Index: src/ObjOpenSSL.h
==================================================================
--- src/ObjOpenSSL.h
+++ src/ObjOpenSSL.h
@@ -19,5 +19,9 @@
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
 #import "SSLSocket.h"
+#import "X509Certificate.h"
+
+#import "SSLConnectionFailedException.h"
+#import "SSLInvalidCertificateException.h"

Index: src/SSLConnectionFailedException.m
==================================================================
--- src/SSLConnectionFailedException.m
+++ src/SSLConnectionFailedException.m
@@ -80,47 +80,44 @@
 				    socket: socket
 				  SSLError: SSLError
 			      verifyResult: verifyResult] autorelease];
 }
 
-- initWithHost: (OFString *)host
-	  port: (uint16_t)port
-	socket: (id)socket
+- (instancetype)initWithHost: (OFString *)host
+			port: (uint16_t)port
+		      socket: (id)socket
 {
 	OF_INVALID_INIT_METHOD
 }
 
-- initWithHost: (OFString *)host
-	  port: (uint16_t)port
-	socket: (id)socket
-	 errNo: (int)errNo
+- (instancetype)initWithHost: (OFString *)host
+			port: (uint16_t)port
+		      socket: (id)socket
+		       errNo: (int)errNo
 {
 	OF_INVALID_INIT_METHOD
 }
 
-- initWithHost: (OFString *)host
-	  port: (uint16_t)port
-	socket: (SSLSocket *)socket
-      SSLError: (unsigned long)SSLError
+- (instancetype)initWithHost: (OFString *)host
+			port: (uint16_t)port
+		      socket: (SSLSocket *)socket
+		    SSLError: (unsigned long)SSLError
 {
 	return [self initWithHost: host
 			     port: port
 			   socket: socket
 			 SSLError: SSLError
 		     verifyResult: 0];
 }
 
-- initWithHost: (OFString *)host
-	  port: (uint16_t)port
-	socket: (SSLSocket *)socket
-      SSLError: (unsigned long)SSLError
-  verifyResult: (long)verifyResult
-{
-	self = [super initWithHost: host
-			      port: port
-			    socket: socket
-			     errNo: 0];
+- (instancetype)initWithHost: (OFString *)host
+			port: (uint16_t)port
+		      socket: (SSLSocket *)socket
+		    SSLError: (unsigned long)SSLError
+		verifyResult: (long)verifyResult
+{
+	self = [super initWithHost: host port: port socket: socket errNo: 0];
 
 	_SSLError = SSLError;
 	_verifyResult = verifyResult;
 
 	return self;

Index: src/SSLInvalidCertificateException.h
==================================================================
--- src/SSLInvalidCertificateException.h
+++ src/SSLInvalidCertificateException.h
@@ -33,10 +33,10 @@
 
 @property (readonly, nonatomic) OFString *reason;
 
 + (instancetype)exception;
 + (instancetype)exceptionWithReason: (OFString *)reason;
-- init OF_UNAVAILABLE;
-- initWithReason: (OFString *)reason OF_DESIGNATED_INITIALIZER;
+- (instancetype)init OF_UNAVAILABLE;
+- (instancetype)initWithReason: (OFString *)reason OF_DESIGNATED_INITIALIZER;
 @end
 
 OF_ASSUME_NONNULL_END

Index: src/SSLInvalidCertificateException.m
==================================================================
--- src/SSLInvalidCertificateException.m
+++ src/SSLInvalidCertificateException.m
@@ -38,16 +38,16 @@
 + (instancetype)exceptionWithReason: (OFString *)reason
 {
 	return [[[self alloc] initWithReason: reason] autorelease];
 }
 
-- init
+- (instancetype)init
 {
 	OF_INVALID_INIT_METHOD
 }
 
-- initWithReason: (OFString *)reason
+- (instancetype)initWithReason: (OFString *)reason
 {
 	self = [super init];
 
 	@try {
 		_reason = [reason copy];

Index: src/SSLSocket.m
==================================================================
--- src/SSLSocket.m
+++ src/SSLSocket.m
@@ -89,12 +89,11 @@
 	else
 		of_mutex_unlock(&ssl_mutexes[n]);
 }
 
 @interface SSLSocket ()
-- (void)SSL_startTLSWithExpectedHost: (OFString *)host
-				port: (uint16_t)port;
+- (void)SSL_startTLSWithExpectedHost: (OFString *)host port: (uint16_t)port;
 - (void)SSL_super_close;
 @end
 
 @interface SSLSocket_ConnectDelegate: OFObject <OFTLSSocketDelegate>
 {
@@ -252,12 +251,11 @@
 
 	if (SSL_ != NULL)
 		SSL_free(SSL_);
 }
 
-- (void)SSL_startTLSWithExpectedHost: (OFString *)host
-				port: (uint16_t)port
+- (void)SSL_startTLSWithExpectedHost: (OFString *)host port: (uint16_t)port
 {
 	of_string_encoding_t encoding;
 
 	if ((_SSL = SSL_new(ctx)) == NULL || SSL_set_fd(_SSL, _socket) != 1) {
 		unsigned long error = ERR_get_error();
@@ -346,12 +344,11 @@
 	}
 }
 
 - (void)startTLSWithExpectedHost: (OFString *)host
 {
-	[self SSL_startTLSWithExpectedHost: host
-				      port: 0];
+	[self SSL_startTLSWithExpectedHost: host port: 0];
 }
 
 - (void)asyncConnectToHost: (OFString *)host
 		      port: (uint16_t)port
 	       runLoopMode: (of_run_loop_mode_t)runLoopMode
@@ -361,13 +358,11 @@
 	[[[SSLSocket_ConnectDelegate alloc]
 	    initWithSocket: self
 		      host: host
 		      port: port
 		  delegate: _delegate] autorelease];
-	[super asyncConnectToHost: host
-			     port: port
-		      runLoopMode: runLoopMode];
+	[super asyncConnectToHost: host port: port runLoopMode: runLoopMode];
 
 	objc_autoreleasePoolPop(pool);
 }
 
 #ifdef OF_HAVE_BLOCKS
@@ -440,12 +435,11 @@
 - (void)SSL_super_close
 {
 	[super close];
 }
 
-- (size_t)lowlevelReadIntoBuffer: (void *)buffer
-			  length: (size_t)length
+- (size_t)lowlevelReadIntoBuffer: (void *)buffer length: (size_t)length
 {
 	ssize_t ret;
 
 	/*
 	 * There is no SSL session yet. However, it might be necessary to read
@@ -452,12 +446,11 @@
 	 * from and write to the socket before negotiating an SSL session: For
 	 * example, the socket might be connected to a SOCKS5 proxy and needs
 	 * to establish a SOCKS5 connection before negotiating an SSL session.
 	 */
 	if (_SSL == NULL)
-		return [super lowlevelReadIntoBuffer: buffer
-					      length: length];
+		return [super lowlevelReadIntoBuffer: buffer length: length];
 
 	if (length > INT_MAX)
 		@throw [OFOutOfRangeException exception];
 
 	if (_socket == INVALID_SOCKET)
@@ -481,12 +474,11 @@
 		_atEndOfStream = true;
 
 	return ret;
 }
 
-- (size_t)lowlevelWriteBuffer: (const void *)buffer
-		       length: (size_t)length
+- (size_t)lowlevelWriteBuffer: (const void *)buffer length: (size_t)length
 {
 	int bytesWritten;
 
 	/*
 	 * There is no SSL session yet. However, it might be necessary to read
@@ -497,12 +489,11 @@
 	 * TODO: Think of a way to make this safer, so that it's impossible to
 	 * forget to establish an SSL session and then send unencrypted data by
 	 * accident.
 	 */
 	if (_SSL == NULL)
-		return [super lowlevelWriteBuffer: buffer
-					   length: length];
+		return [super lowlevelWriteBuffer: buffer length: length];
 
 	if (_socket == INVALID_SOCKET)
 		@throw [OFNotOpenException exceptionWithObject: self];
 
 	if (length > INT_MAX)
@@ -581,12 +572,11 @@
 	} else {
 		/* peer sent the finished message */
 		length = SSL_get_peer_finished(_SSL, buffer, 64);
 	}
 
-	return [OFData dataWithItems: buffer
-			       count: length];
+	return [OFData dataWithItems: buffer count: length];
 }
 
 - (X509Certificate *)peerCertificate
 {
 	X509 *certificate = SSL_get_peer_certificate(_SSL);

Index: src/X509Certificate.h
==================================================================
--- src/X509Certificate.h
+++ src/X509Certificate.h
@@ -46,12 +46,13 @@
 @interface X509OID: OFObject <OFCopying>
 {
 	OFString *_string;
 }
 
-- init OF_UNAVAILABLE;
-- initWithUTF8String: (const char *)string OF_DESIGNATED_INITIALIZER;
+- (instancetype)init OF_UNAVAILABLE;
+- (instancetype)initWithUTF8String: (const char *)string
+    OF_DESIGNATED_INITIALIZER;
 @end
 
 @interface X509Certificate: OFObject
 {
 	X509 *_certificate;
@@ -62,15 +63,15 @@
 
 @property (readonly, nonatomic) OFDictionary *issuer;
 @property (readonly, nonatomic) OFDictionary *subject;
 @property (readonly, nonatomic) OFDictionary *subjectAlternativeName;
 
-- init OF_UNAVAILABLE;
-- initWithFile: (OFString *)file;
-- initWithX509Struct: (X509 *)cert;
+- (instancetype)init OF_UNAVAILABLE;
+- (instancetype)initWithFile: (OFString *)file;
+- (instancetype)initWithX509Struct: (X509 *)cert;
 - (bool)hasCommonNameMatchingDomain: (OFString *)domain;
 - (bool)hasDNSNameMatchingDomain: (OFString *)domain;
 - (bool)hasSRVNameMatchingDomain: (OFString *)domain
 			 service: (OFString *)service;
 @end
 
 OF_ASSUME_NONNULL_END

Index: src/X509Certificate.m
==================================================================
--- src/X509Certificate.m
+++ src/X509Certificate.m
@@ -63,16 +63,16 @@
 @end
 
 OF_ASSUME_NONNULL_END
 
 @implementation X509Certificate
-- init
+- (instancetype)init
 {
 	OF_INVALID_INIT_METHOD
 }
 
-- initWithFile: (OFString *)path
+- (instancetype)initWithFile: (OFString *)path
 {
 	self = [super init];
 
 	@try {
 		void *pool = objc_autoreleasePoolPush();
@@ -91,11 +91,11 @@
 	}
 
 	return self;
 }
 
-- initWithX509Struct: (X509 *)certificate
+- (instancetype)initWithX509Struct: (X509 *)certificate
 {
 	self = [super init];
 
 	@try {
 		_certificate = X509_dup(certificate);
@@ -211,12 +211,11 @@
 				key = [self X509_stringFromASN1Object:
 					otherName->type_id];
 				list = [types objectForKey: key];
 				if (list == nil) {
 					list = [OFList list];
-					[types setObject: list
-						  forKey: key];
+					[types setObject: list forKey: key];
 				}
 
 				[list appendObject:
 				    [self X509_stringFromASN1String:
 					otherName->value->value.asn1_string]];
@@ -286,13 +285,12 @@
 
 - (bool)hasCommonNameMatchingDomain: (OFString *)domain
 {
 	void *pool = objc_autoreleasePoolPush();
 
-	for (OFString *name in [[self subject] objectForKey: OID_commonName]) {
-		if ([self X509_isAssertedDomain: name
-				    equalDomain: domain]) {
+	for (OFString *name in [self.subject objectForKey: OID_commonName]) {
+		if ([self X509_isAssertedDomain: name equalDomain: domain]) {
 			objc_autoreleasePoolPop(pool);
 			return true;
 		}
 	}
 
@@ -303,13 +301,12 @@
 - (bool)hasDNSNameMatchingDomain: (OFString *)domain
 {
 	void *pool = objc_autoreleasePoolPush();
 
 	for (OFString *name in
-	    [[self subjectAlternativeName] objectForKey: @"dNSName"]) {
-		if ([self X509_isAssertedDomain: name
-				    equalDomain: domain]) {
+	    [self.subjectAlternativeName objectForKey: @"dNSName"]) {
+		if ([self X509_isAssertedDomain: name equalDomain: domain]) {
 			objc_autoreleasePoolPop(pool);
 			return true;
 		}
 	}
 
@@ -322,11 +319,11 @@
 {
 	size_t serviceLength;
 	void *pool = objc_autoreleasePoolPush();
 	OFDictionary *SANs = self.subjectAlternativeName;
 	OFList *assertedNames = [[SANs objectForKey: @"otherName"]
-				       objectForKey: OID_SRVName];
+	    objectForKey: OID_SRVName];
 
 	if (![service hasPrefix: @"_"])
 		service = [service stringByPrependingString: @"_"];
 
 	service = [service stringByAppendingString: @"."];
@@ -375,11 +372,11 @@
 		return false;
 
 	domain = [domain substringWithRange:
 	    of_range(firstDot + 1, domain.length - firstDot - 1)];
 
-	if (![asserted caseInsensitiveCompare: domain])
+	if ([asserted caseInsensitiveCompare: domain] == 0)
 		return true;
 
 	return false;
 }
 
@@ -396,12 +393,11 @@
 		ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(entry);
 		ASN1_STRING *str = X509_NAME_ENTRY_get_data(entry);
 		key = [self X509_stringFromASN1Object: obj];
 
 		if ([dict objectForKey: key] == nil)
-			[dict setObject: [OFList list]
-				 forKey: key];
+			[dict setObject: [OFList list] forKey: key];
 
 		value = [self X509_stringFromASN1String: str];
 		[[dict objectForKey: key] appendObject: value];
 
 		objc_autoreleasePoolPop(pool);
@@ -451,16 +447,16 @@
 	return ret;
 }
 @end
 
 @implementation X509OID
-- init
+- (instancetype)init
 {
 	OF_INVALID_INIT_METHOD
 }
 
-- initWithUTF8String: (const char *)string
+- (instancetype)initWithUTF8String: (const char *)string
 {
 	self = [super init];
 
 	@try {
 		_string = [[OFString alloc] initWithUTF8String: string];
@@ -502,10 +498,10 @@
 - (unsigned long)hash
 {
 	return _string.hash;
 }
 
-- copy
+- (id)copy
 {
 	return [self retain];
 }
 @end