Index: cups/http.c
===================================================================
--- cups/http.c	(revision 62)
+++ cups/http.c	(working copy)
@@ -1257,31 +1257,32 @@
   OSStatus	result;			/* Return value */
   ssize_t	bytes;			/* Number of bytes read */
 
+  do
+    bytes = recv((int)connection, data, *dataLength, 0);
+  while (bytes == -1 && errno == EINTR);
 
-  for (;;)
+  if (bytes == *dataLength)
+    result = 0;
+  else if (bytes > 0)
   {
-    bytes = recv((int)connection, data, *dataLength, 0);
+    *dataLength = bytes;
+    result = errSSLWouldBlock;
+  }
+  else
+  {
+    *dataLength = 0;
 
-    if (bytes > 0)
-    {
-      result      = (bytes == *dataLength);
-      *dataLength = bytes;
-
-      return (result);
-    }
-
     if (bytes == 0)
-      return (errSSLClosedAbort);
+      result = errSSLClosedAbort;
+    else if (errno == EAGAIN)
+      result = errSSLWouldBlock;
+    else if (errno == EPIPE)
+      result = errSSLClosedAbort;
+    else
+      result = errSSLInternal;
+  }
 
-    if (errno == EAGAIN)
-      return (errSSLWouldBlock);
-
-    if (errno == EPIPE)
-      return (errSSLClosedAbort);
-
-    if (errno != EINTR)
-      return (errSSLInternal);
-  }
+  return result;
 }
 #endif /* HAVE_SSL && HAVE_CDSASSL */
 
@@ -1810,28 +1811,30 @@
   OSStatus	result;			/* Return value */
   ssize_t	bytes;			/* Number of bytes read */
 
+  do
+    bytes = write((int)connection, data, *dataLength);
+  while (bytes == -1 && errno == EINTR);
 
-  for (;;)
+  if (bytes == *dataLength)
+    result = 0;
+  else if (bytes >= 0)
   {
-    bytes = write((int)connection, data, *dataLength);
-
-    if (bytes >= 0)
-    {
-      result      = (bytes == *dataLength) ? 0 : errSSLWouldBlock;
-      *dataLength = bytes;
-
-      return (result);
-    }
-
+    *dataLength = bytes;
+    result = errSSLWouldBlock;
+  }
+  else
+  {
+    *dataLength = 0;
+  
     if (errno == EAGAIN)
-      return (errSSLWouldBlock);
+      result = errSSLWouldBlock;
+    else if (errno == EPIPE)
+      result = errSSLClosedAbort;
+    else
+      result = errSSLInternal;
+  }
 
-    if (errno == EPIPE)
-      return (errSSLClosedAbort);
-
-    if (errno != EINTR)
-      return (errSSLInternal);
-  }
+  return result;
 }
 #endif /* HAVE_SSL && HAVE_CDSASSL */
 
@@ -1887,8 +1890,13 @@
 	result = 0;
 	break;
     case errSSLWouldBlock :
-	errno = EAGAIN;
-	result = -1;
+	if (processed)
+	  result = (int)processed;
+	else
+	{
+	  result = -1;
+	  errno = EINTR;
+	}
 	break;
     default :
 	errno = EPIPE;
@@ -2139,7 +2147,10 @@
     error = SSLSetAllowsAnyRoot(conn, true);
 
   if (!error)
-    error = SSLHandshake(conn);
+  {
+    while ((error = SSLHandshake(conn)) == errSSLWouldBlock)
+      usleep(1000);
+  }
 
   if (error != 0)
   {
@@ -2196,7 +2207,9 @@
   free(conn);
 
 #  elif defined(HAVE_CDSASSL)
-  SSLClose((SSLContextRef)http->tls);
+  while (SSLClose((SSLContextRef)http->tls) == errSSLWouldBlock)
+    usleep(1000);
+
   SSLDisposeContext((SSLContextRef)http->tls);
 #  endif /* HAVE_LIBSSL */
 
@@ -2561,8 +2574,13 @@
 	result = 0;
 	break;
     case errSSLWouldBlock :
-	errno = EAGAIN;
-	result = -1;
+	if (processed)
+	  result = (int)processed;
+	else
+	{
+	  result = -1;
+	  errno = EINTR;
+	}
 	break;
     default :
 	errno = EPIPE;
Index: cups/ppd.c
===================================================================
--- cups/ppd.c	(revision 62)
+++ cups/ppd.c	(working copy)
@@ -244,6 +244,8 @@
     ppd_free(ppd->attrs);
   }
 
+  cupsArrayDelete(ppd->sorted_attrs);
+
  /*
   * Free custom options...
   */
Index: scheduler/client.c
===================================================================
--- scheduler/client.c	(revision 62)
+++ scheduler/client.c	(working copy)
@@ -515,7 +515,9 @@
     free(conn);
 
 #  elif defined(HAVE_CDSASSL)
-    SSLClose((SSLContextRef)con->http.tls);
+    while (SSLClose((SSLContextRef)con->http.tls) == errSSLWouldBlock)
+      usleep(1000);
+
     SSLDisposeContext((SSLContextRef)con->http.tls);
 #  endif /* HAVE_LIBSSL */
 
@@ -755,6 +757,7 @@
 #elif defined(HAVE_CDSASSL)
   OSStatus	error;			/* Error info */
   SSLContextRef	conn;			/* New connection */
+  CFArrayRef	certificatesArray;	/* Array containing certificates */
   int		allowExpired;		/* Allow expired certificates? */
   int		allowAnyRoot;		/* Allow any root certificate? */
 
@@ -764,10 +767,9 @@
   allowExpired = 1;
   allowAnyRoot = 1;
 
-  if (!ServerCertificatesArray)
-    ServerCertificatesArray = get_cdsa_server_certs();
+  certificatesArray = get_cdsa_server_certs();
 
-  if (!ServerCertificatesArray)
+  if (!certificatesArray)
   {
     cupsdLogMessage(CUPSD_LOG_ERROR,
         	    "EncryptClient: Could not find signing key in keychain "
@@ -794,22 +796,23 @@
   if (!error && allowAnyRoot)
     error = SSLSetAllowsAnyRoot(conn, true);
 
-  if (!error && ServerCertificatesArray)
+  if (!error)
+    error = SSLSetCertificate(conn, certificatesArray);
+
+  if (certificatesArray)
   {
-    error = SSLSetCertificate(conn, ServerCertificatesArray);
+    CFRelease(certificatesArray);
+    certificatesArray = NULL;
+  }
 
+  if (!error)
+  {
    /*
     * Perform SSL/TLS handshake
     */
-  
-    if (!error)
-    {
-      do
-      {
-	error = SSLHandshake(conn);
-      }
-      while (error == errSSLWouldBlock);
-    }
+
+    while ((error = SSLHandshake(conn)) == errSSLWouldBlock)
+      usleep(1000);
   }
 
   if (error)
@@ -2792,7 +2795,7 @@
  * To create a self-signed certificate for testing use the certtool.
  * Executing the following as root will do it:
  *
- *     certtool c c v k=CUPS
+ *     certtool c k=/Library/Keychains/System.keychain
  */
 
 static CFArrayRef			/* O - Array of certificates */
@@ -2848,19 +2851,19 @@
 	  * to array as well.
 	  */
 
-	  ca = CFArrayCreate(NULL, (const void **)&identity, 1, NULL);
+	  ca = CFArrayCreate(NULL, (const void **)&identity, 1, &kCFTypeArrayCallBacks);
 
 	  if (ca == nil)
 	    cupsdLogMessage(CUPSD_LOG_ERROR, "CFArrayCreate error");
 	}
 
-	/*CFRelease(identity);*/
+	CFRelease(identity);
       }
 
-      /*CFRelease(srchRef);*/
+      CFRelease(srchRef);
     }
 
-    /*CFRelease(kcRef);*/
+    CFRelease(kcRef);
   }
 
   return (ca);
Index: scheduler/conf.h
===================================================================
--- scheduler/conf.h	(revision 62)
+++ scheduler/conf.h	(working copy)
@@ -186,9 +186,6 @@
 #  if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
 VAR char		*ServerKey		VALUE(NULL);
 					/* Server key file */
-#  else
-VAR CFArrayRef		ServerCertificatesArray	VALUE(NULL);
-					/* Array containing certificates */
 #  endif /* HAVE_LIBSSL || HAVE_GNUTLS */
 #endif /* HAVE_SSL */
 
Index: scheduler/server.c
===================================================================
--- scheduler/server.c	(revision 62)
+++ scheduler/server.c	(working copy)
@@ -152,19 +152,7 @@
     Clients = NULL;
   }
 
-#if defined(HAVE_SSL) && defined(HAVE_CDSASSL)
  /*
-  * Free all of the certificates...
-  */
-
-  if (ServerCertificatesArray)
-  {
-    CFRelease(ServerCertificatesArray);
-    ServerCertificatesArray = NULL;
-  }
-#endif /* HAVE_SSL && HAVE_CDSASSL */
-
- /*
   * Close the pipe for CGI processes...
   */