diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 1db216be8..0f86c0305 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -465,9 +465,9 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 	case BIO_CTRL_GET_CALLBACK:
 		{
-		void (**fptr)(const SSL *ssl,int type,int val);
+		void (**fptr)(const SSL *xssl,int type,int val);
 
-		fptr=(void (**)(const SSL *ssl,int type,int val))ptr;
+		fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
 		*fptr=SSL_get_info_callback(ssl);
 		}
 		break;
diff --git a/ssl/kssl.c b/ssl/kssl.c
index 3afa95f3f..49602bb87 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -1130,7 +1130,7 @@ kssl_cget_tkt(	/* UPDATE */	KSSL_CTX *kssl_ctx,
 	if (authenp)
                 {
 		krb5_data	krb5in_data;
-		unsigned char	*p;
+		const unsigned char	*p;
 		long		arlen;
 		KRB5_APREQBODY	*ap_req;
 
@@ -1299,7 +1299,7 @@ kssl_sget_tkt(	/* UPDATE */	KSSL_CTX		*kssl_ctx,
 	static krb5_auth_context	krb5auth_context = NULL;
 	krb5_ticket 			*krb5ticket = NULL;
 	KRB5_TKTBODY 			*asn1ticket = NULL;
-	unsigned char			*p;
+	const unsigned char		*p;
 	krb5_keytab 			krb5keytab = NULL;
 	krb5_keytab_entry		kt_entry;
 	krb5_principal			krb5server;
@@ -1984,7 +1984,8 @@ krb5_error_code  kssl_check_authent(
 	EVP_CIPHER_CTX		ciph_ctx;
 	const EVP_CIPHER	*enc = NULL;
 	unsigned char		iv[EVP_MAX_IV_LENGTH];
-	unsigned char		*p, *unenc_authent;
+	const unsigned char	*p;
+	unsigned char		*unenc_authent;
 	int 			outl, unencbufsize;
 	struct tm		tm_time, *tm_l, *tm_g;
 	time_t			now, tl, tg, tr, tz_offset;
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 84a826180..c274b9495 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -242,18 +242,18 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	M_ASN1_D2I_start_sequence();
 
 	ai.data=NULL; ai.length=0;
-	M_ASN1_D2I_get(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
 	version=(int)ASN1_INTEGER_get(aip);
 	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
 	/* we don't care about the version right now :-) */
-	M_ASN1_D2I_get(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
+	M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
 	ssl_version=(int)ASN1_INTEGER_get(aip);
 	ret->ssl_version=ssl_version;
 	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
 	os.data=NULL; os.length=0;
-	M_ASN1_D2I_get(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
 	if (ssl_version == SSL2_VERSION)
 		{
 		if (os.length != 3)
@@ -286,7 +286,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	ret->cipher=NULL;
 	ret->cipher_id=id;
 
-	M_ASN1_D2I_get(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
 	if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
 		i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
 	else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
@@ -301,7 +301,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
 	memcpy(ret->session_id,os.data,os.length);
 
-	M_ASN1_D2I_get(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
 	if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
 		ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
 	else