10 files changed, 256 insertions, 205 deletions
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 8a3e659fd..a9c8b3904 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -146,12 +146,14 @@ typedef struct {
 	bool enumerated[AUTH_RULE_MAX];
 } entry_enumerator_t;
 
-/**
- * enumerate function for item_enumerator_t
- */
-static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value)
+METHOD(enumerator_t, enumerate, bool,
+	entry_enumerator_t *this, va_list args)
 {
+	auth_rule_t *type;
 	entry_t *entry;
+	void **value;
+
+	VA_ARGS_VGET(args, type, value);
 
 	while (this->inner->enumerate(this->inner, &entry))
 	{
@@ -174,10 +176,8 @@ static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value)
 	return FALSE;
 }
 
-/**
- * destroy function for item_enumerator_t
- */
-static void entry_enumerator_destroy(entry_enumerator_t *this)
+METHOD(enumerator_t, entry_enumerator_destroy, void,
+	entry_enumerator_t *this)
 {
 	this->inner->destroy(this->inner);
 	free(this);
@@ -190,8 +190,9 @@ METHOD(auth_cfg_t, create_enumerator, enumerator_t*,
 
 	INIT(enumerator,
 		.public = {
-			.enumerate = (void*)enumerate,
-			.destroy = (void*)entry_enumerator_destroy,
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _enumerate,
+			.destroy = _entry_enumerator_destroy,
 		},
 		.inner = array_create_enumerator(this->entries),
 	);
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 94c7820e1..07e6ea343 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -163,17 +163,23 @@ METHOD(credential_factory_t, create, void*,
 	return construct;
 }
 
-/**
- * Filter function for builder enumerator
- */
-static bool builder_filter(void *null, entry_t **entry, credential_type_t *type,
-						   void *dummy1, int *subtype)
+CALLBACK(builder_filter, bool,
+	void *null, enumerator_t *orig, va_list args)
 {
-	if ((*entry)->final)
+	entry_t *entry;
+	credential_type_t *type;
+	int *subtype;
+
+	VA_ARGS_VGET(args, type, subtype);
+
+	while (orig->enumerate(orig, &entry))
 	{
-		*type = (*entry)->type;
-		*subtype = (*entry)->subtype;
-		return TRUE;
+		if (entry->final)
+		{
+			*type = entry->type;
+			*subtype = entry->subtype;
+			return TRUE;
+		}
 	}
 	return FALSE;
 }
@@ -184,7 +190,7 @@ METHOD(credential_factory_t, create_builder_enumerator, enumerator_t*,
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(
 				this->constructors->create_enumerator(this->constructors),
-				(void*)builder_filter, this->lock, (void*)this->lock->unlock);
+				builder_filter, this->lock, (void*)this->lock->unlock);
 }
 
 METHOD(credential_factory_t, destroy, void,
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 95c5cd777..0a8d3d101 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -155,8 +155,12 @@ METHOD(credential_manager_t, call_hook, void,
 }
 
 METHOD(enumerator_t, sets_enumerate, bool,
-	sets_enumerator_t *this, credential_set_t **set)
+	sets_enumerator_t *this, va_list args)
 {
+	credential_set_t **set;
+
+	VA_ARGS_VGET(args, set);
+
 	if (this->exclusive)
 	{
 		if (this->exclusive->enumerate(this->exclusive, set))
@@ -166,19 +170,19 @@ METHOD(enumerator_t, sets_enumerate, bool,
 			return TRUE;
 		}
 	}
-	if (this->global)
+	if (this->local)
 	{
-		if (this->global->enumerate(this->global, set))
+		if (this->local->enumerate(this->local, set))
 		{
 			return TRUE;
 		}
-		/* end of global sets, look for local */
-		this->global->destroy(this->global);
-		this->global = NULL;
+		/* end of local sets, look for global */
+		this->local->destroy(this->local);
+		this->local = NULL;
 	}
-	if (this->local)
+	if (this->global)
 	{
-		return this->local->enumerate(this->local, set);
+		return this->global->enumerate(this->global, set);
 	}
 	return FALSE;
 }
@@ -202,7 +206,8 @@ static enumerator_t *create_sets_enumerator(private_credential_manager_t *this)
 
 	INIT(enumerator,
 		.public = {
-			.enumerate = (void*)_sets_enumerate,
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _sets_enumerate,
 			.destroy = _sets_destroy,
 		},
 	);
@@ -807,11 +812,12 @@ static bool verify_trust_chain(private_credential_manager_t *this,
 	return trusted;
 }
 
-/**
- * List find match function for certificates
- */
-static bool cert_equals(certificate_t *a, certificate_t *b)
+CALLBACK(cert_equals, bool,
+	certificate_t *a, va_list args)
 {
+	certificate_t *b;
+
+	VA_ARGS_VGET(args, b);
 	return a->equals(a, b);
 }
 
@@ -840,9 +846,12 @@ typedef struct {
 } trusted_enumerator_t;
 
 METHOD(enumerator_t, trusted_enumerate, bool,
-	trusted_enumerator_t *this, certificate_t **cert, auth_cfg_t **auth)
+	trusted_enumerator_t *this, va_list args)
 {
-	certificate_t *current;
+	certificate_t *current, **cert;
+	auth_cfg_t **auth;
+
+	VA_ARGS_VGET(args, cert, auth);
 
 	DESTROY_IF(this->auth);
 	this->auth = auth_cfg_create();
@@ -888,8 +897,7 @@ METHOD(enumerator_t, trusted_enumerate, bool,
 			continue;
 		}
 
-		if (this->failed->find_first(this->failed, (void*)cert_equals,
-									 NULL, current) == SUCCESS)
+		if (this->failed->find_first(this->failed, cert_equals, NULL, current))
 		{	/* check each candidate only once */
 			continue;
 		}
@@ -931,7 +939,8 @@ METHOD(credential_manager_t, create_trusted_enumerator, enumerator_t*,
 
 	INIT(enumerator,
 		.public = {
-			.enumerate = (void*)_trusted_enumerate,
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _trusted_enumerate,
 			.destroy = _trusted_destroy,
 		},
 		.this = this,
@@ -960,9 +969,13 @@ typedef struct {
 } public_enumerator_t;
 
 METHOD(enumerator_t, public_enumerate, bool,
-	public_enumerator_t *this, public_key_t **key, auth_cfg_t **auth)
+	public_enumerator_t *this, va_list args)
 {
 	certificate_t *cert;
+	public_key_t **key;
+	auth_cfg_t **auth;
+
+	VA_ARGS_VGET(args, key, auth);
 
 	while (this->inner->enumerate(this->inner, &cert, auth))
 	{
@@ -1001,7 +1014,8 @@ METHOD(credential_manager_t, create_public_enumerator, enumerator_t*,
 
 	INIT(enumerator,
 		.public = {
-			.enumerate = (void*)_public_enumerate,
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _public_enumerate,
 			.destroy = _public_destroy,
 		},
 		.inner = create_trusted_enumerator(this, type, id, online),
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 2c76ad680..87f7e6664 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -272,8 +272,12 @@ typedef struct  {
 } private_enumerator_t;
 
 METHOD(enumerator_t, signature_schemes_enumerate, bool,
-	private_enumerator_t *this, signature_scheme_t *scheme)
+	private_enumerator_t *this, va_list args)
 {
+	signature_scheme_t *scheme;
+
+	VA_ARGS_VGET(args, scheme);
+
 	while (++this->index < countof(scheme_map))
 	{
 		if (this->type == scheme_map[this->index].type &&
@@ -296,7 +300,8 @@ enumerator_t *signature_schemes_for_key(key_type_t type, int size)
 
 	INIT(this,
 		.public = {
-			.enumerate = (void*)_signature_schemes_enumerate,
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _signature_schemes_enumerate,
 			.destroy = (void*)free,
 		},
 		.index = -1,
diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
index 8393d5b18..1cd4b9d03 100644
--- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
+++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
@@ -112,15 +112,15 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
 	return TRUE;
 }
 
-/**
- * enumerate function for wrapper_enumerator_t
- */
-static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
+METHOD(enumerator_t, enumerate, bool,
+	wrapper_enumerator_t *this, va_list args)
 {
 	auth_rule_t rule;
-	certificate_t *current;
+	certificate_t *current, **cert;
 	public_key_t *public;
 
+	VA_ARGS_VGET(args, cert);
+
 	while (this->inner->enumerate(this->inner, &rule, &current))
 	{
 		if (rule == AUTH_HELPER_IM_HASH_URL ||
@@ -164,10 +164,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
 	return FALSE;
 }
 
-/**
- * destroy function for wrapper_enumerator_t
- */
-static void wrapper_enumerator_destroy(wrapper_enumerator_t *this)
+METHOD(enumerator_t, wrapper_enumerator_destroy, void,
+	wrapper_enumerator_t *this)
 {
 	this->inner->destroy(this->inner);
 	free(this);
@@ -183,14 +181,18 @@ METHOD(credential_set_t, create_enumerator, enumerator_t*,
 	{
 		return NULL;
 	}
-	enumerator = malloc_thing(wrapper_enumerator_t);
-	enumerator->auth = this->auth;
-	enumerator->cert = cert;
-	enumerator->key = key;
-	enumerator->id = id;
-	enumerator->inner = this->auth->create_enumerator(this->auth);
-	enumerator->public.enumerate = (void*)enumerate;
-	enumerator->public.destroy = (void*)wrapper_enumerator_destroy;
+	INIT(enumerator,
+		.public = {
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _enumerate,
+			.destroy = _wrapper_enumerator_destroy,
+		},
+		.auth = this->auth,
+		.cert = cert,
+		.key = key,
+		.id = id,
+		.inner = this->auth->create_enumerator(this->auth),
+	);
 	return &enumerator->public;
 }
 
diff --git a/src/libstrongswan/credentials/sets/callback_cred.c b/src/libstrongswan/credentials/sets/callback_cred.c
index bff33f029..0d72452da 100644
--- a/src/libstrongswan/credentials/sets/callback_cred.c
+++ b/src/libstrongswan/credentials/sets/callback_cred.c
@@ -60,9 +60,12 @@ typedef struct {
 } shared_enumerator_t;
 
 METHOD(enumerator_t, shared_enumerate, bool,
-	shared_enumerator_t *this, shared_key_t **out,
-	id_match_t *match_me, id_match_t *match_other)
+	shared_enumerator_t *this, va_list args)
 {
+	shared_key_t **out;
+	id_match_t *match_me, *match_other;
+
+	VA_ARGS_VGET(args, out, match_me, match_other);
 	DESTROY_IF(this->current);
 	this->current = this->this->cb.shared(this->this->data, this->type,
 								this->me, this->other, match_me, match_other);
@@ -89,7 +92,8 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 
 	INIT(enumerator,
 		.public = {
-			.enumerate = (void*)_shared_enumerate,
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _shared_enumerate,
 			.destroy = _shared_destroy,
 		},
 		.this = this,
diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c
index 24fdb194b..92d5efdc6 100644
--- a/src/libstrongswan/credentials/sets/cert_cache.c
+++ b/src/libstrongswan/credentials/sets/cert_cache.c
@@ -252,13 +252,14 @@ typedef struct {
 	int locked;
 } cert_enumerator_t;
 
-/**
- * filter function for certs enumerator
- */
-static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
+METHOD(enumerator_t, cert_enumerate, bool,
+	cert_enumerator_t *this, va_list args)
 {
 	public_key_t *public;
 	relation_t *rel;
+	certificate_t **out;
+
+	VA_ARGS_VGET(args, out);
 
 	if (this->locked >= 0)
 	{
@@ -311,10 +312,8 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
 	return FALSE;
 }
 
-/**
- * clean up enumeration data
- */
-static void cert_enumerator_destroy(cert_enumerator_t *this)
+METHOD(enumerator_t, cert_enumerator_destroy, void,
+	cert_enumerator_t *this)
 {
 	relation_t *rel;
 
@@ -336,16 +335,19 @@ METHOD(credential_set_t, create_enumerator, enumerator_t*,
 	{
 		return NULL;
 	}
-	enumerator = malloc_thing(cert_enumerator_t);
-	enumerator->public.enumerate = (void*)cert_enumerate;
-	enumerator->public.destroy = (void*)cert_enumerator_destroy;
-	enumerator->cert = cert;
-	enumerator->key = key;
-	enumerator->id = id;
-	enumerator->relations = this->relations;
-	enumerator->index = -1;
-	enumerator->locked = -1;
-
+	INIT(enumerator,
+		.public = {
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _cert_enumerate,
+			.destroy = _cert_enumerator_destroy,
+		},
+		.cert = cert,
+		.key = key,
+		.id = id,
+		.relations = this->relations,
+		.index = -1,
+		.locked = -1,
+	);
 	return &enumerator->public;
 }
 
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index 53e035f98..4d594e439 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -74,25 +74,27 @@ typedef struct {
 	identification_t *id;
 } cert_data_t;
 
-/**
- * destroy cert_data
- */
-static void cert_data_destroy(cert_data_t *data)
+CALLBACK(cert_data_destroy, void,
+	cert_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
 }
 
-/**
- * filter function for certs enumerator
- */
-static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **out)
+CALLBACK(certs_filter, bool,
+	cert_data_t *data, enumerator_t *orig, va_list args)
 {
 	public_key_t *public;
-	certificate_t *cert = *in;
+	certificate_t *cert, **out;
+
+	VA_ARGS_VGET(args, out);
 
-	if (data->cert == CERT_ANY || data->cert == cert->get_type(cert))
+	while (orig->enumerate(orig, &cert))
 	{
+		if (data->cert != CERT_ANY && data->cert != cert->get_type(cert))
+		{
+			continue;
+		}
 		public = cert->get_public_key(cert);
 		if (public)
 		{
@@ -102,7 +104,7 @@ static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **
 											data->id->get_encoding(data->id)))
 				{
 					public->destroy(public);
-					*out = *in;
+					*out = cert;
 					return TRUE;
 				}
 			}
@@ -110,11 +112,11 @@ static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **
 		}
 		else if (data->key != KEY_ANY)
 		{
-			return FALSE;
+			continue;
 		}
-		if (data->id == NULL || cert->has_subject(cert, data->id))
+		if (!data->id || cert->has_subject(cert, data->id))
 		{
-			*out = *in;
+			*out = cert;
 			return TRUE;
 		}
 	}
@@ -143,12 +145,16 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 	{
 		enumerator = this->untrusted->create_enumerator(this->untrusted);
 	}
-	return enumerator_create_filter(enumerator, (void*)certs_filter, data,
-									(void*)cert_data_destroy);
+	return enumerator_create_filter(enumerator, certs_filter, data,
+									cert_data_destroy);
 }
 
-static bool certificate_equals(certificate_t *item, certificate_t *cert)
+CALLBACK(certificate_equals, bool,
+	certificate_t *item, va_list args)
 {
+	certificate_t *cert;
+
+	VA_ARGS_VGET(args, cert);
 	return item->equals(item, cert);
 }
 
@@ -161,9 +167,8 @@ static certificate_t *add_cert_internal(private_mem_cred_t *this, bool trusted,
 {
 	certificate_t *cached;
 	this->lock->write_lock(this->lock);
-	if (this->untrusted->find_first(this->untrusted,
-									(linked_list_match_t)certificate_equals,
-									(void**)&cached, cert) == SUCCESS)
+	if (this->untrusted->find_first(this->untrusted, certificate_equals,
+									(void**)&cached, cert))
 	{
 		cert->destroy(cert);
 		cert = cached->get_ref(cached);
@@ -199,9 +204,8 @@ METHOD(mem_cred_t, get_cert_ref, certificate_t*,
 	certificate_t *cached;
 
 	this->lock->read_lock(this->lock);
-	if (this->untrusted->find_first(this->untrusted,
-									(linked_list_match_t)certificate_equals,
-									(void**)&cached, cert) == SUCCESS)
+	if (this->untrusted->find_first(this->untrusted, certificate_equals,
+									(void**)&cached, cert))
 	{
 		cert->destroy(cert);
 		cert = cached->get_ref(cached);
@@ -301,30 +305,30 @@ typedef struct {
 	identification_t *id;
 } key_data_t;
 
-/**
- * Destroy key enumerator data
- */
-static void key_data_destroy(key_data_t *data)
+CALLBACK(key_data_destroy, void,
+	key_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
 }
 
-/**
- * filter function for private key enumerator
- */
-static bool key_filter(key_data_t *data, private_key_t **in, private_key_t **out)
+CALLBACK(key_filter, bool,
+	key_data_t *data, enumerator_t *orig, va_list args)
 {
-	private_key_t *key;
+	private_key_t *key, **out;
+
+	VA_ARGS_VGET(args, out);
 
-	key = *in;
-	if (data->type == KEY_ANY || data->type == key->get_type(key))
+	while (orig->enumerate(orig, &key))
 	{
-		if (data->id == NULL ||
-			key->has_fingerprint(key, data->id->get_encoding(data->id)))
+		if (data->type == KEY_ANY || data->type == key->get_type(key))
 		{
-			*out = key;
-			return TRUE;
+			if (data->id == NULL ||
+				key->has_fingerprint(key, data->id->get_encoding(data->id)))
+			{
+				*out = key;
+				return TRUE;
+			}
 		}
 	}
 	return FALSE;
@@ -342,7 +346,7 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
 	);
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->keys->create_enumerator(this->keys),
-							(void*)key_filter, data, (void*)key_data_destroy);
+									key_filter, data, key_data_destroy);
 }
 
 METHOD(mem_cred_t, add_key, void,
@@ -468,10 +472,8 @@ typedef struct {
 	shared_key_type_t type;
 } shared_data_t;
 
-/**
- * free shared key enumerator data and unlock list
- */
-static void shared_data_destroy(shared_data_t *data)
+CALLBACK(shared_data_destroy, void,
+	shared_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
@@ -499,44 +501,47 @@ static id_match_t has_owner(shared_entry_t *entry, identification_t *owner)
 	return best;
 }
 
-/**
- * enumerator filter function for shared entries
- */
-static bool shared_filter(shared_data_t *data,
-						  shared_entry_t **in, shared_key_t **out,
-						  void **unused1, id_match_t *me,
-						  void **unused2, id_match_t *other)
+CALLBACK(shared_filter, bool,
+	shared_data_t *data, enumerator_t *orig, va_list args)
 {
 	id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE;
-	shared_entry_t *entry = *in;
+	shared_entry_t *entry;
+	shared_key_t **out;
+	id_match_t *me, *other;
 
-	if (data->type != SHARED_ANY &&
-		entry->shared->get_type(entry->shared) != data->type)
-	{
-		return FALSE;
-	}
-	if (data->me)
-	{
-		my_match = has_owner(entry, data->me);
-	}
-	if (data->other)
-	{
-		other_match = has_owner(entry, data->other);
-	}
-	if ((data->me || data->other) && (!my_match && !other_match))
-	{
-		return FALSE;
-	}
-	*out = entry->shared;
-	if (me)
-	{
-		*me = my_match;
-	}
-	if (other)
+	VA_ARGS_VGET(args, out, me, other);
+
+	while (orig->enumerate(orig, &entry))
 	{
-		*other = other_match;
+		if (data->type != SHARED_ANY &&
+			entry->shared->get_type(entry->shared) != data->type)
+		{
+			continue;
+		}
+		if (data->me)
+		{
+			my_match = has_owner(entry, data->me);
+		}
+		if (data->other)
+		{
+			other_match = has_owner(entry, data->other);
+		}
+		if ((data->me || data->other) && (!my_match && !other_match))
+		{
+			continue;
+		}
+		*out = entry->shared;
+		if (me)
+		{
+			*me = my_match;
+		}
+		if (other)
+		{
+			*other = other_match;
+		}
+		return TRUE;
 	}
-	return TRUE;
+	return FALSE;
 }
 
 METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
@@ -554,7 +559,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 	data->lock->read_lock(data->lock);
 	return enumerator_create_filter(
 						this->shared->create_enumerator(this->shared),
-						(void*)shared_filter, data, (void*)shared_data_destroy);
+						shared_filter, data, shared_data_destroy);
 }
 
 METHOD(mem_cred_t, add_shared_unique, void,
@@ -648,23 +653,27 @@ METHOD(mem_cred_t, remove_shared_unique, void,
 	this->lock->unlock(this->lock);
 }
 
-/**
- * Filter unique ids of shared keys (ingore secrets without unique id)
- */
-static bool unique_filter(void *unused,
-						  shared_entry_t **in, char **id)
+CALLBACK(unique_filter, bool,
+	void *unused, enumerator_t *orig, va_list args)
 {
-	shared_entry_t *entry = *in;
+	shared_entry_t *entry;
+	char **id;
 
-	if (!entry->id)
-	{
-		return FALSE;
-	}
-	if (id)
+	VA_ARGS_VGET(args, id);
+
+	while (orig->enumerate(orig, &entry))
 	{
-		*id = entry->id;
+		if (!entry->id)
+		{
+			continue;
+		}
+		if (id)
+		{
+			*id = entry->id;
+		}
+		return TRUE;
 	}
-	return TRUE;
+	return FALSE;
 }
 
 METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*,
@@ -673,7 +682,7 @@ METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*,
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(
 								this->shared->create_enumerator(this->shared),
-								(void*)unique_filter, this->lock,
+								unique_filter, this->lock,
 								(void*)this->lock->unlock);
 }
 
@@ -721,30 +730,35 @@ typedef struct {
 	rwlock_t *lock;
 } cdp_data_t;
 
-/**
- * Clean up CDP enumerator data
- */
-static void cdp_data_destroy(cdp_data_t *data)
+CALLBACK(cdp_data_destroy, void,
+	cdp_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
 }
 
-/**
- * CDP enumerator filter
- */
-static bool cdp_filter(cdp_data_t *data, cdp_t **cdp, char **uri)
+CALLBACK(cdp_filter, bool,
+	cdp_data_t *data, enumerator_t *orig, va_list args)
 {
-	if (data->type != CERT_ANY && data->type != (*cdp)->type)
-	{
-		return FALSE;
-	}
-	if (data->id && !(*cdp)->id->matches((*cdp)->id, data->id))
+	cdp_t *cdp;
+	char **uri;
+
+	VA_ARGS_VGET(args, uri);
+
+	while (orig->enumerate(orig, &cdp))
 	{
-		return FALSE;
+		if (data->type != CERT_ANY && data->type != cdp->type)
+		{
+			continue;
+		}
+		if (data->id && !cdp->id->matches(cdp->id, data->id))
+		{
+			continue;
+		}
+		*uri = cdp->uri;
+		return TRUE;
 	}
-	*uri = (*cdp)->uri;
-	return TRUE;
+	return FALSE;
 }
 
 METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
@@ -759,7 +773,7 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
 	);
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->cdps->create_enumerator(this->cdps),
-							(void*)cdp_filter, data, (void*)cdp_data_destroy);
+									cdp_filter, data, cdp_data_destroy);
 
 }
 
diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h
index 135515260..f55c3ccdf 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.h
+++ b/src/libstrongswan/credentials/sets/mem_cred.h
@@ -62,7 +62,7 @@ struct mem_cred_t {
 	/**
 	 * Get an existing reference to the same certificate.
 	 *
-	 * Searches for the same certficate in the set, and returns a reference
+	 * Searches for the same certificate in the set, and returns a reference
 	 * to it, destroying the passed certificate. If the passed certificate
 	 * is not found, it is just returned.
 	 *
diff --git a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c
index 151d69216..12d3f8156 100644
--- a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c
+++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c
@@ -49,14 +49,15 @@ typedef struct {
 	identification_t *id;
 } wrapper_enumerator_t;
 
-/**
- * enumerate function wrapper_enumerator_t
- */
-static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
+METHOD(enumerator_t, enumerate, bool,
+	wrapper_enumerator_t *this, va_list args)
 {
-	certificate_t *current;
+	certificate_t *current, **cert;
 	public_key_t *public;
 
+
+	VA_ARGS_VGET(args, cert);
+
 	while (this->inner->enumerate(this->inner, &current))
 	{
 		if (this->cert != CERT_ANY && this->cert != current->get_type(current))
@@ -85,10 +86,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
 	return FALSE;
 }
 
-/**
- * destroy function for wrapper_enumerator_t
- */
-static void enumerator_destroy(wrapper_enumerator_t *this)
+METHOD(enumerator_t, enumerator_destroy, void,
+	wrapper_enumerator_t *this)
 {
 	this->inner->destroy(this->inner);
 	free(this);
@@ -105,13 +104,17 @@ METHOD(credential_set_t, create_enumerator, enumerator_t*,
 		return NULL;
 	}
 
-	enumerator = malloc_thing(wrapper_enumerator_t);
-	enumerator->cert = cert;
-	enumerator->key = key;
-	enumerator->id = id;
-	enumerator->inner = this->response->create_cert_enumerator(this->response);
-	enumerator->public.enumerate = (void*)enumerate;
-	enumerator->public.destroy = (void*)enumerator_destroy;
+	INIT(enumerator,
+		.public = {
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _enumerate,
+			.destroy = _enumerator_destroy,
+		},
+		.cert = cert,
+		.key = key,
+		.id = id,
+		.inner = this->response->create_cert_enumerator(this->response),
+	);
 	return &enumerator->public;
 }