diff --git a/lib3270.cbp b/lib3270.cbp
index 71a6dec..754d5f6 100644
--- a/lib3270.cbp
+++ b/lib3270.cbp
@@ -325,7 +325,6 @@
 		<Unit filename="src/ssl/notify.c">
 			<Option compilerVar="CC" />
 		</Unit>
-		<Unit filename="src/ssl/private.h" />
 		<Unit filename="src/ssl/properties.c">
 			<Option compilerVar="CC" />
 		</Unit>
diff --git a/src/core/host.c b/src/core/host.c
index da24055..8eddebc 100644
--- a/src/core/host.c
+++ b/src/core/host.c
@@ -220,7 +220,7 @@ void lib3270_st_changed(H3270 *h, LIB3270_STATE tx, int mode)
 
 static void update_url(H3270 *hSession)
 {
-	Replace(hSession->host.full,
+	Replace(hSession->host.url,
 			lib3270_strdup_printf(
 				"%s%s:%s",
 #ifdef HAVE_LIBSSL
@@ -236,7 +236,7 @@ static void update_url(H3270 *hSession)
 	lib3270_crl_free(hSession);
 #endif // SSL_ENABLE_CRL_CHECK
 
-	hSession->cbk.update_url(hSession, hSession->host.full);
+	hSession->cbk.update_url(hSession, hSession->host.url);
 
 }
 
@@ -249,8 +249,8 @@ LIB3270_EXPORT int lib3270_set_luname(H3270 *hSession, const char *luname)
 
 LIB3270_EXPORT const char * lib3270_get_url(const H3270 *hSession)
 {
-	if(hSession->host.full)
-		return hSession->host.full;
+	if(hSession->host.url)
+		return hSession->host.url;
 
 #ifdef LIB3270_DEFAULT_HOST
 	return LIB3270_DEFAULT_HOST;
@@ -422,7 +422,7 @@ LIB3270_EXPORT void lib3270_set_srvcname(H3270 *h, const char *srvc)
 
 LIB3270_EXPORT const char * lib3270_get_host(const H3270 *h)
 {
-	return h->host.full;
+	return h->host.url;
 }
 
 LIB3270_EXPORT const char * lib3270_get_luname(const H3270 *h)
diff --git a/src/core/session.c b/src/core/session.c
index 04c09eb..5dce063 100644
--- a/src/core/session.c
+++ b/src/core/session.c
@@ -114,7 +114,7 @@ void lib3270_session_free(H3270 *h)
 
 	// Release hostname info
 	release_pointer(h->host.current);
-	release_pointer(h->host.full);
+	release_pointer(h->host.url);
 	release_pointer(h->host.srvc);
 	release_pointer(h->host.qualified);
 
diff --git a/src/include/lib3270-internals.h b/src/include/lib3270-internals.h
index dcc4fab..0527c22 100644
--- a/src/include/lib3270-internals.h
+++ b/src/include/lib3270-internals.h
@@ -402,13 +402,12 @@ struct _h3270
 
 	struct
 	{
+		char 	   	    	* url;				/**< The host URL, for use in reconnecting */
 		char				* current;			/**< The hostname part, stripped of qualifiers, luname and port number */
-		char 	   	    	* full;				/**< The entire string, for use in reconnecting */
 		char				* srvc;				/**< The service name */
 		char	   	    	* qualified;
 	} host;
 
-	// char					* proxy;			/**< Proxy server (type:host[:port]) */
 	char					* termname;
 
 	struct lib3270_charset	  charset;
@@ -506,6 +505,7 @@ struct _h3270
 	/// @brief Proxy
 	struct
 	{
+		char					* proxy;			///< Proxy server (type:host[:port])
 		int						  type;
 		char					* host;
 		char					* portname;
diff --git a/src/include/lib3270.h b/src/include/lib3270.h
index 4099e44..160cf77 100644
--- a/src/include/lib3270.h
+++ b/src/include/lib3270.h
@@ -579,7 +579,7 @@
 	 * @return Pointer to host URL set (internal data, do not change it)
 	 *
 	 */
-	 LIB3270_EXPORT const char * lib3270_get_host(const H3270 *h);
+	 LIB3270_EXPORT const char * LIB3270_DEPRECATED(lib3270_get_host(const H3270 *h));
 
 
 	/**
diff --git a/src/ssl/crl.h b/src/ssl/crl.h
index 5c9d12b..3d03dea 100644
--- a/src/ssl/crl.h
+++ b/src/ssl/crl.h
@@ -35,28 +35,11 @@
 #include <config.h>				/* autoconf settings */
 #include <lib3270.h>			/* lib3270 API calls and defs */
 
-#if defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBSSL)
+#if defined(HAVE_LIBSSL)
 
 	#include <openssl/ssl.h>
 	#include <openssl/err.h>
 
-	/// @brief Unconditional release of the session CRL.
-	LIB3270_INTERNAL void lib3270_crl_free(H3270 *hSession);
-
-	/// @brief Release CRL if expired.
-	LIB3270_INTERNAL void lib3270_crl_free_if_expired(H3270 *hSession);
-
-	/// @brief Load CRL from URL.
-	LIB3270_INTERNAL int lib3270_crl_new_from_url(H3270 *hSession, void *ssl_error, const char *url);
-
-	/// @brief Load CRL from X509 certificate.
-	LIB3270_INTERNAL int lib3270_crl_new_from_x509(H3270 *hSession, void *ssl_error, X509 *cert);
-
-	/// @brief Load CRL from distribution points.
-	LIB3270_INTERNAL int lib3270_crl_new_from_dist_points(H3270 *hSession, void *ssl_error, CRL_DIST_POINTS * dist_points);
-
-	LIB3270_INTERNAL X509_CRL * lib3270_download_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *url);
-
 	/**
 	 * @brief X509 auto-cleanup.
 	 */
@@ -76,6 +59,28 @@
 	}
 
 
+#endif // HAVE_LIBSSL
+
+#if defined(SSL_ENABLE_CRL_CHECK) && defined(HAVE_LIBSSL)
+
+	/// @brief Unconditional release of the session CRL.
+	LIB3270_INTERNAL void lib3270_crl_free(H3270 *hSession);
+
+	/// @brief Release CRL if expired.
+	LIB3270_INTERNAL void lib3270_crl_free_if_expired(H3270 *hSession);
+
+	/// @brief Load CRL from URL.
+	LIB3270_INTERNAL int lib3270_crl_new_from_url(H3270 *hSession, void *ssl_error, const char *url);
+
+	/// @brief Load CRL from X509 certificate.
+	LIB3270_INTERNAL int lib3270_crl_new_from_x509(H3270 *hSession, void *ssl_error, X509 *cert);
+
+	/// @brief Load CRL from distribution points.
+	LIB3270_INTERNAL int lib3270_crl_new_from_dist_points(H3270 *hSession, void *ssl_error, CRL_DIST_POINTS * dist_points);
+
+	LIB3270_INTERNAL X509_CRL * lib3270_download_crl(H3270 *hSession, SSL_ERROR_MESSAGE * message, const char *url);
+
+
 #endif // SSL_ENABLE_CRL_CHECK && HAVE_LIBSSL
 
 
diff --git a/src/ssl/negotiate.c b/src/ssl/negotiate.c
index 92d046c..6a7656d 100644
--- a/src/ssl/negotiate.c
+++ b/src/ssl/negotiate.c
@@ -239,55 +239,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 
 	}
 
-	/*
-	if(peer)
-	{
-
-#if !defined(SSL_CRL_URL) && defined(SSL_ENABLE_CRL_CHECK)
-		//
-		// No default CRL, try to download from the peer
-		//
-
-		lib3270_autoptr(CRL_DIST_POINTS) dist_points = (CRL_DIST_POINTS *) X509_get_ext_d2i(peer, NID_crl_distribution_points, NULL, NULL);
-		if(!dist_points)
-		{
-			((SSL_ERROR_MESSAGE *) message)->title = _( "Security error" );
-			((SSL_ERROR_MESSAGE *) message)->text = _( "Can't verify." );
-			((SSL_ERROR_MESSAGE *) message)->description = _( "The host certificate doesn't have CRL distribution points" );
-			return EACCES;
-		}
-
-		if(lib3270_get_crl_from_dist_points(hSession, dist_points, (SSL_ERROR_MESSAGE *) message))
-			return EACCES;
-
-		// Got CRL, verify it!
-		// Reference: https://stackoverflow.com/questions/10510850/how-to-verify-the-certificate-for-the-ongoing-ssl-session
-		X509_STORE_CTX *csc = X509_STORE_CTX_new();
-		X509_STORE_CTX_set_verify_cb(csc,x509_store_ctx_error_callback);
-		X509_STORE_CTX_init(csc, SSL_CTX_get_cert_store(ssl_ctx), peer, NULL);
-
-		if(X509_verify_cert(csc) != 1)
-			rv = X509_STORE_CTX_get_error(csc);
-		else
-			rv = X509_V_OK;
-
-		SSL_set_verify_result(hSession->ssl.con, rv);
-
-		X509_STORE_CTX_free(csc);
-
-#else
-		// No CRL download, use the standard verification.
-		rv = SSL_get_verify_result(hSession->ssl.con);
-
-#endif // !SSL_CRL_URL && SSL_ENABLE_CRL_CHECK
-
-	}
-	else
-	{
-		rv = SSL_get_verify_result(hSession->ssl.con);
-	}
-	*/
-
+#ifdef SSL_ENABLE_CRL_CHECK
 	if(SSL_get_verify_result(hSession->ssl.con) == X509_V_ERR_UNABLE_TO_GET_CRL && hSession->ssl.crl.cert && peer)
 	{
 		//
@@ -318,6 +270,7 @@ static int background_ssl_negotiation(H3270 *hSession, void *message)
 		X509_STORE_CTX_free(csc);
 
 	}
+#endif // SSL_ENABLE_CRL_CHECK
 
 	// Check validation state.
 	rv = SSL_get_verify_result(hSession->ssl.con);
--
libgit2 0.21.2