-extern int tls_client_start(int, host_item *, address_item *, uschar *,
- uschar *, uschar *, uschar *, uschar *, uschar *, int);
-extern void tls_close(BOOL);
+extern const char *
+ std_dh_prime_default(void);
+extern const char *
+ std_dh_prime_named(const uschar *);
+
+extern uschar * tls_cert_crl_uri(void *, uschar * mod);
+extern uschar * tls_cert_ext_by_oid(void *, uschar *, int);
+extern uschar * tls_cert_issuer(void *, uschar * mod);
+extern uschar * tls_cert_not_before(void *, uschar * mod);
+extern uschar * tls_cert_not_after(void *, uschar * mod);
+extern uschar * tls_cert_ocsp_uri(void *, uschar * mod);
+extern uschar * tls_cert_serial_number(void *, uschar * mod);
+extern uschar * tls_cert_signature(void *, uschar * mod);
+extern uschar * tls_cert_signature_algorithm(void *, uschar * mod);
+extern uschar * tls_cert_subject(void *, uschar * mod);
+extern uschar * tls_cert_subject_altname(void *, uschar * mod);
+extern uschar * tls_cert_version(void *, uschar * mod);
+
+extern uschar * tls_cert_fprt_md5(void *);
+extern uschar * tls_cert_fprt_sha1(void *);
+extern uschar * tls_cert_fprt_sha256(void *);
+
+extern int tls_client_start(int, host_item *, address_item *,
+ transport_instance *
+# ifdef EXPERIMENTAL_DANE
+ , dns_answer *
+# endif
+ );
+extern void tls_close(BOOL, BOOL);
+extern int tls_export_cert(uschar *, size_t, void *);