: ", GET_ERR_REASON(), (char *) NULL);

Index: generic/tlsX509.c
==================================================================
--- generic/tlsX509.c
+++ generic/tlsX509.c
@@ -60,11 +60,11 @@
 
     if (listPtr == NULL) {
 	return NULL;
     }
 
-    if (exts = X509_get0_extensions(cert)) {
+    if ((exts = X509_get0_extensions(cert)) != NULL) {
 	for (int i=0; i < X509_get_ext_count(cert); i++) {
 	    X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i);
 	    ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
 	    /* ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(ex); */
 	    int critical = X509_EXTENSION_get_critical(ex);
@@ -75,20 +75,20 @@
 }
 
 /*
  * Get Authority and Subject Key Identifiers
  */
-Tcl_Obj *Tls_x509Identifier(ASN1_OCTET_STRING *astring) {
+Tcl_Obj *Tls_x509Identifier(const ASN1_OCTET_STRING *astring) {
     Tcl_Obj *resultPtr = NULL;
     int len = 0;
-    char buffer[1024];
+    unsigned char buffer[1024];
 
     if (astring != NULL) {
-	len = String_to_Hex(ASN1_STRING_get0_data(astring),
+	len = String_to_Hex((unsigned char *) ASN1_STRING_get0_data(astring),
 	    ASN1_STRING_length(astring), buffer, 1024);
     }
-    resultPtr = Tcl_NewStringObj(buffer, (Tcl_Size) len);
+    resultPtr = Tcl_NewStringObj((char *) &buffer[0], (Tcl_Size) len);
     return resultPtr;
 }
 
 /*
  * Get Key Usage
@@ -201,15 +201,15 @@
 
     if (listPtr == NULL) {
 	return NULL;
     }
 
-    if (names = X509_get_ext_d2i(cert, nid, NULL, NULL)) {
+    if ((names = X509_get_ext_d2i(cert, nid, NULL, NULL)) != NULL) {
 	for (int i=0; i < sk_GENERAL_NAME_num(names); i++) {
 	    const GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
 
-	    len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, name), bio, buffer, 1024);
+	    len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, (GENERAL_NAME *) name), bio, buffer, 1024);
 	    LAPPEND_STR(interp, listPtr, NULL, buffer, (Tcl_Size) len);
 	}
 	sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
     }
     return listPtr;
@@ -271,11 +271,11 @@
 
     if (listPtr == NULL) {
 	return NULL;
     }
 
-    if (crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) {
+    if ((crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) != NULL) {
 	for (int i=0; i < sk_DIST_POINT_num(crl); i++) {
 	    DIST_POINT *dp = sk_DIST_POINT_value(crl, i);
 	    DIST_POINT_NAME *distpoint = dp->distpoint;
 
 	    if (distpoint->type == 0) {
@@ -283,20 +283,20 @@
 		for (int j = 0; j < sk_GENERAL_NAME_num(distpoint->name.fullname); j++) {
 		    GENERAL_NAME *gen = sk_GENERAL_NAME_value(distpoint->name.fullname, j);
 		    int type;
 		    ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type);
 		    if (type == GEN_URI) {
-			LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri));
+			LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri));
 		    }
 		}
 	    } else if (distpoint->type == 1) {
 		/* relative-name X509NAME */
 		STACK_OF(X509_NAME_ENTRY) *sk_relname = distpoint->name.relativename;
 		for (int j = 0; j < sk_X509_NAME_ENTRY_num(sk_relname); j++) {
 		    X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_value(sk_relname, j);
 		    ASN1_STRING *d = X509_NAME_ENTRY_get_data(e);
-		    LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d));
+		    LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d));
 		}
 	    }
 	}
 	CRL_DIST_POINTS_free(crl);
     }
@@ -312,11 +312,11 @@
 
     if (listPtr == NULL) {
 	return NULL;
     }
 
-    if (ocsp = X509_get1_ocsp(cert)) {
+    if ((ocsp = X509_get1_ocsp(cert)) != NULL) {
 	for (int i = 0; i < sk_OPENSSL_STRING_num(ocsp); i++) {
 	    LAPPEND_STR(interp, listPtr, NULL, sk_OPENSSL_STRING_value(ocsp, i), -1);
 	}
 	X509_email_free(ocsp);
     }
@@ -331,17 +331,17 @@
     ACCESS_DESCRIPTION *ad;
     Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
     unsigned char *buf;
     int len;
 
-    if (ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) {
+    if ((ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) != NULL) {
 	for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++) {
 	    ad = sk_ACCESS_DESCRIPTION_value(ads, i);
 	    if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location) {
 		if (ad->location->type == GEN_URI) {
 		    len = ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier);
-		    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buf, (Tcl_Size) len));
+		    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj((char *) buf, (Tcl_Size) len));
 		    OPENSSL_free(buf);
 		    break;
 		}
 	    }
 	}
@@ -373,10 +373,11 @@
 Tcl_Obj*
 Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert) {
     Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL);
     BIO *bio = BIO_new(BIO_s_mem());
     int mdnid, pknid, bits, len;
+    unsigned int ulen;
     uint32_t xflags;
     char buffer[BUFSIZ];
     unsigned char md[EVP_MAX_MD_SIZE];
     unsigned long flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
     flags &= ~ASN1_STRFLGS_ESC_MSB;
@@ -396,11 +397,11 @@
 
 	X509_get0_signature(&sig, &sig_alg, cert);
 	/* sig_nid = X509_get_signature_nid(cert) */
 	sig_nid = OBJ_obj2nid(sig_alg->algorithm);
 	LAPPEND_STR(interp, certPtr, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1);
-	len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, buffer, BUFSIZ) : 0;
+	len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, (unsigned char *) buffer, BUFSIZ) : 0;
 	LAPPEND_STR(interp, certPtr, "signatureValue", buffer, (Tcl_Size) len);
     }
 
     /* Version of the encoded certificate - RFC 5280 section 4.1.2.1 */
     LAPPEND_LONG(interp, certPtr, "version", X509_get_version(cert)+1);
@@ -431,19 +432,19 @@
 	the subject public key field. RFC 5280 section 4.1.2.6 */
     len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
     LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len);
 
     /* SHA1 Digest (Fingerprint) of cert - DER representation */
-    if (X509_digest(cert, EVP_sha1(), md, &len)) {
-	len = String_to_Hex(md, len, buffer, BUFSIZ);
-	LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) len);
+    if (X509_digest(cert, EVP_sha1(), md, &ulen)) {
+	len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
+	LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) ulen);
     }
 
     /* SHA256 Digest (Fingerprint) of cert - DER representation */
-    if (X509_digest(cert, EVP_sha256(), md, &len)) {
-	len = String_to_Hex(md, len, buffer, BUFSIZ);
-	LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) len);
+    if (X509_digest(cert, EVP_sha256(), md, &ulen)) {
+	len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
+	LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) ulen);
     }
 
     /* Subject Public Key Info specifies the public key and identifies the
 	algorithm with which the key is used. RFC 5280 section 4.1.2.7 */
     if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) {
@@ -453,23 +454,23 @@
 	LAPPEND_STR(interp, certPtr, "signingDigest", OBJ_nid2ln(mdnid), -1);
 	LAPPEND_STR(interp, certPtr, "publicKeyAlgorithm", OBJ_nid2ln(pknid), -1);
 	LAPPEND_INT(interp, certPtr, "bits", bits); /* Effective security bits */
 
 	key = X509_get0_pubkey_bitstr(cert);
-	len = String_to_Hex(key->data, key->length, buffer, BUFSIZ);
+	len = String_to_Hex(key->data, key->length, (unsigned char *) buffer, BUFSIZ);
 	LAPPEND_STR(interp, certPtr, "publicKey", buffer, (Tcl_Size) len);
 
 	len = 0;
 	if (X509_pubkey_digest(cert, EVP_get_digestbynid(pknid), md, &n)) {
-	    len = String_to_Hex(md, (int)n, buffer, BUFSIZ);
+	    len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ);
 	}
 	LAPPEND_STR(interp, certPtr, "publicKeyHash", buffer, (Tcl_Size) len);
 
 	/* digest of the DER representation of the certificate */
 	len = 0;
 	if (X509_digest(cert, EVP_get_digestbynid(mdnid), md, &n)) {
-	    len = String_to_Hex(md, (int)n, buffer, BUFSIZ);
+	    len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ);
 	}
 	LAPPEND_STR(interp, certPtr, "signatureHash", buffer, (Tcl_Size) len);
     }
 
     /* Certificate Purpose. Call before checking for extensions. */
@@ -493,18 +494,18 @@
 	const ASN1_BIT_STRING *iuid, *suid;
 	X509_get0_uids(cert, &iuid, &suid);
 
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
 	if (iuid != NULL) {
-	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, (Tcl_Size) iuid->length));
+	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)iuid->data, (Tcl_Size) iuid->length));
 	} else {
 	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
 	}
 
 	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectUniqueId", -1));
 	if (suid != NULL) {
-	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, (Tcl_Size) suid->length));
+	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)suid->data, (Tcl_Size) suid->length));
 	} else {
 	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
 	}
     }
 
@@ -586,12 +587,14 @@
 
     /* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the
 	friendlyName attribute (RFC 2985). */
     {
 	len = 0;
-        char *string = X509_alias_get0(cert, &len);
-	LAPPEND_STR(interp, certPtr, "alias", string, (Tcl_Size) len);
+        unsigned char *string = X509_alias_get0(cert, &len);
+	LAPPEND_STR(interp, certPtr, "alias", (char *) string, (Tcl_Size) len);
+	string = X509_keyid_get0 (cert, &len);
+	LAPPEND_STR(interp, certPtr, "keyId", (char *) string, (Tcl_Size) len);
     }
 
     /* Certificate and dump all data */
     {
 	char certStr[CERT_STR_SIZE];

Index: tests/badssl.csv
==================================================================
--- tests/badssl.csv
+++ tests/badssl.csv
@@ -3,11 +3,11 @@
 ,,,,,,,,,,
 command,# Find default CA certificates directory,,,,,,,,,
 command,if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]},,,,,,,,,
 ,,,,,,,,,,
 command,# Constraints,,,,,,,,,
-command,source common.tcl,,,,,,,,,
+command,source [file join [file dirname [info script]] common.tcl],,,,,,,,,
 ,,,,,,,,,,
 command,# Helper functions,,,,,,,,,
 command,"proc badssl {url} {set port 443;lassign [split $url "":""] url port;if {$port eq """"} {set port 443};set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}",,,,,,,,,
 ,,,,,,,,,,
 command,# BadSSL.com Tests,,,,,,,,,

Index: tests/badssl.test
==================================================================
--- tests/badssl.test
+++ tests/badssl.test
@@ -12,11 +12,11 @@
 
 # Find default CA certificates directory
 if {[info exists ::env(SSL_CERT_FILE)]} {set ::cafile $::env(SSL_CERT_FILE)} else {set ::cafile [file normalize {C:\Users\Brian\Documents\Source\Build\SSL-1.1\certs\cacert.pem}]}
 
 # Constraints
-source common.tcl
+source [file join [file dirname [info script]] common.tcl]
 
 # Helper functions
 proc badssl {url} {set port 443;lassign [split $url ":"] url port;if {$port eq ""} {set port 443};set ch [tls::socket -autoservername 1 -require 1 -cafile $::cafile $url $port];if {[catch {tls::handshake $ch} err]} {close $ch;return -code error $err} else {close $ch}}
 
 # BadSSL.com Tests

Index: tests/digest.csv
==================================================================
--- tests/digest.csv
+++ tests/digest.csv
@@ -1,10 +1,10 @@
 # Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
 command,package require tls,,,,,,,,,
 ,,,,,,,,,,
 command,# Constraints,,,,,,,,,
-command,source common.tcl,,,,,,,,,
+command,::tcltest::testConstraint md4 [expr {"md4" in [::tls::digests]}],,,,,,,,,
 ,,,,,,,,,,
 command,# Helper functions - See common.tcl,,,,,,,,,
 command,proc digest_read_chan {cmd filename args} {;set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [$cmd {*}$args -chan $ch];while {![eof $new]} {set md [read $new $bsize]};close $new;return $md},,,,,,,,,
 command,proc digest_write_chan {cmd filename data args} {;set ch [open $filename wb];set new [$cmd {*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set md [read $ch];close $ch;return $md},,,,,,,,,
 command,proc digest_accumulate {string args} {;set cmd [{*}$args -command dcmd]; $cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]},$cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]},,,,,,,,
@@ -14,62 +14,62 @@
 command,"set test_alt_file ""md_alt_data.dat""",,,,,,,,,
 command,"set test_key ""Example key""",,,,,,,,,
 command,::tcltest::makeFile $test_data $test_file,,,,,,,,,
 ,,,,,,,,,,
 command,# Test short-cut commands,,,,,,,,,
-Shortcut Cmds,md4 cmd,,,::tls::md4 $test_data,,,793399f792eca2752c6af3234ba70858,,,
+Shortcut Cmds,md4 cmd,md4,,::tls::md4 $test_data,,,793399f792eca2752c6af3234ba70858,,,
 Shortcut Cmds,md5 cmd,,,::tls::md5 $test_data,,,962bf0803b4232ec23bd8427bb94ea09,,,
 Shortcut Cmds,sha1 cmd,,,::tls::sha1 $test_data,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
 Shortcut Cmds,sha256 cmd,,,::tls::sha256 $test_data,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
 Shortcut Cmds,sha512 cmd,,,::tls::sha512 $test_data,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
 ,,,,,,,,,,
 ,,,,,,,,,,
 command,# Test MD command for read channel,,,,,,,,,
-MD Chan Read,md4,,,digest_read_chan ::tls::md $test_file -digest md4,,,793399f792eca2752c6af3234ba70858,,,
+MD Chan Read,md4,md4,,digest_read_chan ::tls::md $test_file -digest md4,,,793399f792eca2752c6af3234ba70858,,,
 MD Chan Read,md5,,,digest_read_chan ::tls::md $test_file -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD Chan Read,sha1,,,digest_read_chan ::tls::md $test_file -digest sha1,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
 MD Chan Read,sha256,,,digest_read_chan ::tls::md $test_file -digest sha256,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
 MD Chan Read,sha512,,,digest_read_chan ::tls::md $test_file -digest sha512,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
 MD Chan Read,md5 bin,,,binary encode hex [digest_read_chan ::tls::md $test_file -bin -digest md5],,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD Chan Read,md5 hex,,,digest_read_chan ::tls::md $test_file -hex -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
 ,,,,,,,,,,
 command,# Test MD command for write channel,,,,,,,,,
-MD Chan Write,md4,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest md4,,,793399f792eca2752c6af3234ba70858,,,
+MD Chan Write,md4,md4,,digest_write_chan ::tls::md $test_alt_file $test_data -digest md4,,,793399f792eca2752c6af3234ba70858,,,
 MD Chan Write,md5,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD Chan Write,sha1,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest sha1,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
 MD Chan Write,sha256,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest sha256,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
 MD Chan Write,sha512,,,digest_write_chan ::tls::md $test_alt_file $test_data -digest sha512,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
 MD Chan Write,md5 bin,,,binary encode hex [digest_write_chan ::tls::md $test_alt_file $test_data -bin -digest md5],,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD Chan Write,md5 hex,,,digest_write_chan ::tls::md $test_alt_file $test_data -hex -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
 ,,,,,,,,,,
 command,# Test MD command for object command,,,,,,,,,
-MD Command,md4,,,digest_accumulate $test_data ::tls::md -digest md4,,,793399f792eca2752c6af3234ba70858,,,
+MD Command,md4,md4,,digest_accumulate $test_data ::tls::md -digest md4,,,793399f792eca2752c6af3234ba70858,,,
 MD Command,md5,,,digest_accumulate $test_data ::tls::md -digest md5,,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD Command,sha1,,,digest_accumulate $test_data ::tls::md -digest sha1,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
 MD Command,sha256,,,digest_accumulate $test_data ::tls::md -digest sha256,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
 MD Command,sha512,,,digest_accumulate $test_data ::tls::md -digest sha512,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
 MD Command,md5 bin,,,binary encode hex [digest_accumulate $test_data ::tls::md -digest md5 -bin],,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD Command,md5 hex,,,digest_accumulate $test_data ::tls::md -digest md5 -hex,,,962bf0803b4232ec23bd8427bb94ea09,,,
 ,,,,,,,,,,
 command,# Test MD command for data shortcut,,,,,,,,,
-MD Shortcut,md4,,,::tls::md md4 $test_data,,,793399f792eca2752c6af3234ba70858,,,
+MD Shortcut,md4,md4,,::tls::md md4 $test_data,,,793399f792eca2752c6af3234ba70858,,,
 MD Shortcut,md5,,,::tls::md md5 $test_data,,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD Shortcut,sha1,,,::tls::md sha1 $test_data,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
 MD Shortcut,sha256,,,::tls::md sha256 $test_data,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
 MD Shortcut,sha512,,,::tls::md sha512 $test_data,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
 ,,,,,,,,,,
 command,# Test MD command for data,,,,,,,,,
-MD Data,md4,,,::tls::md -digest md4 -data $test_data,,,793399f792eca2752c6af3234ba70858,,,
+MD Data,md4,md4,,::tls::md -digest md4 -data $test_data,,,793399f792eca2752c6af3234ba70858,,,
 MD Data,md5,,,::tls::md -digest md5 -data $test_data,,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD Data,sha1,,,::tls::md -digest sha1 -data $test_data,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
 MD Data,sha256,,,::tls::md -digest sha256 -data $test_data,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
 MD Data,sha512,,,::tls::md -digest sha512 -data $test_data,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
 MD Data,md5 bin,,,binary encode hex [::tls::md -digest md5 -data $test_data -bin],,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD Data,md5 hex,,,::tls::md -digest md5 -data $test_data -hex,,,962bf0803b4232ec23bd8427bb94ea09,,,
 ,,,,,,,,,,
 command,# Test MD command for file,,,,,,,,,
-MD File,md4,,,::tls::md -digest md4 -file $test_file,,,793399f792eca2752c6af3234ba70858,,,
+MD File,md4,md4,,::tls::md -digest md4 -file $test_file,,,793399f792eca2752c6af3234ba70858,,,
 MD File,md5,,,::tls::md -digest md5 -file $test_file,,,962bf0803b4232ec23bd8427bb94ea09,,,
 MD File,sha1,,,::tls::md -digest sha1 -file $test_file,,,4fe03b7f2568551dfafb98ca6004e65c4b71aa7d,,,
 MD File,sha256,,,::tls::md -digest sha256 -file $test_file,,,9d3578fc138205cf0ee4b4cef35fe101bb4ecac7b1614c18e6fa48b5c7f95e19,,,
 MD File,sha512,,,::tls::md -digest sha512 -file $test_file,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
 MD File,md5 bin,,,binary encode hex [::tls::md -digest md5 -file $test_file -bin],,,962bf0803b4232ec23bd8427bb94ea09,,,

Index: tests/digest.test
==================================================================
--- tests/digest.test
+++ tests/digest.test
@@ -9,11 +9,11 @@
 set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]
 
 package require tls
 
 # Constraints
-source common.tcl
+::tcltest::testConstraint md4 [expr {"md4" in [::tls::digests]}]
 
 # Helper functions - See common.tcl
 proc digest_read_chan {cmd filename args} {;set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [$cmd {*}$args -chan $ch];while {![eof $new]} {set md [read $new $bsize]};close $new;return $md}
 proc digest_write_chan {cmd filename data args} {;set ch [open $filename wb];set new [$cmd {*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set md [read $ch];close $ch;return $md}
 proc digest_accumulate {string args} {;set cmd [{*}$args -command dcmd]; $cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]}
@@ -25,11 +25,11 @@
 ::tcltest::makeFile $test_data $test_file
 
 # Test short-cut commands
 
 
-test Shortcut_Cmds-1.1 {md4 cmd} -body {
+test Shortcut_Cmds-1.1 {md4 cmd} -constraints {md4} -body {
 	::tls::md4 $test_data
     } -result {793399f792eca2752c6af3234ba70858}
 
 test Shortcut_Cmds-1.2 {md5 cmd} -body {
 	::tls::md5 $test_data
@@ -49,11 +49,11 @@
 
 
 # Test MD command for read channel
 
 
-test MD_Chan_Read-2.1 {md4} -body {
+test MD_Chan_Read-2.1 {md4} -constraints {md4} -body {
 	digest_read_chan ::tls::md $test_file -digest md4
     } -result {793399f792eca2752c6af3234ba70858}
 
 test MD_Chan_Read-2.2 {md5} -body {
 	digest_read_chan ::tls::md $test_file -digest md5
@@ -80,11 +80,11 @@
     } -result {962bf0803b4232ec23bd8427bb94ea09}
 
 # Test MD command for write channel
 
 
-test MD_Chan_Write-3.1 {md4} -body {
+test MD_Chan_Write-3.1 {md4} -constraints {md4} -body {
 	digest_write_chan ::tls::md $test_alt_file $test_data -digest md4
     } -result {793399f792eca2752c6af3234ba70858}
 
 test MD_Chan_Write-3.2 {md5} -body {
 	digest_write_chan ::tls::md $test_alt_file $test_data -digest md5
@@ -111,11 +111,11 @@
     } -result {962bf0803b4232ec23bd8427bb94ea09}
 
 # Test MD command for object command
 
 
-test MD_Command-4.1 {md4} -body {
+test MD_Command-4.1 {md4} -constraints {md4} -body {
 	digest_accumulate $test_data ::tls::md -digest md4
     } -result {793399f792eca2752c6af3234ba70858}
 
 test MD_Command-4.2 {md5} -body {
 	digest_accumulate $test_data ::tls::md -digest md5
@@ -142,11 +142,11 @@
     } -result {962bf0803b4232ec23bd8427bb94ea09}
 
 # Test MD command for data shortcut
 
 
-test MD_Shortcut-5.1 {md4} -body {
+test MD_Shortcut-5.1 {md4} -constraints {md4} -body {
 	::tls::md md4 $test_data
     } -result {793399f792eca2752c6af3234ba70858}
 
 test MD_Shortcut-5.2 {md5} -body {
 	::tls::md md5 $test_data
@@ -165,11 +165,11 @@
     } -result {d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1}
 
 # Test MD command for data
 
 
-test MD_Data-6.1 {md4} -body {
+test MD_Data-6.1 {md4} -constraints {md4} -body {
 	::tls::md -digest md4 -data $test_data
     } -result {793399f792eca2752c6af3234ba70858}
 
 test MD_Data-6.2 {md5} -body {
 	::tls::md -digest md5 -data $test_data
@@ -196,11 +196,11 @@
     } -result {962bf0803b4232ec23bd8427bb94ea09}
 
 # Test MD command for file
 
 
-test MD_File-7.1 {md4} -body {
+test MD_File-7.1 {md4} -constraints {md4} -body {
 	::tls::md -digest md4 -file $test_file
     } -result {793399f792eca2752c6af3234ba70858}
 
 test MD_File-7.2 {md5} -body {
 	::tls::md -digest md5 -file $test_file

Index: tests/encrypt.csv
==================================================================
--- tests/encrypt.csv
+++ tests/encrypt.csv
@@ -1,11 +1,8 @@
 # Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
 command,package require tls,,,,,,,,,
 ,,,,,,,,,,
-command,# Constraints,,,,,,,,,
-command,source common.tcl,,,,,,,,,
-,,,,,,,,,,
 command,# Helper functions - See common.tcl,,,,,,,,,
 command,"proc read_chan {filename args} {set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [{*}$args -chan $ch];set dat """";while {![eof $new]} {append dat [read $new $bsize]};close $new;return $dat}",,,,,,,,,
 command,proc write_chan {filename data args} {set ch [open $filename wb];set new [{*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set dat [read $ch];close $ch;return $dat},,,,,,,,,
 command,"proc accumulate {string args} {set cmd [{*}$args -command dcmd];set ::dat """";append ::dat [$cmd update [string range $string 0 20]];append ::dat [$cmd update [string range $string 21 end]];append ::dat [$cmd finalize]}",$cmd update [string range $string 0 20];$cmd update [string range $string 21 end];return [$cmd finalize]},,,,,,,,
 command,proc get_file_hex {filename} {set ch [open $filename rb];set data [read $ch];close $ch;return [binary encode hex $data]},,,,,,,,,

Index: tests/encrypt.test
==================================================================
--- tests/encrypt.test
+++ tests/encrypt.test
@@ -8,13 +8,10 @@
 
 set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]
 
 package require tls
 
-# Constraints
-source common.tcl
-
 # Helper functions - See common.tcl
 proc read_chan {filename args} {set ch [open $filename rb];set bsize [fconfigure $ch -buffersize];set new [{*}$args -chan $ch];set dat "";while {![eof $new]} {append dat [read $new $bsize]};close $new;return $dat}
 proc write_chan {filename data args} {set ch [open $filename wb];set new [{*}$args -chan $ch];puts -nonewline $new $data;flush $new;close $new;set ch [open $filename rb];set dat [read $ch];close $ch;return $dat}
 proc accumulate {string args} {set cmd [{*}$args -command dcmd];set ::dat "";append ::dat [$cmd update [string range $string 0 20]];append ::dat [$cmd update [string range $string 21 end]];append ::dat [$cmd finalize]}
 proc get_file_hex {filename} {set ch [open $filename rb];set data [read $ch];close $ch;return [binary encode hex $data]}

Index: tests/info.csv
==================================================================
--- tests/info.csv
+++ tests/info.csv
@@ -3,11 +3,11 @@
 ,,,,,,,,,,
 command,# Make sure path includes location of OpenSSL executable,,,,,,,,,
 command,"if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] "";"" $::env(path)]}",,,,,,,,,
 ,,,,,,,,,,
 command,# Constraints,,,,,,,,,
-command,source common.tcl,,,,,,,,,
+command,source [file join [file dirname [info script]] common.tcl],,,,,,,,,
 ,,,,,,,,,,
 command,# Helper functions,,,,,,,,,
 command,"proc lcompare {list1 list2} {set m """";set u """";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list ""missing"" $m ""unexpected"" $u]}",,,,,,,,,
 command,proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]},,,,,,,,,
 command,"proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data ""\n""] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]}",,,,,,,,,

Index: tests/info.test
==================================================================
--- tests/info.test
+++ tests/info.test
@@ -12,11 +12,11 @@
 
 # Make sure path includes location of OpenSSL executable
 if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] ";" $::env(path)]}
 
 # Constraints
-source common.tcl
+source [file join [file dirname [info script]] common.tcl]
 
 # Helper functions
 proc lcompare {list1 list2} {set m "";set u "";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list "missing" $m "unexpected" $u]}
 proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]}
 proc exec_get_ciphers {} {set list [list];set data [exec openssl list -cipher-algorithms];foreach line [split $data "\n"] {foreach {cipher null alias} [split [string trim $line]] {lappend list [string tolower $cipher]}};return [lsort -unique $list]}