-struct ldapoptions;
-
-LIBLDAP_F (int) ldap_pvt_tls_init LDAP_P(( void ));
-LIBLDAP_F (int) ldap_pvt_tls_config LDAP_P(( struct ldapoptions *lo, int option, const char *arg ));
-LIBLDAP_F (int) ldap_pvt_tls_connect LDAP_P(( Sockbuf *sb, void *ctx_arg ));
-LIBLDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
-LIBLDAP_F (int) ldap_pvt_tls_get_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
-LIBLDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldapoptions *lo, int option, void *arg ));
-LIBLDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
-LIBLDAP_F (int) ldap_pvt_tls_start LDAP_P(( Sockbuf *sb, void *ctx_arg ));
-
-/*
- * UTF-8 (in utf-8.c)
+LDAP_F (int) ldap_int_tls_config LDAP_P(( struct ldap *ld,
+ int option, const char *arg ));
+LDAP_F (int) ldap_pvt_tls_get_option LDAP_P(( struct ldap *ld,
+ int option, void *arg ));
+LDAP_F (int) ldap_pvt_tls_set_option LDAP_P(( struct ldap *ld,
+ int option, void *arg ));
+
+LDAP_F (void) ldap_pvt_tls_destroy LDAP_P(( void ));
+LDAP_F (int) ldap_pvt_tls_init LDAP_P(( void ));
+LDAP_F (int) ldap_pvt_tls_init_def_ctx LDAP_P(( int is_server ));
+LDAP_F (int) ldap_pvt_tls_accept LDAP_P(( Sockbuf *sb, void *ctx_arg ));
+LDAP_F (int) ldap_pvt_tls_inplace LDAP_P(( Sockbuf *sb ));
+LDAP_F (void *) ldap_pvt_tls_sb_ctx LDAP_P(( Sockbuf *sb ));
+LDAP_F (void) ldap_pvt_tls_ctx_free LDAP_P(( void * ));
+
+typedef int LDAPDN_rewrite_dummy LDAP_P (( void *dn, unsigned flags ));
+
+typedef int (LDAP_TLS_CONNECT_CB) LDAP_P (( struct ldap *ld, void *ssl,
+ void *ctx, void *arg ));
+
+LDAP_F (int) ldap_pvt_tls_get_my_dn LDAP_P(( void *ctx, struct berval *dn,
+ LDAPDN_rewrite_dummy *func, unsigned flags ));
+LDAP_F (int) ldap_pvt_tls_get_peer_dn LDAP_P(( void *ctx, struct berval *dn,
+ LDAPDN_rewrite_dummy *func, unsigned flags ));
+LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *ctx ));
+
+LDAP_END_DECL
+
+/*
+ * Multiple precision stuff
+ *
+ * May use OpenSSL's BIGNUM if built with TLS,
+ * or GNU's multiple precision library. But if
+ * long long is available, that's big enough
+ * and much more efficient.
+ *
+ * If none is available, unsigned long data is used.
+ */
+
+LDAP_BEGIN_DECL
+
+#ifdef USE_MP_BIGNUM
+/*
+ * Use OpenSSL's BIGNUM