25 files changed, 0 insertions, 2391 deletions
diff --git a/src/PolarSSL++/AesCfb128Decryptor.cpp b/src/PolarSSL++/AesCfb128Decryptor.cpp
deleted file mode 100644
index 0aba1c42c..000000000
--- a/src/PolarSSL++/AesCfb128Decryptor.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-
-// AesCfb128Decryptor.cpp
-
-// Implements the cAesCfb128Decryptor class decrypting data using AES CFB-128
-
-#include "Globals.h"
-#include "AesCfb128Decryptor.h"
-
-
-
-
-
-cAesCfb128Decryptor::cAesCfb128Decryptor(void) :
-	m_IVOffset(0),
-	m_IsValid(false)
-{
-}
-
-
-
-
-
-cAesCfb128Decryptor::~cAesCfb128Decryptor()
-{
-	// Clear the leftover in-memory data, so that they can't be accessed by a backdoor
-	memset(&m_Aes, 0, sizeof(m_Aes));
-}
-
-
-
-
-
-void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
-{
-	ASSERT(!IsValid());  // Cannot Init twice
-
-	memcpy(m_IV, a_IV, 16);
-	aes_setkey_enc(&m_Aes, a_Key, 128);
-	m_IsValid = true;
-}
-
-
-
-
-
-void cAesCfb128Decryptor::ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length)
-{
-	ASSERT(IsValid());  // Must Init() first
-
-	// PolarSSL doesn't support AES-CFB8, need to implement it manually:
-	for (size_t i = 0; i < a_Length; i++)
-	{
-		Byte Buffer[sizeof(m_IV)];
-		aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
-		for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
-		{
-			m_IV[idx] = m_IV[idx + 1];
-		}
-		m_IV[sizeof(m_IV) - 1] = a_EncryptedIn[i];
-		a_DecryptedOut[i] = a_EncryptedIn[i] ^ Buffer[0];
-	}
-}
-
-
-
-
-
diff --git a/src/PolarSSL++/AesCfb128Decryptor.h b/src/PolarSSL++/AesCfb128Decryptor.h
deleted file mode 100644
index 56b96d3b3..000000000
--- a/src/PolarSSL++/AesCfb128Decryptor.h
+++ /dev/null
@@ -1,51 +0,0 @@
-
-// AesCfb128Decryptor.h
-
-// Declares the cAesCfb128Decryptor class decrypting data using AES CFB-128
-
-
-
-
-
-#pragma once
-
-#include "polarssl/aes.h"
-
-
-
-
-
-/** Decrypts data using the AES / CFB 128 algorithm */
-class cAesCfb128Decryptor
-{
-public:
-
-	cAesCfb128Decryptor(void);
-	~cAesCfb128Decryptor();
-
-	/** Initializes the decryptor with the specified Key / IV */
-	void Init(const Byte a_Key[16], const Byte a_IV[16]);
-
-	/** Decrypts a_Length bytes of the encrypted data; produces a_Length output bytes */
-	void ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length);
-
-	/** Returns true if the object has been initialized with the Key / IV */
-	bool IsValid(void) const { return m_IsValid; }
-
-protected:
-	aes_context m_Aes;
-
-	/** The InitialVector, used by the CFB mode decryption */
-	Byte m_IV[16];
-
-	/** Current offset in the m_IV, used by the CFB mode decryption */
-	size_t m_IVOffset;
-
-	/** Indicates whether the object has been initialized with the Key / IV */
-	bool m_IsValid;
-} ;
-
-
-
-
-
diff --git a/src/PolarSSL++/AesCfb128Encryptor.cpp b/src/PolarSSL++/AesCfb128Encryptor.cpp
deleted file mode 100644
index ac0262e69..000000000
--- a/src/PolarSSL++/AesCfb128Encryptor.cpp
+++ /dev/null
@@ -1,68 +0,0 @@
-
-// AesCfb128Encryptor.cpp
-
-// Implements the cAesCfb128Encryptor class encrypting data using AES CFB-128
-
-#include "Globals.h"
-#include "AesCfb128Encryptor.h"
-
-
-
-
-
-cAesCfb128Encryptor::cAesCfb128Encryptor(void) :
-	m_IVOffset(0),
-	m_IsValid(false)
-{
-}
-
-
-
-
-
-cAesCfb128Encryptor::~cAesCfb128Encryptor()
-{
-	// Clear the leftover in-memory data, so that they can't be accessed by a backdoor
-	memset(&m_Aes, 0, sizeof(m_Aes));
-}
-
-
-
-
-
-void cAesCfb128Encryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
-{
-	ASSERT(!IsValid());  // Cannot Init twice
-	ASSERT(m_IVOffset == 0);
-
-	memcpy(m_IV, a_IV, 16);
-	aes_setkey_enc(&m_Aes, a_Key, 128);
-	m_IsValid = true;
-}
-
-
-
-
-
-void cAesCfb128Encryptor::ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length)
-{
-	ASSERT(IsValid());  // Must Init() first
-
-	// PolarSSL doesn't do AES-CFB8, so we need to implement it ourselves:
-	for (size_t i = 0; i < a_Length; i++)
-	{
-		Byte Buffer[sizeof(m_IV)];
-		aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
-		for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
-		{
-			m_IV[idx] = m_IV[idx + 1];
-		}
-		a_EncryptedOut[i] = a_PlainIn[i] ^ Buffer[0];
-		m_IV[sizeof(m_IV) - 1] = a_EncryptedOut[i];
-	}
-}
-
-
-
-
-
diff --git a/src/PolarSSL++/AesCfb128Encryptor.h b/src/PolarSSL++/AesCfb128Encryptor.h
deleted file mode 100644
index 71280a098..000000000
--- a/src/PolarSSL++/AesCfb128Encryptor.h
+++ /dev/null
@@ -1,50 +0,0 @@
-
-// AesCfb128Encryptor.h
-
-// Declares the cAesCfb128Encryptor class encrypting data using AES CFB-128
-
-
-
-
-
-#pragma once
-
-#include "polarssl/aes.h"
-
-
-
-
-
-/** Encrypts data using the AES / CFB (128) algorithm */
-class cAesCfb128Encryptor
-{
-public:
-	cAesCfb128Encryptor(void);
-	~cAesCfb128Encryptor();
-
-	/** Initializes the decryptor with the specified Key / IV */
-	void Init(const Byte a_Key[16], const Byte a_IV[16]);
-
-	/** Encrypts a_Length bytes of the plain data; produces a_Length output bytes */
-	void ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length);
-
-	/** Returns true if the object has been initialized with the Key / IV */
-	bool IsValid(void) const { return m_IsValid; }
-
-protected:
-	aes_context m_Aes;
-
-	/** The InitialVector, used by the CFB mode encryption */
-	Byte m_IV[16];
-
-	/** Current offset in the m_IV, used by the CFB mode encryption */
-	size_t m_IVOffset;
-
-	/** Indicates whether the object has been initialized with the Key / IV */
-	bool m_IsValid;
-} ;
-
-
-
-
-
diff --git a/src/PolarSSL++/BlockingSslClientSocket.cpp b/src/PolarSSL++/BlockingSslClientSocket.cpp
deleted file mode 100644
index 7d7fc4ccf..000000000
--- a/src/PolarSSL++/BlockingSslClientSocket.cpp
+++ /dev/null
@@ -1,359 +0,0 @@
-
-// BlockingSslClientSocket.cpp
-
-// Implements the cBlockingSslClientSocket class representing a blocking TCP socket with client SSL encryption over it
-
-#include "Globals.h"
-#include "BlockingSslClientSocket.h"
-
-
-
-
-
-////////////////////////////////////////////////////////////////////////////////
-// cBlockingSslClientSocketConnectCallbacks:
-
-class cBlockingSslClientSocketConnectCallbacks:
-	public cNetwork::cConnectCallbacks
-{
-	/** The socket object that is using this instance of the callbacks. */
-	cBlockingSslClientSocket & m_Socket;
-
-	virtual void OnConnected(cTCPLink & a_Link) override
-	{
-		m_Socket.OnConnected();
-	}
-
-	virtual void OnError(int a_ErrorCode, const AString & a_ErrorMsg) override
-	{
-		m_Socket.OnConnectError(a_ErrorMsg);
-	}
-
-public:
-	cBlockingSslClientSocketConnectCallbacks(cBlockingSslClientSocket & a_Socket):
-		m_Socket(a_Socket)
-	{
-	}
-};
-
-
-
-
-
-////////////////////////////////////////////////////////////////////////////////
-// cBlockingSslClientSocketLinkCallbacks:
-
-class cBlockingSslClientSocketLinkCallbacks:
-	public cTCPLink::cCallbacks
-{
-	cBlockingSslClientSocket & m_Socket;
-
-	virtual void OnLinkCreated(cTCPLinkPtr a_Link) override
-	{
-		m_Socket.SetLink(a_Link);
-	}
-
-
-	virtual void OnReceivedData(const char * a_Data, size_t a_Length) override
-	{
-		m_Socket.OnReceivedData(a_Data, a_Length);
-	}
-
-
-	virtual void OnRemoteClosed(void) override
-	{
-		m_Socket.OnDisconnected();
-	}
-
-
-	virtual void OnError(int a_ErrorCode, const AString & a_ErrorMsg) override
-	{
-		m_Socket.OnDisconnected();
-	}
-
-public:
-
-	cBlockingSslClientSocketLinkCallbacks(cBlockingSslClientSocket & a_Socket):
-		m_Socket(a_Socket)
-	{
-	}
-};
-
-
-
-
-
-////////////////////////////////////////////////////////////////////////////////
-// cBlockingSslClientSocket:
-
-cBlockingSslClientSocket::cBlockingSslClientSocket(void) :
-	m_Ssl(*this),
-	m_IsConnected(false)
-{
-	// Nothing needed yet
-}
-
-
-
-
-
-bool cBlockingSslClientSocket::Connect(const AString & a_ServerName, UInt16 a_Port)
-{
-	// If already connected, report an error:
-	if (m_IsConnected)
-	{
-		// TODO: Handle this better - if connected to the same server and port, and the socket is alive, return success
-		m_LastErrorText = "Already connected";
-		return false;
-	}
-
-	// Connect the underlying socket:
-	m_ServerName = a_ServerName;
-	if (!cNetwork::Connect(a_ServerName, a_Port,
-		std::make_shared<cBlockingSslClientSocketConnectCallbacks>(*this),
-		std::make_shared<cBlockingSslClientSocketLinkCallbacks>(*this))
-	)
-	{
-		return false;
-	}
-
-	// Wait for the connection to succeed or fail:
-	m_Event.Wait();
-	if (!m_IsConnected)
-	{
-		return false;
-	}
-
-	// Initialize the SSL:
-	int ret = m_Ssl.Initialize(true);
-	if (ret != 0)
-	{
-		Printf(m_LastErrorText, "SSL initialization failed: -0x%x", -ret);
-		return false;
-	}
-
-	// If we have been assigned a trusted CA root cert store, push it into the SSL context:
-	if (m_CACerts.get() != nullptr)
-	{
-		m_Ssl.SetCACerts(m_CACerts, m_ExpectedPeerName);
-	}
-
-	ret = m_Ssl.Handshake();
-	if (ret != 0)
-	{
-		Printf(m_LastErrorText, "SSL handshake failed: -0x%x", -ret);
-		return false;
-	}
-
-	return true;
-}
-
-
-
-
-
-
-bool cBlockingSslClientSocket::SetTrustedRootCertsFromString(const AString & a_CACerts, const AString & a_ExpectedPeerName)
-{
-	// Warn if used multiple times, but don't signal an error:
-	if (m_CACerts.get() != nullptr)
-	{
-		LOGWARNING(
-			"SSL: Trying to set multiple trusted CA root cert stores, only the last one will be used. Name: %s",
-			a_ExpectedPeerName.c_str()
-		);
-	}
-
-	// Parse the cert:
-	m_CACerts.reset(new cX509Cert);
-	int ret = m_CACerts->Parse(a_CACerts.data(), a_CACerts.size());
-	if (ret < 0)
-	{
-		Printf(m_LastErrorText, "CA cert parsing failed: -0x%x", -ret);
-		return false;
-	}
-	m_ExpectedPeerName = a_ExpectedPeerName;
-
-	return true;
-}
-
-
-
-
-
-bool cBlockingSslClientSocket::Send(const void * a_Data, size_t a_NumBytes)
-{
-	if (!m_IsConnected)
-	{
-		m_LastErrorText = "Socket is closed";
-		return false;
-	}
-
-	// Keep sending the data until all of it is sent:
-	const char * Data = reinterpret_cast<const char *>(a_Data);
-	size_t NumBytes = a_NumBytes;
-	for (;;)
-	{
-		int res = m_Ssl.WritePlain(Data, a_NumBytes);
-		if (res < 0)
-		{
-			ASSERT(res != POLARSSL_ERR_NET_WANT_READ);   // This should never happen with callback-based SSL
-			ASSERT(res != POLARSSL_ERR_NET_WANT_WRITE);  // This should never happen with callback-based SSL
-			Printf(m_LastErrorText, "Data cannot be written to SSL context: -0x%x", -res);
-			return false;
-		}
-		else
-		{
-			Data += res;
-			NumBytes -= static_cast<size_t>(res);
-			if (NumBytes == 0)
-			{
-				return true;
-			}
-		}
-	}
-}
-
-
-
-
-
-
-int cBlockingSslClientSocket::Receive(void * a_Data, size_t a_MaxBytes)
-{
-	// Even if m_IsConnected is false (socket disconnected), the SSL context may have more data in the queue
-	int res = m_Ssl.ReadPlain(a_Data, a_MaxBytes);
-	if (res < 0)
-	{
-		Printf(m_LastErrorText, "Data cannot be read form SSL context: -0x%x", -res);
-	}
-	return res;
-}
-
-
-
-
-
-void cBlockingSslClientSocket::Disconnect(void)
-{
-	// Ignore if not connected
-	if (!m_IsConnected)
-	{
-		return;
-	}
-
-	m_Ssl.NotifyClose();
-	m_IsConnected = false;
-
-	// Grab a copy of the socket so that we know it doesn't change under our hands:
-	auto socket = m_Socket;
-	if (socket != nullptr)
-	{
-		socket->Close();
-	}
-
-	m_Socket.reset();
-}
-
-
-
-
-
-int cBlockingSslClientSocket::ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes)
-{
-	// Wait for any incoming data, if there is none:
-	cCSLock Lock(m_CSIncomingData);
-	while (m_IsConnected && m_IncomingData.empty())
-	{
-		cCSUnlock Unlock(Lock);
-		m_Event.Wait();
-	}
-
-	// If we got disconnected, report an error after processing all data:
-	if (!m_IsConnected && m_IncomingData.empty())
-	{
-		return POLARSSL_ERR_NET_RECV_FAILED;
-	}
-
-	// Copy the data from the incoming buffer into the specified space:
-	size_t NumToCopy = std::min(a_NumBytes, m_IncomingData.size());
-	memcpy(a_Buffer, m_IncomingData.data(), NumToCopy);
-	m_IncomingData.erase(0, NumToCopy);
-	return static_cast<int>(NumToCopy);
-}
-
-
-
-
-
-int cBlockingSslClientSocket::SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes)
-{
-	cTCPLinkPtr Socket(m_Socket);  // Make a copy so that multiple threads don't race on deleting the socket.
-	if (Socket == nullptr)
-	{
-		return POLARSSL_ERR_NET_SEND_FAILED;
-	}
-	if (!Socket->Send(a_Buffer, a_NumBytes))
-	{
-		// PolarSSL's net routines distinguish between connection reset and general failure, we don't need to
-		return POLARSSL_ERR_NET_SEND_FAILED;
-	}
-	return static_cast<int>(a_NumBytes);
-}
-
-
-
-
-
-void cBlockingSslClientSocket::OnConnected(void)
-{
-	m_IsConnected = true;
-	m_Event.Set();
-}
-
-
-
-
-
-void cBlockingSslClientSocket::OnConnectError(const AString & a_ErrorMsg)
-{
-	LOG("Cannot connect to %s: \"%s\"", m_ServerName.c_str(), a_ErrorMsg.c_str());
-	m_Event.Set();
-}
-
-
-
-
-
-void cBlockingSslClientSocket::OnReceivedData(const char * a_Data, size_t a_Size)
-{
-	{
-		cCSLock Lock(m_CSIncomingData);
-		m_IncomingData.append(a_Data, a_Size);
-	}
-	m_Event.Set();
-}
-
-
-
-
-
-void cBlockingSslClientSocket::SetLink(cTCPLinkPtr a_Link)
-{
-	m_Socket = a_Link;
-}
-
-
-
-
-
-void cBlockingSslClientSocket::OnDisconnected(void)
-{
-	m_IsConnected = false;
-	m_Socket.reset();
-	m_Event.Set();
-}
-
-
-
-
diff --git a/src/PolarSSL++/BlockingSslClientSocket.h b/src/PolarSSL++/BlockingSslClientSocket.h
deleted file mode 100644
index 651d750e6..000000000
--- a/src/PolarSSL++/BlockingSslClientSocket.h
+++ /dev/null
@@ -1,116 +0,0 @@
-
-// BlockingSslClientSocket.h
-
-// Declares the cBlockingSslClientSocket class representing a blocking TCP socket with client SSL encryption over it
-
-
-
-
-
-#pragma once
-
-#include "OSSupport/Network.h"
-#include "CallbackSslContext.h"
-
-
-
-
-
-class cBlockingSslClientSocket :
-	protected cCallbackSslContext::cDataCallbacks
-{
-public:
-	cBlockingSslClientSocket(void);
-
-	virtual ~cBlockingSslClientSocket(void) override
-	{
-		Disconnect();
-	}
-
-	/** Connects to the specified server and performs SSL handshake.
-	Returns true if successful, false on failure. Sets internal error text on failure. */
-	bool Connect(const AString & a_ServerName, UInt16 a_Port);
-
-	/** Sends the specified data over the connection.
-	Returns true if successful, false on failure. Sets the internal error text on failure. */
-	bool Send(const void * a_Data, size_t a_NumBytes);
-
-	/** Receives data from the connection.
-	Blocks until there is any data available, then returns as much as possible.
-	Returns the number of bytes actually received, negative number on failure.
-	Sets the internal error text on failure. */
-	int Receive(void * a_Data, size_t a_MaxBytes);
-
-	/** Disconnects the connection gracefully, if possible.
-	Note that this also frees the internal SSL context, so all the certificates etc. are lost. */
-	void Disconnect(void);
-
-	/** Sets the root certificates that are to be trusted. Forces the connection to use strict cert
-	verification. Needs to be used before calling Connect().
-	a_ExpectedPeerName is the name that we expect to receive in the SSL peer's cert; verification will fail if
-	the presented name is different (possible MITM).
-	Returns true on success, false on failure. Sets internal error text on failure. */
-	bool SetTrustedRootCertsFromString(const AString & a_CACerts, const AString & a_ExpectedPeerName);
-
-	/** Returns the text of the last error that has occurred in this instance. */
-	const AString & GetLastErrorText(void) const { return m_LastErrorText; }
-
-protected:
-	friend class cBlockingSslClientSocketConnectCallbacks;
-	friend class cBlockingSslClientSocketLinkCallbacks;
-
-	/** The SSL context used for the socket */
-	cCallbackSslContext m_Ssl;
-
-	/** The underlying socket to the SSL server */
-	cTCPLinkPtr m_Socket;
-
-	/** The object used to signal state changes in the socket (the cause of the blocking). */
-	cEvent m_Event;
-
-	/** The trusted CA root cert store, if we are to verify the cert strictly. Set by SetTrustedRootCertsFromString(). */
-	cX509CertPtr m_CACerts;
-
-	/** The expected SSL peer's name, if we are to verify the cert strictly. Set by SetTrustedRootCertsFromString(). */
-	AString m_ExpectedPeerName;
-
-	/** The hostname to which the socket is connecting (stored for error reporting). */
-	AString m_ServerName;
-
-	/** Text of the last error that has occurred. */
-	AString m_LastErrorText;
-
-	/** Set to true if the connection established successfully. */
-	std::atomic<bool> m_IsConnected;
-
-	/** Protects m_IncomingData against multithreaded access. */
-	cCriticalSection m_CSIncomingData;
-
-	/** Buffer for the data incoming on the network socket.
-	Protected by m_CSIncomingData. */
-	AString m_IncomingData;
-
-
-	/** Called when the connection is established successfully. */
-	void OnConnected(void);
-
-	/** Called when an error occurs while connecting the socket. */
-	void OnConnectError(const AString & a_ErrorMsg);
-
-	/** Called when there's incoming data from the socket. */
-	void OnReceivedData(const char * a_Data, size_t a_Size);
-
-	/** Called when the link for the connection is created. */
-	void SetLink(cTCPLinkPtr a_Link);
-
-	/** Called when the link is disconnected, either gracefully or by an error. */
-	void OnDisconnected(void);
-
-	// cCallbackSslContext::cDataCallbacks overrides:
-	virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) override;
-	virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) override;
-} ;
-
-
-
-
diff --git a/src/PolarSSL++/BufferedSslContext.cpp b/src/PolarSSL++/BufferedSslContext.cpp
deleted file mode 100644
index c8d4736f7..000000000
--- a/src/PolarSSL++/BufferedSslContext.cpp
+++ /dev/null
@@ -1,93 +0,0 @@
-
-// BufferedSslContext.cpp
-
-// Implements the cBufferedSslContext class representing a SSL context with the SSL peer data backed by a cByteBuffer
-
-#include "Globals.h"
-#include "BufferedSslContext.h"
-
-
-
-
-
-cBufferedSslContext::cBufferedSslContext(size_t a_BufferSize):
-	m_OutgoingData(a_BufferSize),
-	m_IncomingData(a_BufferSize)
-{
-}
-
-
-
-
-
-size_t cBufferedSslContext::WriteIncoming(const void * a_Data, size_t a_NumBytes)
-{
-	size_t NumBytes = std::min(m_IncomingData.GetFreeSpace(), a_NumBytes);
-	if (NumBytes > 0)
-	{
-		m_IncomingData.Write(a_Data, NumBytes);
-		return NumBytes;
-	}
-	return 0;
-}
-
-
-
-
-
-size_t cBufferedSslContext::ReadOutgoing(void * a_Data, size_t a_DataMaxSize)
-{
-	size_t NumBytes = std::min(m_OutgoingData.GetReadableSpace(), a_DataMaxSize);
-	if (NumBytes > 0)
-	{
-		m_OutgoingData.ReadBuf(a_Data, NumBytes);
-		m_OutgoingData.CommitRead();
-		return NumBytes;
-	}
-	return 0;
-}
-
-
-
-
-
-int cBufferedSslContext::ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes)
-{
-	// Called when PolarSSL wants to read encrypted data from the SSL peer
-	// Read the data from the buffer inside this object, where the owner has stored them using WriteIncoming():
-	size_t NumBytes = std::min(a_NumBytes, m_IncomingData.GetReadableSpace());
-	if (NumBytes == 0)
-	{
-		return POLARSSL_ERR_NET_WANT_READ;
-	}
-	if (!m_IncomingData.ReadBuf(a_Buffer, NumBytes))
-	{
-		m_IncomingData.ResetRead();
-		return POLARSSL_ERR_NET_RECV_FAILED;
-	}
-	m_IncomingData.CommitRead();
-	return static_cast<int>(NumBytes);
-}
-
-
-
-
-
-int cBufferedSslContext::SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes)
-{
-	// Called when PolarSSL wants to write encrypted data to the SSL peer
-	// Write the data into the buffer inside this object, where the owner can later read them using ReadOutgoing():
-	if (!m_OutgoingData.CanWriteBytes(a_NumBytes))
-	{
-		return POLARSSL_ERR_NET_WANT_WRITE;
-	}
-	if (!m_OutgoingData.Write(reinterpret_cast<const char *>(a_Buffer), a_NumBytes))
-	{
-		return POLARSSL_ERR_NET_SEND_FAILED;
-	}
-	return static_cast<int>(a_NumBytes);
-}
-
-
-
-
diff --git a/src/PolarSSL++/BufferedSslContext.h b/src/PolarSSL++/BufferedSslContext.h
deleted file mode 100644
index ab058a52e..000000000
--- a/src/PolarSSL++/BufferedSslContext.h
+++ /dev/null
@@ -1,52 +0,0 @@
-
-// BufferedSslContext.h
-
-// Declares the cBufferedSslContext class representing a SSL context with the SSL peer data backed by a cByteBuffer
-
-
-
-
-
-#pragma once
-
-#include "SslContext.h"
-
-
-
-
-
-class cBufferedSslContext :
-	public cSslContext
-{
-	typedef cSslContext super;
-
-public:
-	/** Creates a new context with the buffers of specified size for the encrypted / decrypted data. */
-	cBufferedSslContext(size_t a_BufferSize = 64000);
-
-	/** Stores the specified data in the "incoming" buffer, to be process by the SSL decryptor.
-	This is the data received from the SSL peer.
-	Returns the number of bytes actually stored. If 0 is returned, owner should check the error state. */
-	size_t WriteIncoming(const void * a_Data, size_t a_NumBytes);
-
-	/** Retrieves data from the "outgoing" buffer, after being processed by the SSL encryptor.
-	This is the data to be sent to the SSL peer.
-	Returns the number of bytes actually retrieved. */
-	size_t ReadOutgoing(void * a_Data, size_t a_DataMaxSize);
-
-protected:
-	/** Buffer for the data that has been encrypted into the SSL stream and should be sent out. */
-	cByteBuffer m_OutgoingData;
-
-	/** Buffer for the data that has come in and needs to be decrypted from the SSL stream. */
-	cByteBuffer m_IncomingData;
-
-
-	// cSslContext overrides:
-	virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) override;
-	virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) override;
-} ;
-
-
-
-
diff --git a/src/PolarSSL++/CMakeLists.txt b/src/PolarSSL++/CMakeLists.txt
deleted file mode 100644
index 3d77e15d1..000000000
--- a/src/PolarSSL++/CMakeLists.txt
+++ /dev/null
@@ -1,41 +0,0 @@
-project (Cuberite)
-
-include_directories ("${PROJECT_SOURCE_DIR}/../")
-
-set(SRCS
-	AesCfb128Decryptor.cpp
-	AesCfb128Encryptor.cpp
-	BlockingSslClientSocket.cpp
-	BufferedSslContext.cpp
-	CallbackSslContext.cpp
-	CtrDrbgContext.cpp
-	CryptoKey.cpp
-	EntropyContext.cpp
-	RsaPrivateKey.cpp
-	Sha1Checksum.cpp
-	SslContext.cpp
-	X509Cert.cpp
-)
-
-set(HDRS
-	AesCfb128Decryptor.h
-	AesCfb128Encryptor.h
-	BlockingSslClientSocket.h
-	BufferedSslContext.h
-	CallbackSslContext.h
-	CtrDrbgContext.h
-	CryptoKey.h
-	EntropyContext.h
-	RsaPrivateKey.h
-	SslContext.h
-	Sha1Checksum.h
-	X509Cert.h
-)
-
-if(NOT MSVC)
-	add_library(PolarSSL++ ${SRCS} ${HDRS})
-
-	if (UNIX)
-		target_link_libraries(PolarSSL++ mbedtls)
-	endif()
-endif()
diff --git a/src/PolarSSL++/CallbackSslContext.cpp b/src/PolarSSL++/CallbackSslContext.cpp
deleted file mode 100644
index e061e3f03..000000000
--- a/src/PolarSSL++/CallbackSslContext.cpp
+++ /dev/null
@@ -1,60 +0,0 @@
-
-// CallbackSslContext.cpp
-
-// Declares the cCallbackSslContext class representing a SSL context wrapper that uses callbacks to read and write SSL peer data
-
-#include "Globals.h"
-#include "CallbackSslContext.h"
-
-
-
-
-
-
-cCallbackSslContext::cCallbackSslContext(void) :
-	m_Callbacks(nullptr)
-{
-	// Nothing needed, but the constructor needs to exist so
-}
-
-
-
-
-
-cCallbackSslContext::cCallbackSslContext(cCallbackSslContext::cDataCallbacks & a_Callbacks) :
-	m_Callbacks(&a_Callbacks)
-{
-}
-
-
-
-
-
-int cCallbackSslContext::ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes)
-{
-	if (m_Callbacks == nullptr)
-	{
-		LOGWARNING("SSL: Trying to receive data with no callbacks, aborting.");
-		return POLARSSL_ERR_NET_RECV_FAILED;
-	}
-	return m_Callbacks->ReceiveEncrypted(a_Buffer, a_NumBytes);
-}
-
-
-
-
-
-int cCallbackSslContext::SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes)
-{
-	if (m_Callbacks == nullptr)
-	{
-		LOGWARNING("SSL: Trying to send data with no callbacks, aborting.");
-		return POLARSSL_ERR_NET_SEND_FAILED;
-	}
-	return m_Callbacks->SendEncrypted(a_Buffer, a_NumBytes);
-}
-
-
-
-
-
diff --git a/src/PolarSSL++/CallbackSslContext.h b/src/PolarSSL++/CallbackSslContext.h
deleted file mode 100644
index 1fc131182..000000000
--- a/src/PolarSSL++/CallbackSslContext.h
+++ /dev/null
@@ -1,64 +0,0 @@
-
-// CallbackSslContext.h
-
-// Declares the cCallbackSslContext class representing a SSL context wrapper that uses callbacks to read and write SSL peer data
-
-
-
-
-
-#pragma once
-
-#include "SslContext.h"
-
-
-
-
-
-class cCallbackSslContext :
-	public cSslContext
-{
-public:
-	/** Interface used as a data sink for the SSL peer data. */
-	class cDataCallbacks
-	{
-	public:
-		// Force a virtual destructor in descendants:
-		virtual ~cDataCallbacks() {}
-
-		/** Called when PolarSSL wants to read encrypted data from the SSL peer.
-		The returned value is the number of bytes received, or a PolarSSL error on failure.
-		The implementation can return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE to indicate
-		that there's currently no more data and that there might be more data in the future. In such cases the
-		SSL operation that invoked this call will terminate with the same return value, so that the owner is
-		notified of this condition and can potentially restart the operation later on. */
-		virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) = 0;
-
-		/** Called when PolarSSL wants to write encrypted data to the SSL peer.
-		The returned value is the number of bytes sent, or a PolarSSL error on failure.
-		The implementation can return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE to indicate
-		that there's currently no more data and that there might be more data in the future. In such cases the
-		SSL operation that invoked this call will terminate with the same return value, so that the owner is
-		notified of this condition and can potentially restart the operation later on. */
-		virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) = 0;
-	} ;
-
-
-	/** Creates a new SSL context with no callbacks assigned */
-	cCallbackSslContext(void);
-
-	/** Creates a new SSL context with the specified callbacks */
-	cCallbackSslContext(cDataCallbacks & a_Callbacks);
-
-protected:
-	/** The callbacks to use to send and receive SSL peer data */
-	cDataCallbacks * m_Callbacks;
-
-	// cSslContext overrides:
-	virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) override;
-	virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) override;
-};
-
-
-
-
diff --git a/src/PolarSSL++/CryptoKey.cpp b/src/PolarSSL++/CryptoKey.cpp
deleted file mode 100644
index b01fee5f9..000000000
--- a/src/PolarSSL++/CryptoKey.cpp
+++ /dev/null
@@ -1,149 +0,0 @@
-
-// CryptoKey.cpp
-
-// Implements the cCryptoKey class representing a RSA public key in PolarSSL
-
-#include "Globals.h"
-#include "CryptoKey.h"
-
-
-
-
-
-cCryptoKey::cCryptoKey(void)
-{
-	pk_init(&m_Pk);
-	m_CtrDrbg.Initialize("rsa_pubkey", 10);
-}
-
-
-
-
-
-cCryptoKey::cCryptoKey(const AString & a_PublicKeyData)
-{
-	pk_init(&m_Pk);
-	m_CtrDrbg.Initialize("rsa_pubkey", 10);
-	int res = ParsePublic(a_PublicKeyData.data(), a_PublicKeyData.size());
-	if (res != 0)
-	{
-		LOGWARNING("Failed to parse public key: -0x%x", res);
-		ASSERT(!"Cannot parse PubKey");
-		return;
-	}
-}
-
-
-
-
-
-cCryptoKey::cCryptoKey(const AString & a_PrivateKeyData, const AString & a_Password)
-{
-	pk_init(&m_Pk);
-	m_CtrDrbg.Initialize("rsa_privkey", 11);
-	int res = ParsePrivate(a_PrivateKeyData.data(), a_PrivateKeyData.size(), a_Password);
-	if (res != 0)
-	{
-		LOGWARNING("Failed to parse private key: -0x%x", res);
-		ASSERT(!"Cannot parse PrivKey");
-		return;
-	}
-}
-
-
-
-
-
-cCryptoKey::~cCryptoKey()
-{
-	pk_free(&m_Pk);
-}
-
-
-
-
-
-int cCryptoKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength)
-{
-	ASSERT(IsValid());
-
-	size_t DecryptedLen = a_DecryptedMaxLength;
-	int res = pk_decrypt(&m_Pk,
-		a_EncryptedData, a_EncryptedLength,
-		a_DecryptedData, &DecryptedLen, a_DecryptedMaxLength,
-		ctr_drbg_random, m_CtrDrbg.GetInternal()
-	);
-	if (res != 0)
-	{
-		return res;
-	}
-	return static_cast<int>(DecryptedLen);
-}
-
-
-
-
-
-int cCryptoKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength)
-{
-	ASSERT(IsValid());
-
-	size_t EncryptedLength = a_EncryptedMaxLength;
-	int res = pk_encrypt(&m_Pk,
-		a_PlainData, a_PlainLength, a_EncryptedData, &EncryptedLength, a_EncryptedMaxLength,
-		ctr_drbg_random, m_CtrDrbg.GetInternal()
-	);
-	if (res != 0)
-	{
-		return res;
-	}
-	return static_cast<int>(EncryptedLength);
-}
-
-
-
-
-
-
-int cCryptoKey::ParsePublic(const void * a_Data, size_t a_NumBytes)
-{
-	ASSERT(!IsValid());  // Cannot parse a second key
-
-	return pk_parse_public_key(&m_Pk, reinterpret_cast<const unsigned char *>(a_Data), a_NumBytes);
-}
-
-
-
-
-
-
-int cCryptoKey::ParsePrivate(const void * a_Data, size_t a_NumBytes, const AString & a_Password)
-{
-	ASSERT(!IsValid());  // Cannot parse a second key
-
-	if (a_Password.empty())
-	{
-		return pk_parse_key(&m_Pk, reinterpret_cast<const unsigned char *>(a_Data), a_NumBytes, nullptr, 0);
-	}
-	else
-	{
-		return pk_parse_key(
-			&m_Pk,
-			reinterpret_cast<const unsigned char *>(a_Data), a_NumBytes,
-			reinterpret_cast<const unsigned char *>(a_Password.c_str()), a_Password.size()
-		);
-	}
-}
-
-
-
-
-
-bool cCryptoKey::IsValid(void) const
-{
-	return (pk_get_type(&m_Pk) != POLARSSL_PK_NONE);
-}
-
-
-
-
diff --git a/src/PolarSSL++/CryptoKey.h b/src/PolarSSL++/CryptoKey.h
deleted file mode 100644
index db15cefb4..000000000
--- a/src/PolarSSL++/CryptoKey.h
+++ /dev/null
@@ -1,76 +0,0 @@
-
-// CryptoKey.h
-
-// Declares the cCryptoKey class representing a RSA public key in PolarSSL
-
-
-
-
-
-#pragma once
-
-#include "CtrDrbgContext.h"
-#include "polarssl/pk.h"
-
-
-
-
-
-class cCryptoKey
-{
-	friend class cSslContext;
-
-public:
-	/** Constructs an empty key instance. Before use, it needs to be filled by ParsePublic() or ParsePrivate() */
-	cCryptoKey(void);
-
-	/** Constructs the public key out of the DER- or PEM-encoded pubkey data */
-	cCryptoKey(const AString & a_PublicKeyData);
-
-	/** Constructs the private key out of the DER- or PEM-encoded privkey data, with the specified password.
-	If a_Password is empty, no password is assumed. */
-	cCryptoKey(const AString & a_PrivateKeyData, const AString & a_Password);
-
-	~cCryptoKey();
-
-	/** Decrypts the data using the stored public key
-	Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
-	Returns the number of bytes decrypted, or negative number for error. */
-	int Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength);
-
-	/** Encrypts the data using the stored public key
-	Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
-	Returns the number of bytes decrypted, or negative number for error. */
-	int Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength);
-
-	/** Parses the specified data into a public key representation.
-	The key can be DER- or PEM-encoded.
-	Returns 0 on success, PolarSSL error code on failure. */
-	int ParsePublic(const void * a_Data, size_t a_NumBytes);
-
-	/** Parses the specified data into a private key representation.
-	If a_Password is empty, no password is assumed.
-	The key can be DER- or PEM-encoded.
-	Returns 0 on success, PolarSSL error code on failure. */
-	int ParsePrivate(const void * a_Data, size_t a_NumBytes, const AString & a_Password);
-
-	/** Returns true if the contained key is valid. */
-	bool IsValid(void) const;
-
-protected:
-	/** The PolarSSL representation of the key data */
-	pk_context m_Pk;
-
-	/** The random generator used in encryption and decryption */
-	cCtrDrbgContext m_CtrDrbg;
-
-
-	/** Returns the internal context ptr. Only use in PolarSSL API calls. */
-	pk_context * GetInternal(void) { return &m_Pk; }
-} ;
-
-typedef std::shared_ptr<cCryptoKey> cCryptoKeyPtr;
-
-
-
-
diff --git a/src/PolarSSL++/CtrDrbgContext.cpp b/src/PolarSSL++/CtrDrbgContext.cpp
deleted file mode 100644
index c2243db38..000000000
--- a/src/PolarSSL++/CtrDrbgContext.cpp
+++ /dev/null
@@ -1,49 +0,0 @@
-
-// CtrDrbgContext.cpp
-
-// Implements the cCtrDrbgContext class representing a wrapper over CTR-DRBG implementation in PolarSSL
-
-#include "Globals.h"
-#include "CtrDrbgContext.h"
-#include "EntropyContext.h"
-
-
-
-
-
-cCtrDrbgContext::cCtrDrbgContext(void) :
-	m_EntropyContext(new cEntropyContext),
-	m_IsValid(false)
-{
-}
-
-
-
-
-
-cCtrDrbgContext::cCtrDrbgContext(const std::shared_ptr<cEntropyContext> & a_EntropyContext) :
-	m_EntropyContext(a_EntropyContext),
-	m_IsValid(false)
-{
-}
-
-
-
-
-
-int cCtrDrbgContext::Initialize(const void * a_Custom, size_t a_CustomSize)
-{
-	if (m_IsValid)
-	{
-		// Already initialized
-		return 0;
-	}
-
-	int res = ctr_drbg_init(&m_CtrDrbg, entropy_func, &(m_EntropyContext->m_Entropy), reinterpret_cast<const unsigned char *>(a_Custom), a_CustomSize);
-	m_IsValid = (res == 0);
-	return res;
-}
-
-
-
-
diff --git a/src/PolarSSL++/CtrDrbgContext.h b/src/PolarSSL++/CtrDrbgContext.h
deleted file mode 100644
index 20d687015..000000000
--- a/src/PolarSSL++/CtrDrbgContext.h
+++ /dev/null
@@ -1,63 +0,0 @@
-
-// CtrDrbgContext.h
-
-// Declares the cCtrDrbgContext class representing a wrapper over CTR-DRBG implementation in PolarSSL
-
-
-
-
-
-#pragma once
-
-#include "polarssl/ctr_drbg.h"
-
-
-
-
-
-// fwd: EntropyContext.h
-class cEntropyContext;
-
-
-
-
-
-class cCtrDrbgContext
-{
-	friend class cSslContext;
-	friend class cRsaPrivateKey;
-	friend class cCryptoKey;
-
-public:
-	/** Constructs the context with a new entropy context. */
-	cCtrDrbgContext(void);
-
-	/** Constructs the context with the specified entropy context. */
-	cCtrDrbgContext(const std::shared_ptr<cEntropyContext> & a_EntropyContext);
-
-	/** Initializes the context.
-	a_Custom is optional additional data to use for entropy, nullptr is accepted.
-	Returns 0 if successful, PolarSSL error code on failure. */
-	int Initialize(const void * a_Custom, size_t a_CustomSize);
-
-	/** Returns true if the object is valid (has been initialized properly) */
-	bool IsValid(void) const { return m_IsValid; }
-
-protected:
-	/** The entropy source used for generating the random */
-	std::shared_ptr<cEntropyContext> m_EntropyContext;
-
-	/** The random generator context */
-	ctr_drbg_context m_CtrDrbg;
-
-	/** Set to true if the object is valid (has been initialized properly) */
-	bool m_IsValid;
-
-
-	/** Returns the internal context ptr. Only use in PolarSSL API calls. */
-	ctr_drbg_context * GetInternal(void) { return &m_CtrDrbg; }
-} ;
-
-
-
-
diff --git a/src/PolarSSL++/EntropyContext.cpp b/src/PolarSSL++/EntropyContext.cpp
deleted file mode 100644
index 9c59b3f11..000000000
--- a/src/PolarSSL++/EntropyContext.cpp
+++ /dev/null
@@ -1,29 +0,0 @@
-
-// EntropyContext.cpp
-
-// Implements the cEntropyContext class representing a wrapper over entropy contexts in PolarSSL
-
-#include "Globals.h"
-#include "EntropyContext.h"
-
-
-
-
-
-cEntropyContext::cEntropyContext(void)
-{
-	entropy_init(&m_Entropy);
-}
-
-
-
-
-
-cEntropyContext::~cEntropyContext()
-{
-	entropy_free(&m_Entropy);
-}
-
-
-
-
diff --git a/src/PolarSSL++/EntropyContext.h b/src/PolarSSL++/EntropyContext.h
deleted file mode 100644
index 69671d32f..000000000
--- a/src/PolarSSL++/EntropyContext.h
+++ /dev/null
@@ -1,31 +0,0 @@
-
-// EntropyContext.h
-
-// Declares the cEntropyContext class representing a wrapper over entropy contexts in PolarSSL
-
-
-
-
-
-#pragma once
-
-#include "polarssl/entropy.h"
-
-
-
-
-
-class cEntropyContext
-{
-	friend class cCtrDrbgContext;
-public:
-	cEntropyContext(void);
-	~cEntropyContext();
-
-protected:
-	entropy_context m_Entropy;
-} ;
-
-
-
-
diff --git a/src/PolarSSL++/RsaPrivateKey.cpp b/src/PolarSSL++/RsaPrivateKey.cpp
deleted file mode 100644
index 5705b01f2..000000000
--- a/src/PolarSSL++/RsaPrivateKey.cpp
+++ /dev/null
@@ -1,174 +0,0 @@
-
-// RsaPrivateKey.cpp
-
-#include "Globals.h"
-#include "RsaPrivateKey.h"
-#include <polarssl/pk.h>
-
-
-
-
-
-cRsaPrivateKey::cRsaPrivateKey(void)
-{
-	rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
-	m_CtrDrbg.Initialize("RSA", 3);
-}
-
-
-
-
-
-cRsaPrivateKey::cRsaPrivateKey(const cRsaPrivateKey & a_Other)
-{
-	rsa_init(&m_Rsa, RSA_PKCS_V15, 0);
-	rsa_copy(&m_Rsa, &a_Other.m_Rsa);
-	m_CtrDrbg.Initialize("RSA", 3);
-}
-
-
-
-
-
-cRsaPrivateKey::~cRsaPrivateKey()
-{
-	rsa_free(&m_Rsa);
-}
-
-
-
-
-
-bool cRsaPrivateKey::Generate(unsigned a_KeySizeBits)
-{
-	int res = rsa_gen_key(&m_Rsa, ctr_drbg_random, m_CtrDrbg.GetInternal(), a_KeySizeBits, 65537);
-	if (res != 0)
-	{
-		LOG("RSA key generation failed: -0x%x", -res);
-		return false;
-	}
-
-	return true;
-}
-
-
-
-
-
-AString cRsaPrivateKey::GetPubKeyDER(void)
-{
-	class cPubKey
-	{
-	public:
-		cPubKey(rsa_context * a_Rsa) :
-			m_IsValid(false)
-		{
-			pk_init(&m_Key);
-			if (pk_init_ctx(&m_Key, pk_info_from_type(POLARSSL_PK_RSA)) != 0)
-			{
-				ASSERT(!"Cannot init PrivKey context");
-				return;
-			}
-			if (rsa_copy(pk_rsa(m_Key), a_Rsa) != 0)
-			{
-				ASSERT(!"Cannot copy PrivKey to PK context");
-				return;
-			}
-			m_IsValid = true;
-		}
-
-		~cPubKey()
-		{
-			if (m_IsValid)
-			{
-				pk_free(&m_Key);
-			}
-		}
-
-		operator pk_context * (void) { return &m_Key; }
-
-	protected:
-		bool m_IsValid;
-		pk_context m_Key;
-	} PkCtx(&m_Rsa);
-
-	unsigned char buf[3000];
-	int res = pk_write_pubkey_der(PkCtx, buf, sizeof(buf));
-	if (res < 0)
-	{
-		return AString();
-	}
-	return AString(reinterpret_cast<const char *>(buf + sizeof(buf) - res), static_cast<size_t>(res));
-}
-
-
-
-
-
-int cRsaPrivateKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength)
-{
-	if (a_EncryptedLength < m_Rsa.len)
-	{
-		LOGD("%s: Invalid a_EncryptedLength: got %u, exp at least %u",
-			__FUNCTION__, static_cast<unsigned>(a_EncryptedLength), static_cast<unsigned>(m_Rsa.len)
-		);
-		ASSERT(!"Invalid a_DecryptedMaxLength!");
-		return -1;
-	}
-	if (a_DecryptedMaxLength < m_Rsa.len)
-	{
-		LOGD("%s: Invalid a_DecryptedMaxLength: got %u, exp at least %u",
-			__FUNCTION__, static_cast<unsigned>(a_EncryptedLength), static_cast<unsigned>(m_Rsa.len)
-		);
-		ASSERT(!"Invalid a_DecryptedMaxLength!");
-		return -1;
-	}
-	size_t DecryptedLength;
-	int res = rsa_pkcs1_decrypt(
-		&m_Rsa, ctr_drbg_random, m_CtrDrbg.GetInternal(), RSA_PRIVATE, &DecryptedLength,
-		a_EncryptedData, a_DecryptedData, a_DecryptedMaxLength
-	);
-	if (res != 0)
-	{
-		return -1;
-	}
-	return static_cast<int>(DecryptedLength);
-}
-
-
-
-
-
-int cRsaPrivateKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength)
-{
-	if (a_EncryptedMaxLength < m_Rsa.len)
-	{
-		LOGD("%s: Invalid a_EncryptedMaxLength: got %u, exp at least %u",
-			__FUNCTION__, static_cast<unsigned>(a_EncryptedMaxLength), static_cast<unsigned>(m_Rsa.len)
-		);
-		ASSERT(!"Invalid a_DecryptedMaxLength!");
-		return -1;
-	}
-	if (a_PlainLength < m_Rsa.len)
-	{
-		LOGD("%s: Invalid a_PlainLength: got %u, exp at least %u",
-			__FUNCTION__, static_cast<unsigned>(a_PlainLength), static_cast<unsigned>(m_Rsa.len)
-		);
-		ASSERT(!"Invalid a_PlainLength!");
-		return -1;
-	}
-	int res = rsa_pkcs1_encrypt(
-		&m_Rsa, ctr_drbg_random, m_CtrDrbg.GetInternal(), RSA_PRIVATE,
-		a_PlainLength, a_PlainData, a_EncryptedData
-	);
-	if (res != 0)
-	{
-		return -1;
-	}
-	return static_cast<int>(m_Rsa.len);
-}
-
-
-
-
-
diff --git a/src/PolarSSL++/RsaPrivateKey.h b/src/PolarSSL++/RsaPrivateKey.h
deleted file mode 100644
index 595ba5663..000000000
--- a/src/PolarSSL++/RsaPrivateKey.h
+++ /dev/null
@@ -1,67 +0,0 @@
-
-// RsaPrivateKey.h
-
-// Declares the cRsaPrivateKey class representing a private key for RSA operations.
-
-
-
-
-
-#pragma once
-
-#include "CtrDrbgContext.h"
-#include "polarssl/rsa.h"
-
-
-
-
-
-/** Encapsulates an RSA private key used in PKI cryptography */
-class cRsaPrivateKey
-{
-	friend class cSslContext;
-
-public:
-	/** Creates a new empty object, the key is not assigned */
-	cRsaPrivateKey(void);
-
-	/** Deep-copies the key from a_Other */
-	cRsaPrivateKey(const cRsaPrivateKey & a_Other);
-
-	~cRsaPrivateKey();
-
-	/** Generates a new key within this object, with the specified size in bits.
-	Returns true on success, false on failure. */
-	bool Generate(unsigned a_KeySizeBits = 1024);
-
-	/** Returns the public key part encoded in ASN1 DER encoding */
-	AString GetPubKeyDER(void);
-
-	/** Decrypts the data using RSAES-PKCS#1 algorithm.
-	Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
-	Returns the number of bytes decrypted, or negative number for error. */
-	int Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength);
-
-	/** Encrypts the data using RSAES-PKCS#1 algorithm.
-	Both a_EncryptedData and a_DecryptedData must be at least <KeySizeBytes> bytes large.
-	Returns the number of bytes decrypted, or negative number for error. */
-	int Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength);
-
-protected:
-	/** The PolarSSL key context */
-	rsa_context m_Rsa;
-
-	/** The random generator used for generating the key and encryption / decryption */
-	cCtrDrbgContext m_CtrDrbg;
-
-
-	/** Returns the internal context ptr. Only use in PolarSSL API calls. */
-	rsa_context * GetInternal(void) { return &m_Rsa; }
-} ;
-
-typedef std::shared_ptr<cRsaPrivateKey> cRsaPrivateKeyPtr;
-
-
-
-
-
diff --git a/src/PolarSSL++/Sha1Checksum.cpp b/src/PolarSSL++/Sha1Checksum.cpp
deleted file mode 100644
index 5a56c18b0..000000000
--- a/src/PolarSSL++/Sha1Checksum.cpp
+++ /dev/null
@@ -1,138 +0,0 @@
-
-// Sha1Checksum.cpp
-
-// Declares the cSha1Checksum class representing the SHA-1 checksum calculator
-
-#include "Globals.h"
-#include "Sha1Checksum.h"
-
-
-
-
-
-/*
-// Self-test the hash formatting for known values:
-// sha1(Notch) : 4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48
-// sha1(jeb_)  : -7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1
-// sha1(simon) : 88e16a1019277b15d58faf0541e11910eb756f6
-
-static class Test
-{
-public:
-	Test(void)
-	{
-		AString DigestNotch, DigestJeb, DigestSimon;
-		Byte Digest[20];
-		cSha1Checksum Checksum;
-		Checksum.Update((const Byte *)"Notch", 5);
-		Checksum.Finalize(Digest);
-		cSha1Checksum::DigestToJava(Digest, DigestNotch);
-		Checksum.Restart();
-		Checksum.Update((const Byte *)"jeb_", 4);
-		Checksum.Finalize(Digest);
-		cSha1Checksum::DigestToJava(Digest, DigestJeb);
-		Checksum.Restart();
-		Checksum.Update((const Byte *)"simon", 5);
-		Checksum.Finalize(Digest);
-		cSha1Checksum::DigestToJava(Digest, DigestSimon);
-		printf("Notch: \"%s\"\n", DigestNotch.c_str());
-		printf("jeb_:  \"%s\"\n",  DigestJeb.c_str());
-		printf("simon: \"%s\"\n", DigestSimon.c_str());
-		assert(DigestNotch == "4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48");
-		assert(DigestJeb   == "-7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1");
-		assert(DigestSimon == "88e16a1019277b15d58faf0541e11910eb756f6");
-	}
-} test;
-*/
-
-
-
-
-
-
-////////////////////////////////////////////////////////////////////////////////
-// cSha1Checksum:
-
-cSha1Checksum::cSha1Checksum(void) :
-	m_DoesAcceptInput(true)
-{
-	sha1_starts(&m_Sha1);
-}
-
-
-
-
-
-void cSha1Checksum::Update(const Byte * a_Data, size_t a_Length)
-{
-	ASSERT(m_DoesAcceptInput);  // Not Finalize()-d yet, or Restart()-ed
-
-	sha1_update(&m_Sha1, a_Data, a_Length);
-}
-
-
-
-
-
-void cSha1Checksum::Finalize(cSha1Checksum::Checksum & a_Output)
-{
-	ASSERT(m_DoesAcceptInput);  // Not Finalize()-d yet, or Restart()-ed
-
-	sha1_finish(&m_Sha1, a_Output);
-	m_DoesAcceptInput = false;
-}
-
-
-
-
-
-void cSha1Checksum::DigestToJava(const Checksum & a_Digest, AString & a_Out)
-{
-	Checksum Digest;
-	memcpy(Digest, a_Digest, sizeof(Digest));
-
-	bool IsNegative = (Digest[0] >= 0x80);
-	if (IsNegative)
-	{
-		// Two's complement:
-		bool carry = true;  // Add one to the whole number
-		for (int i = 19; i >= 0; i--)
-		{
-			Digest[i] = ~Digest[i];
-			if (carry)
-			{
-				carry = (Digest[i] == 0xff);
-				Digest[i]++;
-			}
-		}
-	}
-	a_Out.clear();
-	a_Out.reserve(40);
-	for (int i = 0; i < 20; i++)
-	{
-		AppendPrintf(a_Out, "%02x", Digest[i]);
-	}
-	while ((a_Out.length() > 0) && (a_Out[0] == '0'))
-	{
-		a_Out.erase(0, 1);
-	}
-	if (IsNegative)
-	{
-		a_Out.insert(0, "-");
-	}
-}
-
-
-
-
-
-
-void cSha1Checksum::Restart(void)
-{
-	sha1_starts(&m_Sha1);
-	m_DoesAcceptInput = true;
-}
-
-
-
-
diff --git a/src/PolarSSL++/Sha1Checksum.h b/src/PolarSSL++/Sha1Checksum.h
deleted file mode 100644
index b78fbfc62..000000000
--- a/src/PolarSSL++/Sha1Checksum.h
+++ /dev/null
@@ -1,52 +0,0 @@
-
-// Sha1Checksum.h
-
-// Declares the cSha1Checksum class representing the SHA-1 checksum calculator
-
-
-
-
-
-#pragma once
-
-#include "polarssl/sha1.h"
-
-
-
-
-
-/** Calculates a SHA1 checksum for data stream */
-class cSha1Checksum
-{
-public:
-	typedef Byte Checksum[20];  // The type used for storing the checksum
-
-	cSha1Checksum(void);
-
-	/** Adds the specified data to the checksum */
-	void Update(const Byte * a_Data, size_t a_Length);
-
-	/** Calculates and returns the final checksum */
-	void Finalize(Checksum & a_Output);
-
-	/** Returns true if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
-	bool DoesAcceptInput(void) const { return m_DoesAcceptInput; }
-
-	/** Converts a raw 160-bit SHA1 digest into a Java Hex representation
-	According to http://wiki.vg/Protocol_Encryption
-	*/
-	static void DigestToJava(const Checksum & a_Digest, AString & a_JavaOut);
-
-	/** Clears the current context and start a new checksum calculation */
-	void Restart(void);
-
-protected:
-	/** True if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
-	bool m_DoesAcceptInput;
-
-	sha1_context m_Sha1;
-} ;
-
-
-
-
diff --git a/src/PolarSSL++/SslContext.cpp b/src/PolarSSL++/SslContext.cpp
deleted file mode 100644
index 557f81db4..000000000
--- a/src/PolarSSL++/SslContext.cpp
+++ /dev/null
@@ -1,307 +0,0 @@
-
-// SslContext.cpp
-
-// Implements the cSslContext class that holds everything a single SSL context needs to function
-
-#include "Globals.h"
-#include "SslContext.h"
-#include "EntropyContext.h"
-#include "CtrDrbgContext.h"
-#include "polarssl/debug.h"
-
-
-
-
-
-cSslContext::cSslContext(void) :
-	m_IsValid(false),
-	m_HasHandshaken(false)
-{
-	memset(&m_Ssl, 0, sizeof(m_Ssl));
-}
-
-
-
-
-
-cSslContext::~cSslContext()
-{
-	if (m_IsValid)
-	{
-		ssl_free(&m_Ssl);
-	}
-}
-
-
-
-
-
-int cSslContext::Initialize(bool a_IsClient, const std::shared_ptr<cCtrDrbgContext> & a_CtrDrbg)
-{
-	// Check double-initialization:
-	if (m_IsValid)
-	{
-		LOGWARNING("SSL: Double initialization is not supported.");
-		return POLARSSL_ERR_SSL_BAD_INPUT_DATA;  // There is no return value well-suited for this, reuse this one.
-	}
-
-	// Set the CtrDrbg context, create a new one if needed:
-	m_CtrDrbg = a_CtrDrbg;
-	if (m_CtrDrbg.get() == nullptr)
-	{
-		m_CtrDrbg.reset(new cCtrDrbgContext);
-		m_CtrDrbg->Initialize("Cuberite", 8);
-	}
-
-	// Initialize PolarSSL's structures:
-	memset(&m_Ssl, 0, sizeof(m_Ssl));
-	int res = ssl_init(&m_Ssl);
-	if (res != 0)
-	{
-		return res;
-	}
-	ssl_set_endpoint(&m_Ssl, a_IsClient ? SSL_IS_CLIENT : SSL_IS_SERVER);
-	ssl_set_authmode(&m_Ssl, SSL_VERIFY_NONE);  // We cannot verify because we don't have a CA chain, required by PolarSSL, implemented yet (TODO)
-	ssl_set_rng(&m_Ssl, ctr_drbg_random, &m_CtrDrbg->m_CtrDrbg);
-	ssl_set_bio(&m_Ssl, ReceiveEncrypted, this, SendEncrypted, this);
-
-	#ifdef _DEBUG
-		/*
-		// These functions allow us to debug SSL and certificate problems, but produce way too much output,
-		// so they're disabled until someone needs them
-		ssl_set_dbg(&m_Ssl, &SSLDebugMessage, this);
-		debug_set_threshold(2);
-
-		ssl_set_verify(&m_Ssl, &SSLVerifyCert, this);
-		//*/
-
-		/*
-		// Set ciphersuite to the easiest one to decode, so that the connection can be wireshark-decoded:
-		static const int CipherSuites[] =
-		{
-			TLS_RSA_WITH_RC4_128_MD5,
-			TLS_RSA_WITH_RC4_128_SHA,
-			TLS_RSA_WITH_AES_128_CBC_SHA,
-			0,  // Must be 0-terminated!
-		};
-		ssl_set_ciphersuites(&m_Ssl, CipherSuites);
-		//*/
-	#endif
-
-	m_IsValid = true;
-	return 0;
-}
-
-
-
-
-
-void cSslContext::SetOwnCert(const cX509CertPtr & a_OwnCert, const cRsaPrivateKeyPtr & a_OwnCertPrivKey)
-{
-	ASSERT(m_IsValid);  // Call Initialize() first
-
-	// Check that both the cert and the key is valid:
-	if ((a_OwnCert.get() == nullptr) || (a_OwnCertPrivKey.get() == nullptr))
-	{
-		LOGWARNING("SSL: Own certificate is not valid, skipping the set.");
-		return;
-	}
-
-	// Make sure we have the cert stored for later, PolarSSL only uses the cert later on
-	m_OwnCert = a_OwnCert;
-	m_OwnCertPrivKey = a_OwnCertPrivKey;
-
-	// Set into the context:
-	ssl_set_own_cert_rsa(&m_Ssl, m_OwnCert->GetInternal(), m_OwnCertPrivKey->GetInternal());
-}
-
-
-
-
-
-void cSslContext::SetOwnCert(const cX509CertPtr & a_OwnCert, const cCryptoKeyPtr & a_OwnCertPrivKey)
-{
-	ASSERT(m_IsValid);  // Call Initialize() first
-
-	// Check that both the cert and the key is valid:
-	if ((a_OwnCert.get() == nullptr) || (a_OwnCertPrivKey.get() == nullptr))
-	{
-		LOGWARNING("SSL: Own certificate is not valid, skipping the set.");
-		return;
-	}
-
-	// Make sure we have the cert stored for later, PolarSSL only uses the cert later on
-	m_OwnCert = a_OwnCert;
-	m_OwnCertPrivKey2 = a_OwnCertPrivKey;
-
-	// Set into the context:
-	ssl_set_own_cert(&m_Ssl, m_OwnCert->GetInternal(), m_OwnCertPrivKey2->GetInternal());
-}
-
-
-
-
-
-void cSslContext::SetCACerts(const cX509CertPtr & a_CACert, const AString & a_ExpectedPeerName)
-{
-	ASSERT(m_IsValid);  // Call Initialize() first
-
-	// Store the data in our internal buffers, to avoid losing the pointers later on
-	// PolarSSL will need these after this call returns, and the caller may move / delete the data before that:
-	m_ExpectedPeerName = a_ExpectedPeerName;
-	m_CACerts = a_CACert;
-
-	// Set the trusted CA root cert store:
-	ssl_set_authmode(&m_Ssl, SSL_VERIFY_REQUIRED);
-	ssl_set_ca_chain(&m_Ssl, m_CACerts->GetInternal(), nullptr, m_ExpectedPeerName.empty() ? nullptr : m_ExpectedPeerName.c_str());
-}
-
-
-
-
-
-int cSslContext::WritePlain(const void * a_Data, size_t a_NumBytes)
-{
-	ASSERT(m_IsValid);  // Need to call Initialize() first
-	if (!m_HasHandshaken)
-	{
-		int res = Handshake();
-		if (res != 0)
-		{
-			return res;
-		}
-	}
-
-	return ssl_write(&m_Ssl, reinterpret_cast<const unsigned char *>(a_Data), a_NumBytes);
-}
-
-
-
-
-
-int cSslContext::ReadPlain(void * a_Data, size_t a_MaxBytes)
-{
-	ASSERT(m_IsValid);  // Need to call Initialize() first
-	if (!m_HasHandshaken)
-	{
-		int res = Handshake();
-		if (res != 0)
-		{
-			return res;
-		}
-	}
-
-	return ssl_read(&m_Ssl, reinterpret_cast<unsigned char *>(a_Data), a_MaxBytes);
-}
-
-
-
-
-
-int cSslContext::Handshake(void)
-{
-	ASSERT(m_IsValid);  // Need to call Initialize() first
-	ASSERT(!m_HasHandshaken);  // Must not call twice
-
-	int res = ssl_handshake(&m_Ssl);
-	if (res == 0)
-	{
-		m_HasHandshaken = true;
-	}
-	return res;
-}
-
-
-
-
-
-int cSslContext::NotifyClose(void)
-{
-	return ssl_close_notify(&m_Ssl);
-}
-
-
-
-
-
-#ifdef _DEBUG
-	void cSslContext::SSLDebugMessage(void * a_UserParam, int a_Level, const char * a_Text)
-	{
-		if (a_Level > 3)
-		{
-			// Don't want the trace messages
-			return;
-		}
-
-		// Remove the terminating LF:
-		size_t len = strlen(a_Text) - 1;
-		while ((len > 0) && (a_Text[len] <= 32))
-		{
-			len--;
-		}
-		AString Text(a_Text, len + 1);
-
-		LOGD("SSL (%d): %s", a_Level, Text.c_str());
-	}
-
-
-
-
-
-	int cSslContext::SSLVerifyCert(void * a_This, x509_crt * a_Crt, int a_Depth, int * a_Flags)
-	{
-		char buf[1024];
-		UNUSED(a_This);
-
-		LOG("Verify requested for (Depth %d):", a_Depth);
-		x509_crt_info(buf, sizeof(buf) - 1, "", a_Crt);
-		LOG("%s", buf);
-
-		int Flags = *a_Flags;
-		if ((Flags & BADCERT_EXPIRED) != 0)
-		{
-			LOG(" ! server certificate has expired");
-		}
-
-		if ((Flags & BADCERT_REVOKED) != 0)
-		{
-			LOG(" ! server certificate has been revoked");
-		}
-
-		if ((Flags & BADCERT_CN_MISMATCH) != 0)
-		{
-			LOG(" ! CN mismatch");
-		}
-
-		if ((Flags & BADCERT_NOT_TRUSTED) != 0)
-		{
-			LOG(" ! self-signed or not signed by a trusted CA");
-		}
-
-		if ((Flags & BADCRL_NOT_TRUSTED) != 0)
-		{
-			LOG(" ! CRL not trusted");
-		}
-
-		if ((Flags & BADCRL_EXPIRED) != 0)
-		{
-			LOG(" ! CRL expired");
-		}
-
-		if ((Flags & BADCERT_OTHER) != 0)
-		{
-			LOG(" ! other (unknown) flag");
-		}
-
-		if (Flags == 0)
-		{
-			LOG(" This certificate has no flags");
-		}
-
-		return 0;
-	}
-#endif  // _DEBUG
-
-
-
-
diff --git a/src/PolarSSL++/SslContext.h b/src/PolarSSL++/SslContext.h
deleted file mode 100644
index 0588122ba..000000000
--- a/src/PolarSSL++/SslContext.h
+++ /dev/null
@@ -1,156 +0,0 @@
-
-// SslContext.h
-
-// Declares the cSslContext class that holds everything a single SSL context needs to function
-
-
-
-
-
-#pragma once
-
-#include "polarssl/ssl.h"
-#include "../ByteBuffer.h"
-#include "CryptoKey.h"
-#include "RsaPrivateKey.h"
-#include "X509Cert.h"
-
-
-
-
-
-// fwd:
-class cCtrDrbgContext;
-
-
-
-
-
-/**
-Acts as a generic SSL encryptor / decryptor between the two endpoints. The "owner" of this class is expected
-to create it, initialize it and then provide the means of reading and writing data through the SSL link.
-This is an abstract base class, there are descendants that handle the specific aspects of how the SSL peer
-data comes into the system:
-	- cBufferedSslContext uses a cByteBuffer to read and write the data
-	- cCallbackSslContext uses callbacks to provide the data
-*/
-class cSslContext abstract
-{
-public:
-	/** Creates a new uninitialized context */
-	cSslContext(void);
-
-	virtual ~cSslContext();
-
-	/** Initializes the context for use as a server or client.
-	Returns 0 on success, PolarSSL error on failure. */
-	int Initialize(bool a_IsClient, const std::shared_ptr<cCtrDrbgContext> & a_CtrDrbg = {});
-
-	/** Returns true if the object has been initialized properly. */
-	bool IsValid(void) const { return m_IsValid; }
-
-	/** Sets the certificate to use as our own. Must be used when representing a server, optional when client.
-	Must be called after Initialize(). */
-	void SetOwnCert(const cX509CertPtr & a_OwnCert, const cRsaPrivateKeyPtr & a_OwnCertPrivKey);
-
-	/** Sets the certificate to use as our own. Must be used when representing a server, optional when client.
-	Must be called after Initialize(). */
-	void SetOwnCert(const cX509CertPtr & a_OwnCert, const cCryptoKeyPtr & a_OwnCertPrivKey);
-
-	/** Sets a cert chain as the trusted cert store for this context. Must be called after Initialize().
-	Calling this will switch the context into strict cert verification mode.
-	a_ExpectedPeerName is the CommonName that we expect the SSL peer to have in its cert,
-	if it is different, the verification will fail. An empty string will disable the CN check. */
-	void SetCACerts(const cX509CertPtr & a_CACert, const AString & a_ExpectedPeerName);
-
-	/** Writes data to be encrypted and sent to the SSL peer. Will perform SSL handshake, if needed.
-	Returns the number of bytes actually written, or PolarSSL error code.
-	If the return value is POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE, the owner should send any
-	cached outgoing data to the SSL peer and write any incoming data received from the SSL peer and then call
-	this function again with the same parameters. Note that this may repeat a few times before the data is
-	actually written, mainly due to initial handshake. */
-	int WritePlain(const void * a_Data, size_t a_NumBytes);
-
-	/** Reads data decrypted from the SSL stream. Will perform SSL handshake, if needed.
-	Returns the number of bytes actually read, or PolarSSL error code.
-	If the return value is POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE, the owner should send any
-	cached outgoing data to the SSL peer and write any incoming data received from the SSL peer and then call
-	this function again with the same parameters. Note that this may repeat a few times before the data is
-	actually read, mainly due to initial handshake. */
-	int ReadPlain(void * a_Data, size_t a_MaxBytes);
-
-	/** Performs the SSL handshake.
-	Returns zero on success, PoladSSL error code on failure.
-	If the return value is POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE, the owner should send any
-	cached outgoing data to the SSL peer and write any incoming data received from the SSL peer and then call
-	this function again. Note that this may repeat a few times before the handshake is completed. */
-	int Handshake(void);
-
-	/** Returns true if the SSL handshake has been completed. */
-	bool HasHandshaken(void) const { return m_HasHandshaken; }
-
-	/** Notifies the SSL peer that the connection is being closed.
-	Returns 0 on success, PolarSSL error code on failure. */
-	int NotifyClose(void);
-
-protected:
-	/** True if the object has been initialized properly. */
-	bool m_IsValid;
-
-	/** The random generator to use */
-	std::shared_ptr<cCtrDrbgContext> m_CtrDrbg;
-
-	/** The SSL context that PolarSSL uses. */
-	ssl_context m_Ssl;
-
-	/** The certificate that we present to the peer. */
-	cX509CertPtr m_OwnCert;
-
-	/** Private key for m_OwnCert, if initialized from a cRsaPrivateKey. */
-	cRsaPrivateKeyPtr m_OwnCertPrivKey;
-
-	/** Private key for m_OwnCert, if initialized from a cCryptoKey. */
-	cCryptoKeyPtr m_OwnCertPrivKey2;
-
-	/** True if the SSL handshake has been completed. */
-	bool m_HasHandshaken;
-
-	/** A copy of the trusted CA root cert store that is passed to us in SetCACerts(), so that the pointer
-	stays valid even after the call, when PolarSSL finally uses it. */
-	cX509CertPtr m_CACerts;
-
-	/** Buffer for the expected peer name. We need to buffer it because the caller may free the string they
-	give us before PolarSSL consumes the raw pointer it gets to the CN. */
-	AString m_ExpectedPeerName;
-
-
-	/** The callback used by PolarSSL when it wants to read encrypted data. */
-	static int ReceiveEncrypted(void * a_This, unsigned char * a_Buffer, size_t a_NumBytes)
-	{
-		return (reinterpret_cast<cSslContext *>(a_This))->ReceiveEncrypted(a_Buffer, a_NumBytes);
-	}
-
-	/** The callback used by PolarSSL when it wants to write encrypted data. */
-	static int SendEncrypted(void * a_This, const unsigned char * a_Buffer, size_t a_NumBytes)
-	{
-		return (reinterpret_cast<cSslContext *>(a_This))->SendEncrypted(a_Buffer, a_NumBytes);
-	}
-
-	#ifdef _DEBUG
-		/** The callback used by PolarSSL to output debug messages */
-		static void SSLDebugMessage(void * a_UserParam, int a_Level, const char * a_Text);
-
-		/** The callback used by PolarSSL to log information on the cert chain */
-		static int SSLVerifyCert(void * a_This, x509_crt * a_Crt, int a_Depth, int * a_Flags);
-	#endif  // _DEBUG
-
-	/** Called when PolarSSL wants to read encrypted data. */
-	virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) = 0;
-
-	/** Called when PolarSSL wants to write encrypted data. */
-	virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) = 0;
-} ;
-
-
-
-
diff --git a/src/PolarSSL++/X509Cert.cpp b/src/PolarSSL++/X509Cert.cpp
deleted file mode 100644
index ed65639a5..000000000
--- a/src/PolarSSL++/X509Cert.cpp
+++ /dev/null
@@ -1,38 +0,0 @@
-
-// X509Cert.cpp
-
-// Implements the cX509Cert class representing a wrapper over X509 certs in PolarSSL
-
-#include "Globals.h"
-#include "X509Cert.h"
-
-
-
-
-
-cX509Cert::cX509Cert(void)
-{
-	x509_crt_init(&m_Cert);
-}
-
-
-
-
-
-cX509Cert::~cX509Cert()
-{
-	x509_crt_free(&m_Cert);
-}
-
-
-
-
-
-int cX509Cert::Parse(const void * a_CertContents, size_t a_Size)
-{
-	return x509_crt_parse(&m_Cert, reinterpret_cast<const unsigned char *>(a_CertContents), a_Size);
-}
-
-
-
-
diff --git a/src/PolarSSL++/X509Cert.h b/src/PolarSSL++/X509Cert.h
deleted file mode 100644
index 45f714d14..000000000
--- a/src/PolarSSL++/X509Cert.h
+++ /dev/null
@@ -1,41 +0,0 @@
-
-// X509Cert.h
-
-// Declares the cX509Cert class representing a wrapper over X509 certs in PolarSSL
-
-
-
-
-
-#pragma once
-
-#include "polarssl/x509_crt.h"
-
-
-
-
-
-class cX509Cert
-{
-	friend class cSslContext;
-
-public:
-	cX509Cert(void);
-	~cX509Cert(void);
-
-	/** Parses the certificate chain data into the context.
-	Returns 0 on succes, or PolarSSL error code on failure. */
-	int Parse(const void * a_CertContents, size_t a_Size);
-
-protected:
-	x509_crt m_Cert;
-
-	/** Returns the internal cert ptr. Only use in PolarSSL API calls. */
-	x509_crt * GetInternal(void) { return &m_Cert; }
-} ;
-
-typedef std::shared_ptr<cX509Cert> cX509CertPtr;
-
-
-
-