diff --git a/src/server.c b/src/server.c
@@ -754,7 +754,6 @@ serv_connect(struct MaskItem *conf, struct Client *by)
   return 1;
 }
 
-#ifdef HAVE_TLS
 static void
 finish_ssl_server_handshake(struct Client *client_p)
 {
@@ -859,7 +858,6 @@ ssl_connect_init(struct Client *client_p, const struct MaskItem *conf, fde_t *fd
 
   ssl_server_handshake(NULL, client_p);
 }
-#endif
 
 /* serv_connect_callback() - complete a server connection.
  *
@@ -920,13 +918,11 @@ serv_connect_callback(fde_t *fd, int status, void *data)
   /* Next, send the initial handshake */
   SetHandshake(client_p);
 
-#ifdef HAVE_TLS
   if (IsConfSSL(conf))
   {
     ssl_connect_init(client_p, conf, fd);
     return;
   }
-#endif
 
   sendto_one(client_p, "PASS %s TS %d %s", conf->spasswd, TS_CURRENT, me.id);
 

diff --git a/src/tls_gnutls.c b/src/tls_gnutls.c
@@ -35,6 +35,14 @@
 
 #ifdef HAVE_TLS_GNUTLS
 
+static int TLS_initialized;
+
+int
+tls_is_initialized(void)
+{
+  return TLS_initialized;
+}
+
 void
 tls_init(void)
 {
@@ -58,8 +66,10 @@ tls_new_cred(void)
   int ret;
   struct gnutls_context *context;
 
+  TLS_initialized = 0;
+
   if (!ConfigServerInfo.ssl_certificate_file || !ConfigServerInfo.rsa_private_key_file)
-    return 0;
+    return 1;
 
   context = xcalloc(sizeof(*context));
 
@@ -130,6 +140,7 @@ tls_new_cred(void)
   ConfigServerInfo.tls_ctx = context;
   ++context->refs;
 
+  TLS_initialized = 1;
   return 1;
 }
 
@@ -216,6 +227,9 @@ tls_shutdown(tls_data_t *tls_data)
 int
 tls_new(tls_data_t *tls_data, int fd, tls_role_t role)
 {
+  if (!TLS_initialized)
+    return 0;
+
   gnutls_init(&tls_data->session, role == TLS_ROLE_SERVER ? GNUTLS_SERVER : GNUTLS_CLIENT);
 
   tls_data->context = ConfigServerInfo.tls_ctx;

diff --git a/src/tls_none.c b/src/tls_none.c
@@ -31,6 +31,12 @@
 
 #ifndef HAVE_TLS
 
+int
+tls_is_initialized(void)
+{
+  return 0;
+}
+
 void
 tls_init(void)
 {
@@ -39,7 +45,7 @@ tls_init(void)
 int
 tls_new_cred(void)
 {
-  return 0;
+  return 1;
 }
 
 const char *
@@ -82,6 +88,12 @@ tls_new(tls_data_t *tls_data, int fd, tls_role_t role)
   return 0;
 }
 
+tls_handshake_status_t
+tls_handshake(tls_data_t *tls_data, tls_role_t role, const char **errstr)
+{
+  return 0;
+}
+
 int
 tls_set_ciphers(tls_data_t *tls_data, const char *cipher_list)
 {

diff --git a/src/tls_openssl.c b/src/tls_openssl.c
@@ -35,6 +35,8 @@
 
 #ifdef HAVE_TLS_OPENSSL
 
+static int TLS_initialized;
+
 /*
  * report_crypto_errors - Dump crypto error list to log
  */
@@ -53,6 +55,12 @@ always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
   return 1;
 }
 
+int
+tls_is_initialized(void)
+{
+  return TLS_initialized;
+}
+
 /* tls_init()
  *
  * inputs       - nothing
@@ -69,8 +77,7 @@ tls_init(void)
   {
     const char *s = ERR_lib_error_string(ERR_get_error());
 
-    fprintf(stderr, "ERROR: Could not initialize the SSL Server context -- %s\n", s);
-    ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the SSL Server context -- %s", s);
+    ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the TLS Server context -- %s", s);
     exit(EXIT_FAILURE);
     return;  /* Not reached */
   }
@@ -83,14 +90,12 @@ tls_init(void)
   SSL_CTX_set_cipher_list(ConfigServerInfo.tls_ctx.server_ctx, "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL");
 
 #ifndef OPENSSL_NO_ECDH
-  {
-    EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+  EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 
-    if (key)
-    {
-      SSL_CTX_set_tmp_ecdh(ConfigServerInfo.tls_ctx.server_ctx, key);
-      EC_KEY_free(key);
-    }
+  if (key)
+  {
+    SSL_CTX_set_tmp_ecdh(ConfigServerInfo.tls_ctx.server_ctx, key);
+    EC_KEY_free(key);
   }
 
   SSL_CTX_set_options(ConfigServerInfo.tls_ctx.server_ctx, SSL_OP_SINGLE_ECDH_USE);
@@ -100,8 +105,7 @@ tls_init(void)
   {
     const char *s = ERR_lib_error_string(ERR_get_error());
 
-    fprintf(stderr, "ERROR: Could not initialize the SSL Client context -- %s\n", s);
-    ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the SSL Client context -- %s", s);
+    ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the TLS Client context -- %s", s);
     exit(EXIT_FAILURE);
     return;  /* Not reached */
   }
@@ -116,6 +120,8 @@ tls_init(void)
 int
 tls_new_cred(void)
 {
+  TLS_initialized = 0;
+
   if (!ConfigServerInfo.ssl_certificate_file || !ConfigServerInfo.rsa_private_key_file)
     return 1;
 
@@ -211,6 +217,7 @@ tls_new_cred(void)
   if (ConfigServerInfo.ssl_cipher_list)
     SSL_CTX_set_cipher_list(ConfigServerInfo.tls_ctx.server_ctx, ConfigServerInfo.ssl_cipher_list);
 
+  TLS_initialized = 1;
   return 1;
 }
 
@@ -322,6 +329,9 @@ tls_new(tls_data_t *tls_data, int fd, tls_role_t role)
 {
   SSL *ssl;
 
+  if (!TLS_initialized)
+    return 0;
+
   if (role == TLS_ROLE_SERVER)
     ssl = SSL_new(ConfigServerInfo.tls_ctx.server_ctx);
   else

diff --git a/src/whowas.c b/src/whowas.c
@@ -89,11 +89,9 @@ whowas_add_history(struct Client *client_p, const int online)
 void
 whowas_off_history(struct Client *client_p)
 {
-  dlink_node *node = NULL, *node_next = NULL;
-
-  DLINK_FOREACH_SAFE(node, node_next, client_p->whowas.head)
+  while (client_p->whowas.head)
   {
-    struct Whowas *whowas = node->data;
+    struct Whowas *whowas = client_p->whowas.head->data;
 
     whowas->online = NULL;
     dlinkDelete(&whowas->cnode, &client_p->whowas);