[glib-networking] Use G_DECLARE_[FINAL,DERIVABLE]_TYPE



commit 4c49107f46084bbebb68895f611fdcd8b9dbd95f
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Thu Feb 8 00:08:21 2018 -0600

    Use G_DECLARE_[FINAL,DERIVABLE]_TYPE
    
    This means we eliminate the priv pointer from final classes, and access
    it via the _get_instance_private() getter for derivable classes. It's a
    mechanical transformation, except in GTlsCertificateGnutls where a
    couple loops need adjusted to make it easier to get the priv struct of
    other GTlsCertificateGnutls objects.
    
    This is considered the modern best-practice, and is possible now that we
    finally depend on a recent version of GLib.

 proxy/gnome/gproxyresolvergnome.h          |   13 +-
 proxy/libproxy/glibproxyresolver.h         |   13 +-
 tls/gnutls/gtlsbackend-gnutls-pkcs11.c     |    5 +
 tls/gnutls/gtlsbackend-gnutls-pkcs11.h     |   22 +-
 tls/gnutls/gtlsbackend-gnutls.c            |   29 +-
 tls/gnutls/gtlsbackend-gnutls.h            |   16 +-
 tls/gnutls/gtlscertificate-gnutls-pkcs11.c |   43 +-
 tls/gnutls/gtlscertificate-gnutls-pkcs11.h |   22 +-
 tls/gnutls/gtlscertificate-gnutls.c        |  189 +++++---
 tls/gnutls/gtlscertificate-gnutls.h        |   17 +-
 tls/gnutls/gtlsclientconnection-gnutls.c   |  156 +++---
 tls/gnutls/gtlsclientconnection-gnutls.h   |   22 +-
 tls/gnutls/gtlsconnection-gnutls.c         |  712 +++++++++++++++-------------
 tls/gnutls/gtlsconnection-gnutls.h         |   17 +-
 tls/gnutls/gtlsdatabase-gnutls-pkcs11.c    |   55 +--
 tls/gnutls/gtlsdatabase-gnutls-pkcs11.h    |   22 +-
 tls/gnutls/gtlsdatabase-gnutls.h           |   16 +-
 tls/gnutls/gtlsfiledatabase-gnutls.c       |  117 +++---
 tls/gnutls/gtlsfiledatabase-gnutls.h       |   22 +-
 tls/gnutls/gtlsinputstream-gnutls.c        |   33 +-
 tls/gnutls/gtlsinputstream-gnutls.h        |   25 +-
 tls/gnutls/gtlsoutputstream-gnutls.c       |   33 +-
 tls/gnutls/gtlsoutputstream-gnutls.h       |   25 +-
 tls/gnutls/gtlsserverconnection-gnutls.c   |   22 +-
 tls/gnutls/gtlsserverconnection-gnutls.h   |   22 +-
 tls/pkcs11/gpkcs11pin.c                    |   33 +-
 tls/pkcs11/gpkcs11pin.h                    |   22 +-
 tls/pkcs11/gpkcs11slot.c                   |   87 ++--
 tls/pkcs11/gpkcs11slot.h                   |   22 +-
 tls/tests/mock-interaction.c               |    9 +
 tls/tests/mock-interaction.h               |   24 +-
 31 files changed, 817 insertions(+), 1048 deletions(-)
---
diff --git a/proxy/gnome/gproxyresolvergnome.h b/proxy/gnome/gproxyresolvergnome.h
index e55f91c..415d679 100644
--- a/proxy/gnome/gproxyresolvergnome.h
+++ b/proxy/gnome/gproxyresolvergnome.h
@@ -28,20 +28,9 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_PROXY_RESOLVER_GNOME         (g_proxy_resolver_gnome_get_type ())
-#define G_PROXY_RESOLVER_GNOME(o)           (G_TYPE_CHECK_INSTANCE_CAST ((o), G_TYPE_PROXY_RESOLVER_GNOME, 
GProxyResolverGnome))
-#define G_PROXY_RESOLVER_GNOME_CLASS(k)     (G_TYPE_CHECK_CLASS_CAST((k), G_TYPE_PROXY_RESOLVER_GNOME, 
GProxyResolverGnomeClass))
-#define G_IS_PROXY_RESOLVER_GNOME(o)        (G_TYPE_CHECK_INSTANCE_TYPE ((o), G_TYPE_PROXY_RESOLVER_GNOME))
-#define G_IS_PROXY_RESOLVER_GNOME_CLASS(k)  (G_TYPE_CHECK_CLASS_TYPE ((k), G_TYPE_PROXY_RESOLVER_GNOME))
-#define G_PROXY_RESOLVER_GNOME_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), G_TYPE_PROXY_RESOLVER_GNOME, 
GProxyResolverGnomeClass))
 
-typedef struct _GProxyResolverGnome       GProxyResolverGnome;
-typedef struct _GProxyResolverGnomeClass  GProxyResolverGnomeClass;
+G_DECLARE_FINAL_TYPE (GProxyResolverGnome, g_proxy_resolver_gnome, G, PROXY_RESOLVER_GNOME, GObject)
 
-struct _GProxyResolverGnomeClass {
-  GObjectClass parent_class;
-};
-
-GType g_proxy_resolver_gnome_get_type (void);
 void  g_proxy_resolver_gnome_register (GIOModule *module);
 
 G_END_DECLS
diff --git a/proxy/libproxy/glibproxyresolver.h b/proxy/libproxy/glibproxyresolver.h
index c6861be..3a2e361 100644
--- a/proxy/libproxy/glibproxyresolver.h
+++ b/proxy/libproxy/glibproxyresolver.h
@@ -30,20 +30,9 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_LIBPROXY_RESOLVER         (g_libproxy_resolver_get_type ())
-#define G_LIBPROXY_RESOLVER(o)           (G_TYPE_CHECK_INSTANCE_CAST ((o), G_TYPE_LIBPROXY_RESOLVER, 
GLibProxyResolver))
-#define G_LIBPROXY_RESOLVER_CLASS(k)     (G_TYPE_CHECK_CLASS_CAST((k), G_TYPE_LIBPROXY_RESOLVER, 
GLibProxyResolverClass))
-#define G_IS_LIBPROXY_RESOLVER(o)        (G_TYPE_CHECK_INSTANCE_TYPE ((o), G_TYPE_LIBPROXY_RESOLVER))
-#define G_IS_LIBPROXY_RESOLVER_CLASS(k)  (G_TYPE_CHECK_CLASS_TYPE ((k), G_TYPE_LIBPROXY_RESOLVER))
-#define G_LIBPROXY_RESOLVER_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), G_TYPE_LIBPROXY_RESOLVER, 
GLibProxyResolverClass))
 
-typedef struct _GLibProxyResolver       GLibProxyResolver;
-typedef struct _GLibProxyResolverClass  GLibProxyResolverClass;
+G_DECLARE_FINAL_TYPE (GLibProxyResolver, g_libproxy_resolver, G, LIBPROXY_RESOLVER, GObject)
 
-struct _GLibProxyResolverClass {
-  GObjectClass parent_class;
-};
-
-GType g_libproxy_resolver_get_type (void);
 void  g_libproxy_resolver_register (GIOModule *module);
 
 G_END_DECLS
diff --git a/tls/gnutls/gtlsbackend-gnutls-pkcs11.c b/tls/gnutls/gtlsbackend-gnutls-pkcs11.c
index bc3fbed..eb073ae 100644
--- a/tls/gnutls/gtlsbackend-gnutls-pkcs11.c
+++ b/tls/gnutls/gtlsbackend-gnutls-pkcs11.c
@@ -30,6 +30,11 @@
 #include "gtlsbackend-gnutls-pkcs11.h"
 #include "gtlsdatabase-gnutls-pkcs11.h"
 
+struct _GTlsBackendGnutlsPkcs11
+{
+  GTlsBackendGnutls parent_instance;
+};
+
 G_DEFINE_DYNAMIC_TYPE (GTlsBackendGnutlsPkcs11, g_tls_backend_gnutls_pkcs11, G_TYPE_TLS_BACKEND_GNUTLS);
 
 static void
diff --git a/tls/gnutls/gtlsbackend-gnutls-pkcs11.h b/tls/gnutls/gtlsbackend-gnutls-pkcs11.h
index 6ddb46a..44f4c03 100644
--- a/tls/gnutls/gtlsbackend-gnutls-pkcs11.h
+++ b/tls/gnutls/gtlsbackend-gnutls-pkcs11.h
@@ -35,26 +35,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_BACKEND_GNUTLS_PKCS11            (g_tls_backend_gnutls_pkcs11get_type ())
-#define G_TLS_BACKEND_GNUTLS_PKCS11(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_BACKEND_GNUTLS_PKCS11, GTlsBackendGnutlsPkcs11))
-#define G_TLS_BACKEND_GNUTLS_PKCS11_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_BACKEND_GNUTLS_PKCS11, GTlsBackendGnutlsPkcs11Class))
-#define G_IS_TLS_BACKEND_GNUTLS_PKCS11(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_BACKEND_GNUTLS_PKCS11))
-#define G_IS_TLS_BACKEND_GNUTLS_PKCS11_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_BACKEND_GNUTLS_PKCS11))
-#define G_TLS_BACKEND_GNUTLS_PKCS11_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_BACKEND_GNUTLS_PKCS11, GTlsBackendGnutlsPkcs11Class))
-
-typedef struct _GTlsBackendGnutlsPkcs11        GTlsBackendGnutlsPkcs11;
-typedef struct _GTlsBackendGnutlsPkcs11Class   GTlsBackendGnutlsPkcs11Class;
-
-struct _GTlsBackendGnutlsPkcs11Class
-{
-  GTlsBackendGnutlsClass parent_class;
-};
-
-struct _GTlsBackendGnutlsPkcs11
-{
-  GTlsBackendGnutls parent_instance;
-};
-
-GType        g_tls_backend_gnutls_pkcs11_get_type           (void) G_GNUC_CONST;
+
+G_DECLARE_FINAL_TYPE (GTlsBackendGnutlsPkcs11, g_tls_backend_gnutls_pkcs11, G, TLS_BACKEND_GNUTLS_PKCS11, 
GTlsBackendGnutls)
 
 void         g_tls_backend_gnutls_pkcs11_register           (GIOModule *module);
 
diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
index b0226c2..0a6b5d4 100644
--- a/tls/gnutls/gtlsbackend-gnutls.c
+++ b/tls/gnutls/gtlsbackend-gnutls.c
@@ -36,15 +36,16 @@
 #include "gtlsfiledatabase-gnutls.h"
 #include "gtlsserverconnection-gnutls.h"
 
-struct _GTlsBackendGnutlsPrivate
+typedef struct
 {
   GMutex mutex;
   GTlsDatabase *default_database;
-};
+} GTlsBackendGnutlsPrivate;
 
 static void g_tls_backend_gnutls_interface_init (GTlsBackendInterface *iface);
 
 G_DEFINE_DYNAMIC_TYPE_EXTENDED (GTlsBackendGnutls, g_tls_backend_gnutls, G_TYPE_OBJECT, 0,
+                                G_ADD_PRIVATE_DYNAMIC (GTlsBackendGnutls);
                                 G_IMPLEMENT_INTERFACE_DYNAMIC (G_TYPE_TLS_BACKEND,
                                                                g_tls_backend_gnutls_interface_init);)
 
@@ -82,6 +83,8 @@ static GOnce gnutls_inited = G_ONCE_INIT;
 static void
 g_tls_backend_gnutls_init (GTlsBackendGnutls *backend)
 {
+  GTlsBackendGnutlsPrivate *priv = g_tls_backend_gnutls_get_instance_private (backend);
+
   /* Once we call gtls_gnutls_init(), we can't allow the module to be
    * unloaded (since if gnutls gets unloaded but gcrypt doesn't, then
    * gcrypt will have dangling pointers to gnutls's mutex functions).
@@ -91,18 +94,18 @@ g_tls_backend_gnutls_init (GTlsBackendGnutls *backend)
    */
   g_once (&gnutls_inited, gtls_gnutls_init, NULL);
 
-  backend->priv = G_TYPE_INSTANCE_GET_PRIVATE (backend, G_TYPE_TLS_BACKEND_GNUTLS, GTlsBackendGnutlsPrivate);
-  g_mutex_init (&backend->priv->mutex);
+  g_mutex_init (&priv->mutex);
 }
 
 static void
 g_tls_backend_gnutls_finalize (GObject *object)
 {
   GTlsBackendGnutls *backend = G_TLS_BACKEND_GNUTLS (object);
+  GTlsBackendGnutlsPrivate *priv = g_tls_backend_gnutls_get_instance_private (backend);
 
-  if (backend->priv->default_database)
-    g_object_unref (backend->priv->default_database);
-  g_mutex_clear (&backend->priv->mutex);
+  if (priv->default_database)
+    g_object_unref (priv->default_database);
+  g_mutex_clear (&priv->mutex);
 
   G_OBJECT_CLASS (g_tls_backend_gnutls_parent_class)->finalize (object);
 }
@@ -124,7 +127,6 @@ g_tls_backend_gnutls_class_init (GTlsBackendGnutlsClass *backend_class)
   GObjectClass *gobject_class = G_OBJECT_CLASS (backend_class);
   gobject_class->finalize = g_tls_backend_gnutls_finalize;
   backend_class->create_database = g_tls_backend_gnutls_real_create_database;
-  g_type_class_add_private (backend_class, sizeof (GTlsBackendGnutlsPrivate));
 }
 
 static void
@@ -136,14 +138,15 @@ static GTlsDatabase*
 g_tls_backend_gnutls_get_default_database (GTlsBackend *backend)
 {
   GTlsBackendGnutls *self = G_TLS_BACKEND_GNUTLS (backend);
+  GTlsBackendGnutlsPrivate *priv = g_tls_backend_gnutls_get_instance_private (self);
   GTlsDatabase *result;
   GError *error = NULL;
 
-  g_mutex_lock (&self->priv->mutex);
+  g_mutex_lock (&priv->mutex);
 
-  if (self->priv->default_database)
+  if (priv->default_database)
     {
-      result = g_object_ref (self->priv->default_database);
+      result = g_object_ref (priv->default_database);
     }
   else
     {
@@ -158,11 +161,11 @@ g_tls_backend_gnutls_get_default_database (GTlsBackend *backend)
       else
         {
           g_assert (result);
-          self->priv->default_database = g_object_ref (result);
+          priv->default_database = g_object_ref (result);
         }
     }
 
-  g_mutex_unlock (&self->priv->mutex);
+  g_mutex_unlock (&priv->mutex);
 
   return result;
 }
diff --git a/tls/gnutls/gtlsbackend-gnutls.h b/tls/gnutls/gtlsbackend-gnutls.h
index 51bd039..09e8511 100644
--- a/tls/gnutls/gtlsbackend-gnutls.h
+++ b/tls/gnutls/gtlsbackend-gnutls.h
@@ -31,15 +31,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_BACKEND_GNUTLS            (g_tls_backend_gnutls_get_type ())
-#define G_TLS_BACKEND_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_TLS_BACKEND_GNUTLS, 
GTlsBackendGnutls))
-#define G_TLS_BACKEND_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_BACKEND_GNUTLS, 
GTlsBackendGnutlsClass))
-#define G_IS_TLS_BACKEND_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_TLS_BACKEND_GNUTLS))
-#define G_IS_TLS_BACKEND_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_BACKEND_GNUTLS))
-#define G_TLS_BACKEND_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_TLS_BACKEND_GNUTLS, 
GTlsBackendGnutlsClass))
 
-typedef struct _GTlsBackendGnutls        GTlsBackendGnutls;
-typedef struct _GTlsBackendGnutlsClass   GTlsBackendGnutlsClass;
-typedef struct _GTlsBackendGnutlsPrivate GTlsBackendGnutlsPrivate;
+G_DECLARE_DERIVABLE_TYPE (GTlsBackendGnutls, g_tls_backend_gnutls, G, TLS_BACKEND_GNUTLS, GObject)
 
 struct _GTlsBackendGnutlsClass
 {
@@ -49,13 +42,6 @@ struct _GTlsBackendGnutlsClass
                                            GError                    **error);
 };
 
-struct _GTlsBackendGnutls
-{
-  GObject parent_instance;
-  GTlsBackendGnutlsPrivate *priv;
-};
-
-GType g_tls_backend_gnutls_get_type (void) G_GNUC_CONST;
 void  g_tls_backend_gnutls_register (GIOModule *module);
 
 void    g_tls_backend_gnutls_store_session  (unsigned int             type,
diff --git a/tls/gnutls/gtlscertificate-gnutls-pkcs11.c b/tls/gnutls/gtlscertificate-gnutls-pkcs11.c
index 2e0e1b2..ae02982 100644
--- a/tls/gnutls/gtlscertificate-gnutls-pkcs11.c
+++ b/tls/gnutls/gtlscertificate-gnutls-pkcs11.c
@@ -33,9 +33,6 @@
 #include "gtlscertificate-gnutls.h"
 #include "gtlscertificate-gnutls-pkcs11.h"
 
-G_DEFINE_TYPE (GTlsCertificateGnutlsPkcs11, g_tls_certificate_gnutls_pkcs11,
-               G_TYPE_TLS_CERTIFICATE_GNUTLS);
-
 enum
 {
   PROP_0,
@@ -44,19 +41,24 @@ enum
   PROP_PRIVATE_KEY_URI
 };
 
-struct _GTlsCertificateGnutlsPkcs11Private
+struct _GTlsCertificateGnutlsPkcs11
 {
+  GTlsCertificateGnutls parent_instance;
+
   gchar *certificate_uri;
   gchar *private_key_uri;
 };
 
+G_DEFINE_TYPE (GTlsCertificateGnutlsPkcs11, g_tls_certificate_gnutls_pkcs11,
+               G_TYPE_TLS_CERTIFICATE_GNUTLS);
+
 static void
 g_tls_certificate_gnutls_pkcs11_finalize (GObject *object)
 {
   GTlsCertificateGnutlsPkcs11 *self = G_TLS_CERTIFICATE_GNUTLS_PKCS11 (object);
 
-  g_free (self->priv->certificate_uri);
-  g_free (self->priv->private_key_uri);
+  g_free (self->certificate_uri);
+  g_free (self->private_key_uri);
 
   G_OBJECT_CLASS (g_tls_certificate_gnutls_pkcs11_parent_class)->finalize (object);
 }
@@ -72,10 +74,10 @@ g_tls_certificate_gnutls_pkcs11_get_property (GObject    *object,
   switch (prop_id)
     {
     case PROP_CERTIFICATE_URI:
-      g_value_set_string (value, self->priv->certificate_uri);
+      g_value_set_string (value, self->certificate_uri);
       break;
     case PROP_PRIVATE_KEY_URI:
-      g_value_set_string (value, self->priv->private_key_uri);
+      g_value_set_string (value, self->private_key_uri);
       break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@@ -93,12 +95,12 @@ g_tls_certificate_gnutls_pkcs11_set_property (GObject      *object,
   switch (prop_id)
     {
     case PROP_CERTIFICATE_URI:
-      g_free (self->priv->certificate_uri);
-      self->priv->certificate_uri = g_value_dup_string (value);
+      g_free (self->certificate_uri);
+      self->certificate_uri = g_value_dup_string (value);
       break;
     case PROP_PRIVATE_KEY_URI:
-      g_free (self->priv->private_key_uri);
-      self->priv->private_key_uri = g_value_dup_string (value);
+      g_free (self->private_key_uri);
+      self->private_key_uri = g_value_dup_string (value);
       break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@@ -108,9 +110,6 @@ g_tls_certificate_gnutls_pkcs11_set_property (GObject      *object,
 static void
 g_tls_certificate_gnutls_pkcs11_init (GTlsCertificateGnutlsPkcs11 *self)
 {
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11,
-                                            GTlsCertificateGnutlsPkcs11Private);
 }
 
 static void
@@ -151,8 +150,6 @@ g_tls_certificate_gnutls_pkcs11_class_init (GTlsCertificateGnutlsPkcs11Class *kl
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GTlsCertificateGnutlsClass *gnutls_class = G_TLS_CERTIFICATE_GNUTLS_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsCertificateGnutlsPkcs11Private));
-
   gobject_class->get_property = g_tls_certificate_gnutls_pkcs11_get_property;
   gobject_class->set_property = g_tls_certificate_gnutls_pkcs11_set_property;
   gobject_class->finalize     = g_tls_certificate_gnutls_pkcs11_finalize;
@@ -202,22 +199,22 @@ g_tls_certificate_gnutls_pkcs11_build_certificate_uri (GTlsCertificateGnutlsPkcs
                                                        const gchar *interaction_id)
 {
   g_return_val_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS_PKCS11 (self), NULL);
-  if (self->priv->certificate_uri == NULL)
+  if (self->certificate_uri == NULL)
     return NULL;
   else if (interaction_id)
-    return g_strdup_printf ("%s;pinfile=%s", self->priv->certificate_uri, interaction_id);
+    return g_strdup_printf ("%s;pinfile=%s", self->certificate_uri, interaction_id);
   else
-    return g_strdup (self->priv->certificate_uri);
+    return g_strdup (self->certificate_uri);
 }
 
 gchar *
 g_tls_certificate_gnutls_pkcs11_build_private_key_uri (GTlsCertificateGnutlsPkcs11 *self,
                                                        const gchar *interaction_id)
 {
-  if (self->priv->private_key_uri == NULL)
+  if (self->private_key_uri == NULL)
     return NULL;
   else if (interaction_id)
-    return g_strdup_printf ("%s;pinfile=%s", self->priv->private_key_uri, interaction_id);
+    return g_strdup_printf ("%s;pinfile=%s", self->private_key_uri, interaction_id);
   else
-    return g_strdup (self->priv->private_key_uri);
+    return g_strdup (self->private_key_uri);
 }
diff --git a/tls/gnutls/gtlscertificate-gnutls-pkcs11.h b/tls/gnutls/gtlscertificate-gnutls-pkcs11.h
index 5d655ac..f19b18e 100644
--- a/tls/gnutls/gtlscertificate-gnutls-pkcs11.h
+++ b/tls/gnutls/gtlscertificate-gnutls-pkcs11.h
@@ -35,28 +35,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11            (g_tls_certificate_gnutls_pkcs11_get_type ())
-#define G_TLS_CERTIFICATE_GNUTLS_PKCS11(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11, GTlsCertificateGnutlsPkcs11))
-#define G_TLS_CERTIFICATE_GNUTLS_PKCS11_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11, GTlsCertificateGnutlsPkcs11Class))
-#define G_IS_TLS_CERTIFICATE_GNUTLS_PKCS11(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11))
-#define G_IS_TLS_CERTIFICATE_GNUTLS_PKCS11_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11))
-#define G_TLS_CERTIFICATE_GNUTLS_PKCS11_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_CERTIFICATE_GNUTLS_PKCS11, GTlsCertificateGnutlsPkcs11Class))
 
-typedef struct _GTlsCertificateGnutlsPkcs11Private                   GTlsCertificateGnutlsPkcs11Private;
-typedef struct _GTlsCertificateGnutlsPkcs11Class                     GTlsCertificateGnutlsPkcs11Class;
-typedef struct _GTlsCertificateGnutlsPkcs11                          GTlsCertificateGnutlsPkcs11;
-
-struct _GTlsCertificateGnutlsPkcs11Class
-{
-  GTlsCertificateGnutlsClass parent_class;
-};
-
-struct _GTlsCertificateGnutlsPkcs11
-{
-  GTlsCertificateGnutls parent_instance;
-  GTlsCertificateGnutlsPkcs11Private *priv;
-};
-
-GType              g_tls_certificate_gnutls_pkcs11_get_type              (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE (GTlsCertificateGnutlsPkcs11, g_tls_certificate_gnutls_pkcs11, G, 
TLS_CERTIFICATE_GNUTLS_PKCS11, GTlsCertificateGnutls)
 
 GTlsCertificate *  g_tls_certificate_gnutls_pkcs11_new                   (gpointer        certificate_der,
                                                                           gsize           
certificate_der_length,
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index 4151645..b4263c8 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -31,12 +31,6 @@
 #include "gtlscertificate-gnutls.h"
 #include <glib/gi18n-lib.h>
 
-static void     g_tls_certificate_gnutls_initable_iface_init (GInitableIface  *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsCertificateGnutls, g_tls_certificate_gnutls, G_TYPE_TLS_CERTIFICATE,
-                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                                g_tls_certificate_gnutls_initable_iface_init);)
-
 enum
 {
   PROP_0,
@@ -48,7 +42,7 @@ enum
   PROP_ISSUER
 };
 
-struct _GTlsCertificateGnutlsPrivate
+typedef struct
 {
   gnutls_x509_crt_t cert;
   gnutls_x509_privkey_t key;
@@ -59,21 +53,29 @@ struct _GTlsCertificateGnutlsPrivate
 
   guint have_cert : 1;
   guint have_key  : 1;
-};
+} GTlsCertificateGnutlsPrivate;
+
+static void     g_tls_certificate_gnutls_initable_iface_init (GInitableIface  *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsCertificateGnutls, g_tls_certificate_gnutls, G_TYPE_TLS_CERTIFICATE,
+                         G_ADD_PRIVATE (GTlsCertificateGnutls);
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_certificate_gnutls_initable_iface_init);)
 
 static void
 g_tls_certificate_gnutls_finalize (GObject *object)
 {
   GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
 
-  gnutls_x509_crt_deinit (gnutls->priv->cert);
-  if (gnutls->priv->key)
-    gnutls_x509_privkey_deinit (gnutls->priv->key);
+  gnutls_x509_crt_deinit (priv->cert);
+  if (priv->key)
+    gnutls_x509_privkey_deinit (priv->key);
 
-  if (gnutls->priv->issuer)
-    g_object_unref (gnutls->priv->issuer);
+  if (priv->issuer)
+    g_object_unref (priv->issuer);
 
-  g_clear_error (&gnutls->priv->construct_error);
+  g_clear_error (&priv->construct_error);
 
   G_OBJECT_CLASS (g_tls_certificate_gnutls_parent_class)->finalize (object);
 }
@@ -85,6 +87,7 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
                                        GParamSpec *pspec)
 {
   GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
   GByteArray *certificate;
   char *certificate_pem;
   int status;
@@ -94,7 +97,7 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
     {
     case PROP_CERTIFICATE:
       size = 0;
-      status = gnutls_x509_crt_export (gnutls->priv->cert,
+      status = gnutls_x509_crt_export (priv->cert,
                                        GNUTLS_X509_FMT_DER,
                                        NULL, &size);
       if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
@@ -103,7 +106,7 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
         {
           certificate = g_byte_array_sized_new (size);
           certificate->len = size;
-          status = gnutls_x509_crt_export (gnutls->priv->cert,
+          status = gnutls_x509_crt_export (priv->cert,
                                            GNUTLS_X509_FMT_DER,
                                            certificate->data, &size);
           if (status != 0)
@@ -117,7 +120,7 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
 
     case PROP_CERTIFICATE_PEM:
       size = 0;
-      status = gnutls_x509_crt_export (gnutls->priv->cert,
+      status = gnutls_x509_crt_export (priv->cert,
                                        GNUTLS_X509_FMT_PEM,
                                        NULL, &size);
       if (status != GNUTLS_E_SHORT_MEMORY_BUFFER)
@@ -125,7 +128,7 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
       else
         {
           certificate_pem = g_malloc (size);
-          status = gnutls_x509_crt_export (gnutls->priv->cert,
+          status = gnutls_x509_crt_export (priv->cert,
                                            GNUTLS_X509_FMT_PEM,
                                            certificate_pem, &size);
           if (status != 0)
@@ -138,7 +141,7 @@ g_tls_certificate_gnutls_get_property (GObject    *object,
       break;
 
     case PROP_ISSUER:
-      g_value_set_object (value, gnutls->priv->issuer);
+      g_value_set_object (value, priv->issuer);
       break;
 
     default:
@@ -153,6 +156,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
                                        GParamSpec   *pspec)
 {
   GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (object);
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
   GByteArray *bytes;
   const char *string;
   gnutls_datum_t data;
@@ -164,16 +168,16 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (gnutls->priv->have_cert == FALSE);
+      g_return_if_fail (priv->have_cert == FALSE);
       data.data = bytes->data;
       data.size = bytes->len;
-      status = gnutls_x509_crt_import (gnutls->priv->cert, &data,
+      status = gnutls_x509_crt_import (priv->cert, &data,
                                        GNUTLS_X509_FMT_DER);
       if (status == 0)
-        gnutls->priv->have_cert = TRUE;
-      else if (!gnutls->priv->construct_error)
+        priv->have_cert = TRUE;
+      else if (!priv->construct_error)
         {
-          gnutls->priv->construct_error =
+          priv->construct_error =
             g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                          _("Could not parse DER certificate: %s"),
                          gnutls_strerror (status));
@@ -185,16 +189,16 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->priv->have_cert == FALSE);
+      g_return_if_fail (priv->have_cert == FALSE);
       data.data = (void *)string;
       data.size = strlen (string);
-      status = gnutls_x509_crt_import (gnutls->priv->cert, &data,
+      status = gnutls_x509_crt_import (priv->cert, &data,
                                        GNUTLS_X509_FMT_PEM);
       if (status == 0)
-        gnutls->priv->have_cert = TRUE;
-      else if (!gnutls->priv->construct_error)
+        priv->have_cert = TRUE;
+      else if (!priv->construct_error)
         {
-          gnutls->priv->construct_error =
+          priv->construct_error =
             g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                          _("Could not parse PEM certificate: %s"),
                          gnutls_strerror (status));
@@ -205,27 +209,27 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       bytes = g_value_get_boxed (value);
       if (!bytes)
         break;
-      g_return_if_fail (gnutls->priv->have_key == FALSE);
+      g_return_if_fail (priv->have_key == FALSE);
       data.data = bytes->data;
       data.size = bytes->len;
-      if (!gnutls->priv->key)
-        gnutls_x509_privkey_init (&gnutls->priv->key);
-      status = gnutls_x509_privkey_import (gnutls->priv->key, &data,
+      if (!priv->key)
+        gnutls_x509_privkey_init (&priv->key);
+      status = gnutls_x509_privkey_import (priv->key, &data,
                                            GNUTLS_X509_FMT_DER);
       if (status != 0)
         {
           int pkcs8_status =
-            gnutls_x509_privkey_import_pkcs8 (gnutls->priv->key, &data,
+            gnutls_x509_privkey_import_pkcs8 (priv->key, &data,
                                               GNUTLS_X509_FMT_DER, NULL,
                                               GNUTLS_PKCS_PLAIN);
           if (pkcs8_status == 0)
             status = 0;
         }
       if (status == 0)
-        gnutls->priv->have_key = TRUE;
-      else if (!gnutls->priv->construct_error)
+        priv->have_key = TRUE;
+      else if (!priv->construct_error)
         {
-          gnutls->priv->construct_error =
+          priv->construct_error =
             g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                          _("Could not parse DER private key: %s"),
                          gnutls_strerror (status));
@@ -236,27 +240,27 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       string = g_value_get_string (value);
       if (!string)
         break;
-      g_return_if_fail (gnutls->priv->have_key == FALSE);
+      g_return_if_fail (priv->have_key == FALSE);
       data.data = (void *)string;
       data.size = strlen (string);
-      if (!gnutls->priv->key)
-        gnutls_x509_privkey_init (&gnutls->priv->key);
-      status = gnutls_x509_privkey_import (gnutls->priv->key, &data,
+      if (!priv->key)
+        gnutls_x509_privkey_init (&priv->key);
+      status = gnutls_x509_privkey_import (priv->key, &data,
                                            GNUTLS_X509_FMT_PEM);
       if (status != 0)
         {
           int pkcs8_status =
-            gnutls_x509_privkey_import_pkcs8 (gnutls->priv->key, &data,
+            gnutls_x509_privkey_import_pkcs8 (priv->key, &data,
                                               GNUTLS_X509_FMT_PEM, NULL,
                                               GNUTLS_PKCS_PLAIN);
           if (pkcs8_status == 0)
             status = 0;
         }
       if (status == 0)
-        gnutls->priv->have_key = TRUE;
-      else if (!gnutls->priv->construct_error)
+        priv->have_key = TRUE;
+      else if (!priv->construct_error)
         {
-          gnutls->priv->construct_error =
+          priv->construct_error =
             g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                          _("Could not parse PEM private key: %s"),
                          gnutls_strerror (status));
@@ -264,7 +268,7 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
       break;
 
     case PROP_ISSUER:
-      gnutls->priv->issuer = g_value_dup_object (value);
+      priv->issuer = g_value_dup_object (value);
       break;
 
     default:
@@ -275,11 +279,9 @@ g_tls_certificate_gnutls_set_property (GObject      *object,
 static void
 g_tls_certificate_gnutls_init (GTlsCertificateGnutls *gnutls)
 {
-  gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls,
-                                              G_TYPE_TLS_CERTIFICATE_GNUTLS,
-                                              GTlsCertificateGnutlsPrivate);
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
 
-  gnutls_x509_crt_init (&gnutls->priv->cert);
+  gnutls_x509_crt_init (&priv->cert);
 }
 
 static gboolean
@@ -288,14 +290,15 @@ g_tls_certificate_gnutls_initable_init (GInitable       *initable,
                                         GError         **error)
 {
   GTlsCertificateGnutls *gnutls = G_TLS_CERTIFICATE_GNUTLS (initable);
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
 
-  if (gnutls->priv->construct_error)
+  if (priv->construct_error)
     {
-      g_propagate_error (error, gnutls->priv->construct_error);
-      gnutls->priv->construct_error = NULL;
+      g_propagate_error (error, priv->construct_error);
+      priv->construct_error = NULL;
       return FALSE;
     }
-  else if (!gnutls->priv->have_cert)
+  else if (!priv->have_cert)
     {
       g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                            _("No certificate data provided"));
@@ -317,20 +320,33 @@ g_tls_certificate_gnutls_verify (GTlsCertificate     *cert,
   time_t t, now;
 
   cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert);
-  for (num_certs = 0; cert_gnutls; cert_gnutls = cert_gnutls->priv->issuer)
-    num_certs++;
+  num_certs = 0;
+  do
+    {
+      GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (cert_gnutls);
+      cert_gnutls = priv->issuer;
+      num_certs++;
+    }
+  while (cert_gnutls);
+
   chain = g_new (gnutls_x509_crt_t, num_certs);
   cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert);
-  for (i = 0; cert_gnutls; cert_gnutls = cert_gnutls->priv->issuer, i++)
-    chain[i] = cert_gnutls->priv->cert;
+  for (i = 0; i < num_certs; i++)
+    {
+      GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (cert_gnutls);
+      chain[i] = priv->cert;
+      cert_gnutls = priv->issuer;
+    }
+  g_assert (!cert_gnutls);
 
   if (trusted_ca)
     {
+      GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private 
(G_TLS_CERTIFICATE_GNUTLS (trusted_ca));
       gnutls_x509_crt_t ca;
       guint gnutls_flags;
       int status;
 
-      ca = G_TLS_CERTIFICATE_GNUTLS (trusted_ca)->priv->cert;
+      ca = priv->cert;
       status = gnutls_x509_crt_list_verify (chain, num_certs,
                                             &ca, 1,
                                             NULL, 0,
@@ -388,8 +404,9 @@ g_tls_certificate_gnutls_real_copy (GTlsCertificateGnutls    *gnutls,
   chain = gnutls;
   while (chain != NULL)
     {
+      GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (chain);
       num_certs++;
-      chain = chain->priv->issuer;
+      chain = priv->issuer;
     }
 
   st->ncerts = 0;
@@ -399,11 +416,13 @@ g_tls_certificate_gnutls_real_copy (GTlsCertificateGnutls    *gnutls,
   chain = gnutls;
   while (chain != NULL)
     {
-      gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
+      GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (chain);
+
+      gnutls_x509_crt_export (priv->cert, GNUTLS_X509_FMT_DER,
                               NULL, &size);
       data.data = g_malloc (size);
       data.size = size;
-      gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
+      gnutls_x509_crt_export (priv->cert, GNUTLS_X509_FMT_DER,
                               data.data, &size);
 
       gnutls_x509_crt_init (&cert);
@@ -414,14 +433,18 @@ g_tls_certificate_gnutls_real_copy (GTlsCertificateGnutls    *gnutls,
       st->cert.x509[st->ncerts] = cert;
       st->ncerts++;
 
-      chain = chain->priv->issuer;
+      chain = priv->issuer;
     }
 
-  if (gnutls->priv->key != NULL)
     {
-      gnutls_x509_privkey_init (&st->key.x509);
-      gnutls_x509_privkey_cpy (st->key.x509, gnutls->priv->key);
-      st->key_type = GNUTLS_PRIVKEY_X509;
+      GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
+
+      if (priv->key != NULL)
+        {
+          gnutls_x509_privkey_init (&st->key.x509);
+          gnutls_x509_privkey_cpy (st->key.x509, priv->key);
+          st->key_type = GNUTLS_PRIVKEY_X509;
+        }
     }
 
   st->deinit_all = TRUE;
@@ -433,8 +456,6 @@ g_tls_certificate_gnutls_class_init (GTlsCertificateGnutlsClass *klass)
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GTlsCertificateClass *certificate_class = G_TLS_CERTIFICATE_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsCertificateGnutlsPrivate));
-
   gobject_class->get_property = g_tls_certificate_gnutls_get_property;
   gobject_class->set_property = g_tls_certificate_gnutls_set_property;
   gobject_class->finalize     = g_tls_certificate_gnutls_finalize;
@@ -474,24 +495,30 @@ void
 g_tls_certificate_gnutls_set_data (GTlsCertificateGnutls *gnutls,
                                    const gnutls_datum_t  *datum)
 {
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
+
   g_return_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls));
-  g_return_if_fail (!gnutls->priv->have_cert);
+  g_return_if_fail (!priv->have_cert);
 
-  if (gnutls_x509_crt_import (gnutls->priv->cert, datum,
+  if (gnutls_x509_crt_import (priv->cert, datum,
                               GNUTLS_X509_FMT_DER) == 0)
-    gnutls->priv->have_cert = TRUE;
+    priv->have_cert = TRUE;
 }
 
 const gnutls_x509_crt_t
 g_tls_certificate_gnutls_get_cert (GTlsCertificateGnutls *gnutls)
 {
-  return gnutls->priv->cert;
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
+
+  return priv->cert;
 }
 
 gboolean
 g_tls_certificate_gnutls_has_key (GTlsCertificateGnutls *gnutls)
 {
-  return gnutls->priv->have_key;
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
+
+  return priv->have_key;
 }
 
 void
@@ -552,6 +579,7 @@ static gboolean
 verify_identity_hostname (GTlsCertificateGnutls *gnutls,
                           GSocketConnectable    *identity)
 {
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
   const char *hostname;
 
   if (G_IS_NETWORK_ADDRESS (identity))
@@ -561,13 +589,14 @@ verify_identity_hostname (GTlsCertificateGnutls *gnutls,
   else
     return FALSE;
 
-  return gnutls_x509_crt_check_hostname (gnutls->priv->cert, hostname);
+  return gnutls_x509_crt_check_hostname (priv->cert, hostname);
 }
 
 static gboolean
 verify_identity_ip (GTlsCertificateGnutls *gnutls,
                     GSocketConnectable    *identity)
 {
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
   GInetAddress *addr;
   int i, ret = 0;
   gsize addr_size;
@@ -599,7 +628,7 @@ verify_identity_ip (GTlsCertificateGnutls *gnutls,
       size_t san_size;
 
       san_size = sizeof (san);
-      ret = gnutls_x509_crt_get_subject_alt_name (gnutls->priv->cert, i,
+      ret = gnutls_x509_crt_get_subject_alt_name (priv->cert, i,
                                                   san, &san_size, NULL);
 
       if ((ret == GNUTLS_SAN_IPADDRESS) && (addr_size == san_size))
@@ -636,14 +665,16 @@ void
 g_tls_certificate_gnutls_set_issuer (GTlsCertificateGnutls *gnutls,
                                      GTlsCertificateGnutls *issuer)
 {
+  GTlsCertificateGnutlsPrivate *priv = g_tls_certificate_gnutls_get_instance_private (gnutls);
+
   g_return_if_fail (G_IS_TLS_CERTIFICATE_GNUTLS (gnutls));
   g_return_if_fail (!issuer || G_IS_TLS_CERTIFICATE_GNUTLS (issuer));
 
   if (issuer)
     g_object_ref (issuer);
-  if (gnutls->priv->issuer)
-    g_object_unref (gnutls->priv->issuer);
-  gnutls->priv->issuer = issuer;
+  if (priv->issuer)
+    g_object_unref (priv->issuer);
+  priv->issuer = issuer;
   g_object_notify (G_OBJECT (gnutls), "issuer");
 }
 
diff --git a/tls/gnutls/gtlscertificate-gnutls.h b/tls/gnutls/gtlscertificate-gnutls.h
index c7de067..a6450ec 100644
--- a/tls/gnutls/gtlscertificate-gnutls.h
+++ b/tls/gnutls/gtlscertificate-gnutls.h
@@ -31,15 +31,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_CERTIFICATE_GNUTLS            (g_tls_certificate_gnutls_get_type ())
-#define G_TLS_CERTIFICATE_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_CERTIFICATE_GNUTLS, GTlsCertificateGnutls))
-#define G_TLS_CERTIFICATE_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_CERTIFICATE_GNUTLS, GTlsCertificateGnutlsClass))
-#define G_IS_TLS_CERTIFICATE_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_CERTIFICATE_GNUTLS))
-#define G_IS_TLS_CERTIFICATE_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_CERTIFICATE_GNUTLS))
-#define G_TLS_CERTIFICATE_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_CERTIFICATE_GNUTLS, GTlsCertificateGnutlsClass))
 
-typedef struct _GTlsCertificateGnutlsPrivate                   GTlsCertificateGnutlsPrivate;
-typedef struct _GTlsCertificateGnutlsClass                     GTlsCertificateGnutlsClass;
-typedef struct _GTlsCertificateGnutls                          GTlsCertificateGnutls;
+G_DECLARE_DERIVABLE_TYPE (GTlsCertificateGnutls, g_tls_certificate_gnutls, G, TLS_CERTIFICATE_GNUTLS, 
GTlsCertificate)
 
 struct _GTlsCertificateGnutlsClass
 {
@@ -50,14 +43,6 @@ struct _GTlsCertificateGnutlsClass
                                            gnutls_retr2_st          *st);
 };
 
-struct _GTlsCertificateGnutls
-{
-  GTlsCertificate parent_instance;
-  GTlsCertificateGnutlsPrivate *priv;
-};
-
-GType g_tls_certificate_gnutls_get_type (void) G_GNUC_CONST;
-
 GTlsCertificate *            g_tls_certificate_gnutls_new             (const gnutls_datum_t  *datum,
                                                                        GTlsCertificate       *issuer);
 
diff --git a/tls/gnutls/gtlsclientconnection-gnutls.c b/tls/gnutls/gtlsclientconnection-gnutls.c
index 894efbf..97cb821 100644
--- a/tls/gnutls/gtlsclientconnection-gnutls.c
+++ b/tls/gnutls/gtlsclientconnection-gnutls.c
@@ -44,6 +44,23 @@ enum
   PROP_ACCEPTED_CAS
 };
 
+struct _GTlsClientConnectionGnutls
+{
+  GTlsConnectionGnutls parent_instance;
+
+  GTlsCertificateFlags validation_flags;
+  GSocketConnectable *server_identity;
+  gboolean use_ssl3;
+  gboolean session_data_override;
+
+  GBytes *session_id;
+  GBytes *session_data;
+
+  gboolean cert_requested;
+  GError *cert_error;
+  GPtrArray *accepted_cas;
+};
+
 static void     g_tls_client_connection_gnutls_initable_interface_init (GInitableIface  *iface);
 
 static void g_tls_client_connection_gnutls_client_connection_interface_init (GTlsClientConnectionInterface 
*iface);
@@ -66,29 +83,12 @@ G_DEFINE_TYPE_WITH_CODE (GTlsClientConnectionGnutls, g_tls_client_connection_gnu
                          G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CLIENT_CONNECTION,
                                                 
g_tls_client_connection_gnutls_dtls_client_connection_interface_init));
 
-struct _GTlsClientConnectionGnutlsPrivate
-{
-  GTlsCertificateFlags validation_flags;
-  GSocketConnectable *server_identity;
-  gboolean use_ssl3;
-  gboolean session_data_override;
-
-  GBytes *session_id;
-  GBytes *session_data;
-
-  gboolean cert_requested;
-  GError *cert_error;
-  GPtrArray *accepted_cas;
-};
-
 
 static void
 g_tls_client_connection_gnutls_init (GTlsClientConnectionGnutls *gnutls)
 {
   gnutls_certificate_credentials_t creds;
 
-  gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls, G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS, 
GTlsClientConnectionGnutlsPrivate);
-
   creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
   gnutls_certificate_set_retrieve_function (creds, g_tls_client_connection_gnutls_retrieve_function);
 }
@@ -96,10 +96,10 @@ g_tls_client_connection_gnutls_init (GTlsClientConnectionGnutls *gnutls)
 static const gchar *
 get_server_identity (GTlsClientConnectionGnutls *gnutls)
 {
-  if (G_IS_NETWORK_ADDRESS (gnutls->priv->server_identity))
-    return g_network_address_get_hostname (G_NETWORK_ADDRESS (gnutls->priv->server_identity));
-  else if (G_IS_NETWORK_SERVICE (gnutls->priv->server_identity))
-    return g_network_service_get_domain (G_NETWORK_SERVICE (gnutls->priv->server_identity));
+  if (G_IS_NETWORK_ADDRESS (gnutls->server_identity))
+    return g_network_address_get_hostname (G_NETWORK_ADDRESS (gnutls->server_identity));
+  else if (G_IS_NETWORK_SERVICE (gnutls->server_identity))
+    return g_network_service_get_domain (G_NETWORK_SERVICE (gnutls->server_identity));
   else
     return NULL;
 }
@@ -156,7 +156,7 @@ g_tls_client_connection_gnutls_compute_session_id (GTlsClientConnectionGnutls *g
                                         server_hostname ? server_hostname : "",
                                         port,
                                         cert_hash ?: "");
-          gnutls->priv->session_id = g_bytes_new_take (session_id, strlen (session_id));
+          gnutls->session_id = g_bytes_new_take (session_id, strlen (session_id));
           g_free (addrstr);
           g_free (cert_hash);
         }
@@ -170,11 +170,11 @@ g_tls_client_connection_gnutls_finalize (GObject *object)
 {
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (object);
 
-  g_clear_object (&gnutls->priv->server_identity);
-  g_clear_pointer (&gnutls->priv->accepted_cas, g_ptr_array_unref);
-  g_clear_pointer (&gnutls->priv->session_id, g_bytes_unref);
-  g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
-  g_clear_error (&gnutls->priv->cert_error);
+  g_clear_object (&gnutls->server_identity);
+  g_clear_pointer (&gnutls->accepted_cas, g_ptr_array_unref);
+  g_clear_pointer (&gnutls->session_id, g_bytes_unref);
+  g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+  g_clear_error (&gnutls->cert_error);
 
   G_OBJECT_CLASS (g_tls_client_connection_gnutls_parent_class)->finalize (object);
 }
@@ -216,25 +216,25 @@ g_tls_client_connection_gnutls_get_property (GObject    *object,
   switch (prop_id)
     {
     case PROP_VALIDATION_FLAGS:
-      g_value_set_flags (value, gnutls->priv->validation_flags);
+      g_value_set_flags (value, gnutls->validation_flags);
       break;
 
     case PROP_SERVER_IDENTITY:
-      g_value_set_object (value, gnutls->priv->server_identity);
+      g_value_set_object (value, gnutls->server_identity);
       break;
 
     case PROP_USE_SSL3:
-      g_value_set_boolean (value, gnutls->priv->use_ssl3);
+      g_value_set_boolean (value, gnutls->use_ssl3);
       break;
 
     case PROP_ACCEPTED_CAS:
       accepted_cas = NULL;
-      if (gnutls->priv->accepted_cas)
+      if (gnutls->accepted_cas)
         {
-          for (i = 0; i < gnutls->priv->accepted_cas->len; ++i)
+          for (i = 0; i < gnutls->accepted_cas->len; ++i)
             {
               accepted_cas = g_list_prepend (accepted_cas, g_byte_array_ref (
-                                             gnutls->priv->accepted_cas->pdata[i]));
+                                             gnutls->accepted_cas->pdata[i]));
             }
           accepted_cas = g_list_reverse (accepted_cas);
         }
@@ -258,13 +258,13 @@ g_tls_client_connection_gnutls_set_property (GObject      *object,
   switch (prop_id)
     {
     case PROP_VALIDATION_FLAGS:
-      gnutls->priv->validation_flags = g_value_get_flags (value);
+      gnutls->validation_flags = g_value_get_flags (value);
       break;
 
     case PROP_SERVER_IDENTITY:
-      if (gnutls->priv->server_identity)
-        g_object_unref (gnutls->priv->server_identity);
-      gnutls->priv->server_identity = g_value_dup_object (value);
+      if (gnutls->server_identity)
+        g_object_unref (gnutls->server_identity);
+      gnutls->server_identity = g_value_dup_object (value);
 
       hostname = get_server_identity (gnutls);
       if (hostname)
@@ -282,7 +282,7 @@ g_tls_client_connection_gnutls_set_property (GObject      *object,
       break;
 
     case PROP_USE_SSL3:
-      gnutls->priv->use_ssl3 = g_value_get_boolean (value);
+      gnutls->use_ssl3 = g_value_get_boolean (value);
       break;
 
     default:
@@ -304,7 +304,7 @@ g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t             s
   GByteArray *dn;
   int i;
 
-  gnutls->priv->cert_requested = TRUE;
+  gnutls->cert_requested = TRUE;
 
   accepted_cas = g_ptr_array_new_with_free_func ((GDestroyNotify)g_byte_array_unref);
   for (i = 0; i < nreqs; i++)
@@ -314,17 +314,17 @@ g_tls_client_connection_gnutls_retrieve_function (gnutls_session_t             s
       g_ptr_array_add (accepted_cas, dn);
     }
 
-  if (gnutls->priv->accepted_cas)
-    g_ptr_array_unref (gnutls->priv->accepted_cas);
-  gnutls->priv->accepted_cas = accepted_cas;
+  if (gnutls->accepted_cas)
+    g_ptr_array_unref (gnutls->accepted_cas);
+  gnutls->accepted_cas = accepted_cas;
   g_object_notify (G_OBJECT (gnutls), "accepted-cas");
 
   g_tls_connection_gnutls_get_certificate (conn, st);
 
   if (st->ncerts == 0)
     {
-      g_clear_error (&gnutls->priv->cert_error);
-      if (g_tls_connection_gnutls_request_certificate (conn, &gnutls->priv->cert_error))
+      g_clear_error (&gnutls->cert_error);
+      if (g_tls_connection_gnutls_request_certificate (conn, &gnutls->cert_error))
         g_tls_connection_gnutls_get_certificate (conn, st);
     }
 
@@ -336,10 +336,10 @@ g_tls_client_connection_gnutls_failed (GTlsConnectionGnutls *conn)
 {
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
 
-  gnutls->priv->session_data_override = FALSE;
-  g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
-  if (gnutls->priv->session_id)
-    g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
+  gnutls->session_data_override = FALSE;
+  g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+  if (gnutls->session_id)
+    g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->session_id);
 }
 
 static void
@@ -350,28 +350,28 @@ g_tls_client_connection_gnutls_begin_handshake (GTlsConnectionGnutls *conn)
   g_tls_client_connection_gnutls_compute_session_id (gnutls);
 
   /* Try to get a cached session */
-  if (gnutls->priv->session_data_override)
+  if (gnutls->session_data_override)
     {
       gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
-                               g_bytes_get_data (gnutls->priv->session_data, NULL),
-                               g_bytes_get_size (gnutls->priv->session_data));
+                               g_bytes_get_data (gnutls->session_data, NULL),
+                               g_bytes_get_size (gnutls->session_data));
     }
-  else if (gnutls->priv->session_id)
+  else if (gnutls->session_id)
     {
       GBytes *session_data;
 
-      session_data = g_tls_backend_gnutls_lookup_session (GNUTLS_CLIENT, gnutls->priv->session_id);
+      session_data = g_tls_backend_gnutls_lookup_session (GNUTLS_CLIENT, gnutls->session_id);
       if (session_data)
         {
           gnutls_session_set_data (g_tls_connection_gnutls_get_session (conn),
                                    g_bytes_get_data (session_data, NULL),
                                    g_bytes_get_size (session_data));
-          g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
-          gnutls->priv->session_data = session_data;
+          g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+          gnutls->session_data = session_data;
         }
     }
 
-  gnutls->priv->cert_requested = FALSE;
+  gnutls->cert_requested = FALSE;
 }
 
 static void
@@ -384,13 +384,13 @@ g_tls_client_connection_gnutls_finish_handshake (GTlsConnectionGnutls  *conn,
   g_assert (inout_error != NULL);
 
   if (g_error_matches (*inout_error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS) &&
-      gnutls->priv->cert_requested)
+      gnutls->cert_requested)
     {
       g_clear_error (inout_error);
-      if (gnutls->priv->cert_error)
+      if (gnutls->cert_error)
         {
-          *inout_error = gnutls->priv->cert_error;
-          gnutls->priv->cert_error = NULL;
+          *inout_error = gnutls->cert_error;
+          gnutls->cert_error = NULL;
         }
       else
         {
@@ -403,10 +403,10 @@ g_tls_client_connection_gnutls_finish_handshake (GTlsConnectionGnutls  *conn,
   if (*inout_error || !resumed)
     {
       /* Clear session data since the server did not accept what we provided. */
-      gnutls->priv->session_data_override = FALSE;
-      g_clear_pointer (&gnutls->priv->session_data, g_bytes_unref);
-      if (gnutls->priv->session_id)
-        g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->priv->session_id);
+      gnutls->session_data_override = FALSE;
+      g_clear_pointer (&gnutls->session_data, g_bytes_unref);
+      if (gnutls->session_id)
+        g_tls_backend_gnutls_remove_session (GNUTLS_CLIENT, gnutls->session_id);
     }
 
   if (!*inout_error && !resumed)
@@ -416,15 +416,15 @@ g_tls_client_connection_gnutls_finish_handshake (GTlsConnectionGnutls  *conn,
       if (gnutls_session_get_data2 (g_tls_connection_gnutls_get_session (conn),
                                     &session_datum) == 0)
         {
-          gnutls->priv->session_data = g_bytes_new_with_free_func (session_datum.data,
-                                                                   session_datum.size,
-                                                                   (GDestroyNotify)gnutls_free,
-                                                                   session_datum.data);
+          gnutls->session_data = g_bytes_new_with_free_func (session_datum.data,
+                                                             session_datum.size,
+                                                             (GDestroyNotify)gnutls_free,
+                                                             session_datum.data);
 
-          if (gnutls->priv->session_id)
+          if (gnutls->session_id)
             g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
-                                                gnutls->priv->session_id,
-                                                gnutls->priv->session_data);
+                                                gnutls->session_id,
+                                                gnutls->session_data);
         }
     }
 }
@@ -436,15 +436,15 @@ g_tls_client_connection_gnutls_copy_session_state (GTlsClientConnection *conn,
   GTlsClientConnectionGnutls *gnutls = G_TLS_CLIENT_CONNECTION_GNUTLS (conn);
   GTlsClientConnectionGnutls *gnutls_source = G_TLS_CLIENT_CONNECTION_GNUTLS (source);
 
-  if (gnutls_source->priv->session_data)
+  if (gnutls_source->session_data)
     {
-      gnutls->priv->session_data_override = TRUE;
-      gnutls->priv->session_data = g_bytes_ref (gnutls_source->priv->session_data);
+      gnutls->session_data_override = TRUE;
+      gnutls->session_data = g_bytes_ref (gnutls_source->session_data);
 
-      if (gnutls->priv->session_id)
+      if (gnutls->session_id)
         g_tls_backend_gnutls_store_session (GNUTLS_CLIENT,
-                                            gnutls->priv->session_id,
-                                            gnutls->priv->session_data);
+                                            gnutls->session_id,
+                                            gnutls->session_data);
     }
 }
 
@@ -454,8 +454,6 @@ g_tls_client_connection_gnutls_class_init (GTlsClientConnectionGnutlsClass *klas
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GTlsConnectionGnutlsClass *connection_gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsClientConnectionGnutlsPrivate));
-
   gobject_class->get_property = g_tls_client_connection_gnutls_get_property;
   gobject_class->set_property = g_tls_client_connection_gnutls_set_property;
   gobject_class->finalize     = g_tls_client_connection_gnutls_finalize;
diff --git a/tls/gnutls/gtlsclientconnection-gnutls.h b/tls/gnutls/gtlsclientconnection-gnutls.h
index bd2cca9..87b88fc 100644
--- a/tls/gnutls/gtlsclientconnection-gnutls.h
+++ b/tls/gnutls/gtlsclientconnection-gnutls.h
@@ -30,28 +30,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS            (g_tls_client_connection_gnutls_get_type ())
-#define G_TLS_CLIENT_CONNECTION_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS, GTlsClientConnectionGnutls))
-#define G_TLS_CLIENT_CONNECTION_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS, GTlsClientConnectionGnutlsClass))
-#define G_IS_TLS_CLIENT_CONNECTION_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS))
-#define G_IS_TLS_CLIENT_CONNECTION_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS))
-#define G_TLS_CLIENT_CONNECTION_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_CLIENT_CONNECTION_GNUTLS, GTlsClientConnectionGnutlsClass))
 
-typedef struct _GTlsClientConnectionGnutlsPrivate GTlsClientConnectionGnutlsPrivate;
-typedef struct _GTlsClientConnectionGnutlsClass   GTlsClientConnectionGnutlsClass;
-typedef struct _GTlsClientConnectionGnutls        GTlsClientConnectionGnutls;
-
-struct _GTlsClientConnectionGnutlsClass
-{
-  GTlsConnectionGnutlsClass parent_class;
-};
-
-struct _GTlsClientConnectionGnutls
-{
-  GTlsConnectionGnutls parent_instance;
-  GTlsClientConnectionGnutlsPrivate *priv;
-};
-
-GType g_tls_client_connection_gnutls_get_type (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE (GTlsClientConnectionGnutls, g_tls_client_connection_gnutls, G, 
TLS_CLIENT_CONNECTION_GNUTLS, GTlsConnectionGnutls)
 
 G_END_DECLS
 
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 4853222..b577d22 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -125,17 +125,6 @@ static gboolean finish_handshake (GTlsConnectionGnutls  *gnutls,
                                   GTask                 *thread_task,
                                   GError               **error);
 
-G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionGnutls, g_tls_connection_gnutls, G_TYPE_TLS_CONNECTION,
-                                  G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                                         g_tls_connection_gnutls_initable_iface_init);
-                                  G_IMPLEMENT_INTERFACE (G_TYPE_DATAGRAM_BASED,
-                                                         g_tls_connection_gnutls_datagram_based_iface_init);
-                                  G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CONNECTION,
-                                                         g_tls_connection_gnutls_dtls_connection_iface_init);
-                                  g_tls_connection_gnutls_init_priorities ();
-                                  );
-
-
 enum
 {
   PROP_0,
@@ -153,7 +142,7 @@ enum
   PROP_PEER_CERTIFICATE_ERRORS,
 };
 
-struct _GTlsConnectionGnutlsPrivate
+typedef struct
 {
   /* When operating in stream mode.
    * Mutually exclusive with base_socket.
@@ -239,37 +228,47 @@ struct _GTlsConnectionGnutlsPrivate
 #ifndef GNUTLS_E_PREMATURE_TERMINATION
   gboolean eof;
 #endif
-};
+} GTlsConnectionGnutlsPrivate;
+
+G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionGnutls, g_tls_connection_gnutls, G_TYPE_TLS_CONNECTION,
+                                  G_ADD_PRIVATE (GTlsConnectionGnutls);
+                                  G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                         g_tls_connection_gnutls_initable_iface_init);
+                                  G_IMPLEMENT_INTERFACE (G_TYPE_DATAGRAM_BASED,
+                                                         g_tls_connection_gnutls_datagram_based_iface_init);
+                                  G_IMPLEMENT_INTERFACE (G_TYPE_DTLS_CONNECTION,
+                                                         g_tls_connection_gnutls_dtls_connection_iface_init);
+                                  g_tls_connection_gnutls_init_priorities ();
+                                  );
 
 static gint unique_interaction_id = 0;
 
 static void
 g_tls_connection_gnutls_init (GTlsConnectionGnutls *gnutls)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gint unique_id;
 
-  gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls, G_TYPE_TLS_CONNECTION_GNUTLS, 
GTlsConnectionGnutlsPrivate);
-
-  gnutls_certificate_allocate_credentials (&gnutls->priv->creds);
-  gnutls_certificate_set_verify_flags (gnutls->priv->creds,
+  gnutls_certificate_allocate_credentials (&priv->creds);
+  gnutls_certificate_set_verify_flags (priv->creds,
                                        GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
 
-  gnutls->priv->need_handshake = TRUE;
+  priv->need_handshake = TRUE;
 
-  gnutls->priv->database_is_unset = TRUE;
-  gnutls->priv->is_system_certdb = TRUE;
+  priv->database_is_unset = TRUE;
+  priv->is_system_certdb = TRUE;
 
   unique_id = g_atomic_int_add (&unique_interaction_id, 1);
-  gnutls->priv->interaction_id = g_strdup_printf ("gtls:%d", unique_id);
+  priv->interaction_id = g_strdup_printf ("gtls:%d", unique_id);
 
 #ifdef HAVE_PKCS11
-  p11_kit_pin_register_callback (gnutls->priv->interaction_id,
+  p11_kit_pin_register_callback (priv->interaction_id,
                                  on_pin_prompt_callback, gnutls, NULL);
 #endif
 
-  gnutls->priv->waiting_for_op = g_cancellable_new ();
-  g_cancellable_cancel (gnutls->priv->waiting_for_op);
-  g_mutex_init (&gnutls->priv->op_mutex);
+  priv->waiting_for_op = g_cancellable_new ();
+  g_cancellable_cancel (priv->waiting_for_op);
+  g_mutex_init (&priv->op_mutex);
 }
 
 /* First field is "fallback", second is "allow unsafe rehandshaking" */
@@ -337,6 +336,7 @@ g_tls_connection_gnutls_init_priorities (void)
 static void
 g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gboolean fallback, unsafe_rehandshake;
 
   if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
@@ -352,15 +352,17 @@ g_tls_connection_gnutls_set_handshake_priority (GTlsConnectionGnutls *gnutls)
     }
   else
     fallback = FALSE;
-  unsafe_rehandshake = (gnutls->priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY);
-  gnutls_priority_set (gnutls->priv->session,
+  unsafe_rehandshake = (priv->rehandshake_mode == G_TLS_REHANDSHAKE_UNSAFELY);
+  gnutls_priority_set (priv->session,
                        priorities[fallback][unsafe_rehandshake]);
 }
 
 static gboolean
 g_tls_connection_gnutls_is_dtls (GTlsConnectionGnutls *gnutls)
 {
-  return (gnutls->priv->base_socket != NULL);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  return (priv->base_socket != NULL);
 }
 
 static gboolean
@@ -369,24 +371,25 @@ g_tls_connection_gnutls_initable_init (GInitable     *initable,
                                        GError       **error)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gboolean client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
   guint flags = client ? GNUTLS_CLIENT : GNUTLS_SERVER;
   int status;
 
-  g_return_val_if_fail ((gnutls->priv->base_istream == NULL) ==
-                        (gnutls->priv->base_ostream == NULL), FALSE);
-  g_return_val_if_fail ((gnutls->priv->base_socket == NULL) !=
-                        (gnutls->priv->base_istream == NULL), FALSE);
+  g_return_val_if_fail ((priv->base_istream == NULL) ==
+                        (priv->base_ostream == NULL), FALSE);
+  g_return_val_if_fail ((priv->base_socket == NULL) !=
+                        (priv->base_istream == NULL), FALSE);
 
   /* Check whether to use DTLS or TLS. */
   if (g_tls_connection_gnutls_is_dtls (gnutls))
     flags |= GNUTLS_DATAGRAM;
 
-  gnutls_init (&gnutls->priv->session, flags);
+  gnutls_init (&priv->session, flags);
 
-  status = gnutls_credentials_set (gnutls->priv->session,
+  status = gnutls_credentials_set (priv->session,
                                    GNUTLS_CRD_CERTIFICATE,
-                                   gnutls->priv->creds);
+                                   priv->creds);
   if (status != 0)
     {
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
@@ -395,30 +398,30 @@ g_tls_connection_gnutls_initable_init (GInitable     *initable,
       return FALSE;
     }
 
-  gnutls_transport_set_push_function (gnutls->priv->session,
+  gnutls_transport_set_push_function (priv->session,
                                       g_tls_connection_gnutls_push_func);
-  gnutls_transport_set_pull_function (gnutls->priv->session,
+  gnutls_transport_set_pull_function (priv->session,
                                       g_tls_connection_gnutls_pull_func);
-  gnutls_transport_set_pull_timeout_function (gnutls->priv->session,
+  gnutls_transport_set_pull_timeout_function (priv->session,
                                               g_tls_connection_gnutls_pull_timeout_func);
-  gnutls_transport_set_ptr (gnutls->priv->session, gnutls);
+  gnutls_transport_set_ptr (priv->session, gnutls);
 
   /* GDatagramBased supports vectored I/O; GPollableOutputStream does not. */
-  if (gnutls->priv->base_socket != NULL)
+  if (priv->base_socket != NULL)
     {
-      gnutls_transport_set_vec_push_function (gnutls->priv->session,
+      gnutls_transport_set_vec_push_function (priv->session,
                                               g_tls_connection_gnutls_vec_push_func);
     }
 
   /* Set reasonable MTU */
   if (flags & GNUTLS_DATAGRAM)
-    gnutls_dtls_set_mtu (gnutls->priv->session, 1400);
+    gnutls_dtls_set_mtu (priv->session, 1400);
 
   /* Create output streams if operating in streaming mode. */
   if (!(flags & GNUTLS_DATAGRAM))
     {
-      gnutls->priv->tls_istream = g_tls_input_stream_gnutls_new (gnutls);
-      gnutls->priv->tls_ostream = g_tls_output_stream_gnutls_new (gnutls);
+      priv->tls_istream = g_tls_input_stream_gnutls_new (gnutls);
+      priv->tls_ostream = g_tls_output_stream_gnutls_new (gnutls);
     }
 
   return TRUE;
@@ -428,46 +431,47 @@ static void
 g_tls_connection_gnutls_finalize (GObject *object)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
 
-  g_clear_object (&gnutls->priv->base_io_stream);
-  g_clear_object (&gnutls->priv->base_socket);
+  g_clear_object (&priv->base_io_stream);
+  g_clear_object (&priv->base_socket);
 
-  g_clear_object (&gnutls->priv->tls_istream);
-  g_clear_object (&gnutls->priv->tls_ostream);
+  g_clear_object (&priv->tls_istream);
+  g_clear_object (&priv->tls_ostream);
 
-  if (gnutls->priv->session)
-    gnutls_deinit (gnutls->priv->session);
-  if (gnutls->priv->creds)
-    gnutls_certificate_free_credentials (gnutls->priv->creds);
+  if (priv->session)
+    gnutls_deinit (priv->session);
+  if (priv->creds)
+    gnutls_certificate_free_credentials (priv->creds);
 
-  g_clear_object (&gnutls->priv->database);
-  g_clear_object (&gnutls->priv->certificate);
-  g_clear_object (&gnutls->priv->peer_certificate);
-  g_clear_object (&gnutls->priv->peer_certificate_tmp);
+  g_clear_object (&priv->database);
+  g_clear_object (&priv->certificate);
+  g_clear_object (&priv->peer_certificate);
+  g_clear_object (&priv->peer_certificate_tmp);
 
-  g_clear_pointer (&gnutls->priv->app_data_buf, g_byte_array_unref);
+  g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
 
 #ifdef HAVE_PKCS11
-  p11_kit_pin_unregister_callback (gnutls->priv->interaction_id,
+  p11_kit_pin_unregister_callback (priv->interaction_id,
                                    on_pin_prompt_callback, gnutls);
 #endif
-  g_free (gnutls->priv->interaction_id);
-  g_clear_object (&gnutls->priv->interaction);
+  g_free (priv->interaction_id);
+  g_clear_object (&priv->interaction);
 
-  g_clear_error (&gnutls->priv->handshake_error);
-  g_clear_error (&gnutls->priv->read_error);
-  g_clear_error (&gnutls->priv->write_error);
+  g_clear_error (&priv->handshake_error);
+  g_clear_error (&priv->read_error);
+  g_clear_error (&priv->write_error);
 
   /* This must always be NULL at this, as it holds a referehce to @gnutls as
    * its source object. However, we clear it anyway just in case this changes
    * in future. */
-  g_clear_object (&gnutls->priv->implicit_handshake);
+  g_clear_object (&priv->implicit_handshake);
 
-  g_clear_object (&gnutls->priv->read_cancellable);
-  g_clear_object (&gnutls->priv->write_cancellable);
+  g_clear_object (&priv->read_cancellable);
+  g_clear_object (&priv->write_cancellable);
 
-  g_clear_object (&gnutls->priv->waiting_for_op);
-  g_mutex_clear (&gnutls->priv->op_mutex);
+  g_clear_object (&priv->waiting_for_op);
+  g_mutex_clear (&priv->op_mutex);
 
   G_OBJECT_CLASS (g_tls_connection_gnutls_parent_class)->finalize (object);
 }
@@ -479,54 +483,55 @@ g_tls_connection_gnutls_get_property (GObject    *object,
                                       GParamSpec *pspec)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsBackend *backend;
 
   switch (prop_id)
     {
     case PROP_BASE_IO_STREAM:
-      g_value_set_object (value, gnutls->priv->base_io_stream);
+      g_value_set_object (value, priv->base_io_stream);
       break;
 
     case PROP_BASE_SOCKET:
-      g_value_set_object (value, gnutls->priv->base_socket);
+      g_value_set_object (value, priv->base_socket);
       break;
 
     case PROP_REQUIRE_CLOSE_NOTIFY:
-      g_value_set_boolean (value, gnutls->priv->require_close_notify);
+      g_value_set_boolean (value, priv->require_close_notify);
       break;
 
     case PROP_REHANDSHAKE_MODE:
-      g_value_set_enum (value, gnutls->priv->rehandshake_mode);
+      g_value_set_enum (value, priv->rehandshake_mode);
       break;
 
     case PROP_USE_SYSTEM_CERTDB:
-      g_value_set_boolean (value, gnutls->priv->is_system_certdb);
+      g_value_set_boolean (value, priv->is_system_certdb);
       break;
 
     case PROP_DATABASE:
-      if (gnutls->priv->database_is_unset)
+      if (priv->database_is_unset)
         {
           backend = g_tls_backend_get_default ();
-          gnutls->priv->database =  g_tls_backend_get_default_database (backend);
-          gnutls->priv->database_is_unset = FALSE;
+          priv->database =  g_tls_backend_get_default_database (backend);
+          priv->database_is_unset = FALSE;
         }
-      g_value_set_object (value, gnutls->priv->database);
+      g_value_set_object (value, priv->database);
       break;
 
     case PROP_CERTIFICATE:
-      g_value_set_object (value, gnutls->priv->certificate);
+      g_value_set_object (value, priv->certificate);
       break;
 
     case PROP_INTERACTION:
-      g_value_set_object (value, gnutls->priv->interaction);
+      g_value_set_object (value, priv->interaction);
       break;
 
     case PROP_PEER_CERTIFICATE:
-      g_value_set_object (value, gnutls->priv->peer_certificate);
+      g_value_set_object (value, priv->peer_certificate);
       break;
 
     case PROP_PEER_CERTIFICATE_ERRORS:
-      g_value_set_flags (value, gnutls->priv->peer_certificate_errors);
+      g_value_set_flags (value, priv->peer_certificate_errors);
       break;
 
     default:
@@ -541,6 +546,7 @@ g_tls_connection_gnutls_set_property (GObject      *object,
                                       GParamSpec   *pspec)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (object);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GInputStream *istream;
   GOutputStream *ostream;
   gboolean system_certdb;
@@ -550,76 +556,76 @@ g_tls_connection_gnutls_set_property (GObject      *object,
     {
     case PROP_BASE_IO_STREAM:
       g_assert (g_value_get_object (value) == NULL ||
-                gnutls->priv->base_socket == NULL);
+                priv->base_socket == NULL);
 
-      if (gnutls->priv->base_io_stream)
+      if (priv->base_io_stream)
         {
-          g_object_unref (gnutls->priv->base_io_stream);
-          gnutls->priv->base_istream = NULL;
-          gnutls->priv->base_ostream = NULL;
+          g_object_unref (priv->base_io_stream);
+          priv->base_istream = NULL;
+          priv->base_ostream = NULL;
         }
-      gnutls->priv->base_io_stream = g_value_dup_object (value);
-      if (!gnutls->priv->base_io_stream)
+      priv->base_io_stream = g_value_dup_object (value);
+      if (!priv->base_io_stream)
         return;
 
-      istream = g_io_stream_get_input_stream (gnutls->priv->base_io_stream);
-      ostream = g_io_stream_get_output_stream (gnutls->priv->base_io_stream);
+      istream = g_io_stream_get_input_stream (priv->base_io_stream);
+      ostream = g_io_stream_get_output_stream (priv->base_io_stream);
 
       if (G_IS_POLLABLE_INPUT_STREAM (istream) &&
           g_pollable_input_stream_can_poll (G_POLLABLE_INPUT_STREAM (istream)))
-        gnutls->priv->base_istream = G_POLLABLE_INPUT_STREAM (istream);
+        priv->base_istream = G_POLLABLE_INPUT_STREAM (istream);
       if (G_IS_POLLABLE_OUTPUT_STREAM (ostream) &&
           g_pollable_output_stream_can_poll (G_POLLABLE_OUTPUT_STREAM (ostream)))
-        gnutls->priv->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream);
+        priv->base_ostream = G_POLLABLE_OUTPUT_STREAM (ostream);
       break;
 
     case PROP_BASE_SOCKET:
       g_assert (g_value_get_object (value) == NULL ||
-                gnutls->priv->base_io_stream == NULL);
+                priv->base_io_stream == NULL);
 
-      g_clear_object (&gnutls->priv->base_socket);
-      gnutls->priv->base_socket = g_value_dup_object (value);
+      g_clear_object (&priv->base_socket);
+      priv->base_socket = g_value_dup_object (value);
       break;
 
     case PROP_REQUIRE_CLOSE_NOTIFY:
-      gnutls->priv->require_close_notify = g_value_get_boolean (value);
+      priv->require_close_notify = g_value_get_boolean (value);
       break;
 
     case PROP_REHANDSHAKE_MODE:
-      gnutls->priv->rehandshake_mode = g_value_get_enum (value);
+      priv->rehandshake_mode = g_value_get_enum (value);
       break;
 
     case PROP_USE_SYSTEM_CERTDB:
       system_certdb = g_value_get_boolean (value);
-      if (system_certdb != gnutls->priv->is_system_certdb)
+      if (system_certdb != priv->is_system_certdb)
         {
-          g_clear_object (&gnutls->priv->database);
+          g_clear_object (&priv->database);
           if (system_certdb)
             {
               backend = g_tls_backend_get_default ();
-              gnutls->priv->database = g_tls_backend_get_default_database (backend);
+              priv->database = g_tls_backend_get_default_database (backend);
             }
-          gnutls->priv->is_system_certdb = system_certdb;
-          gnutls->priv->database_is_unset = FALSE;
+          priv->is_system_certdb = system_certdb;
+          priv->database_is_unset = FALSE;
         }
       break;
 
     case PROP_DATABASE:
-      g_clear_object (&gnutls->priv->database);
-      gnutls->priv->database = g_value_dup_object (value);
-      gnutls->priv->is_system_certdb = FALSE;
-      gnutls->priv->database_is_unset = FALSE;
+      g_clear_object (&priv->database);
+      priv->database = g_value_dup_object (value);
+      priv->is_system_certdb = FALSE;
+      priv->database_is_unset = FALSE;
       break;
 
     case PROP_CERTIFICATE:
-      if (gnutls->priv->certificate)
-        g_object_unref (gnutls->priv->certificate);
-      gnutls->priv->certificate = g_value_dup_object (value);
+      if (priv->certificate)
+        g_object_unref (priv->certificate);
+      priv->certificate = g_value_dup_object (value);
       break;
 
     case PROP_INTERACTION:
-      g_clear_object (&gnutls->priv->interaction);
-      gnutls->priv->interaction = g_value_dup_object (value);
+      g_clear_object (&priv->interaction);
+      priv->interaction = g_value_dup_object (value);
       break;
 
     default:
@@ -630,19 +636,24 @@ g_tls_connection_gnutls_set_property (GObject      *object,
 gnutls_certificate_credentials_t
 g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *gnutls)
 {
-  return gnutls->priv->creds;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  return priv->creds;
 }
 
 gnutls_session_t
 g_tls_connection_gnutls_get_session (GTlsConnectionGnutls *gnutls)
 {
-  return gnutls->priv->session;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  return priv->session;
 }
 
 void
 g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
                                          gnutls_retr2_st      *st)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsCertificate *cert;
 
   cert = g_tls_connection_get_certificate (G_TLS_CONNECTION (gnutls));
@@ -652,7 +663,7 @@ g_tls_connection_gnutls_get_certificate (GTlsConnectionGnutls *gnutls,
 
   if (cert)
       g_tls_certificate_gnutls_copy (G_TLS_CERTIFICATE_GNUTLS (cert),
-                                     gnutls->priv->interaction_id, st);
+                                     priv->interaction_id, st);
 }
 
 typedef enum {
@@ -671,33 +682,35 @@ claim_op (GTlsConnectionGnutls    *gnutls,
           GCancellable            *cancellable,
           GError                 **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
  try_again:
   if (g_cancellable_set_error_if_cancelled (cancellable, error))
     return FALSE;
 
-  g_mutex_lock (&gnutls->priv->op_mutex);
+  g_mutex_lock (&priv->op_mutex);
 
   if (((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
         op == G_TLS_CONNECTION_GNUTLS_OP_READ) &&
-       (gnutls->priv->read_closing || gnutls->priv->read_closed)) ||
+       (priv->read_closing || priv->read_closed)) ||
       ((op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE ||
         op == G_TLS_CONNECTION_GNUTLS_OP_WRITE) &&
-       (gnutls->priv->write_closing || gnutls->priv->write_closed)))
+       (priv->write_closing || priv->write_closed)))
     {
       g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_CLOSED,
                            _("Connection is closed"));
-      g_mutex_unlock (&gnutls->priv->op_mutex);
+      g_mutex_unlock (&priv->op_mutex);
       return FALSE;
     }
 
-  if (gnutls->priv->handshake_error &&
+  if (priv->handshake_error &&
       op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
       op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
       op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
     {
       if (error)
-        *error = g_error_copy (gnutls->priv->handshake_error);
-      g_mutex_unlock (&gnutls->priv->op_mutex);
+        *error = g_error_copy (priv->handshake_error);
+      g_mutex_unlock (&priv->op_mutex);
       return FALSE;
     }
 
@@ -706,29 +719,29 @@ claim_op (GTlsConnectionGnutls    *gnutls,
       if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
           op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
           op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE &&
-          gnutls->priv->need_handshake)
+          priv->need_handshake)
         {
-          gnutls->priv->need_handshake = FALSE;
-          gnutls->priv->handshaking = TRUE;
+          priv->need_handshake = FALSE;
+          priv->handshaking = TRUE;
           if (!do_implicit_handshake (gnutls, timeout, cancellable, error))
             {
-              g_mutex_unlock (&gnutls->priv->op_mutex);
+              g_mutex_unlock (&priv->op_mutex);
               return FALSE;
             }
         }
 
-      if (gnutls->priv->need_finish_handshake &&
-          gnutls->priv->implicit_handshake)
+      if (priv->need_finish_handshake &&
+          priv->implicit_handshake)
         {
           GError *my_error = NULL;
           gboolean success;
 
-          gnutls->priv->need_finish_handshake = FALSE;
+          priv->need_finish_handshake = FALSE;
 
-          g_mutex_unlock (&gnutls->priv->op_mutex);
-          success = finish_handshake (gnutls, gnutls->priv->implicit_handshake, &my_error);
-          g_clear_object (&gnutls->priv->implicit_handshake);
-          g_mutex_lock (&gnutls->priv->op_mutex);
+          g_mutex_unlock (&priv->op_mutex);
+          success = finish_handshake (gnutls, priv->implicit_handshake, &my_error);
+          g_clear_object (&priv->implicit_handshake);
+          g_mutex_lock (&priv->op_mutex);
 
           if (op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH &&
               op != G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ &&
@@ -736,7 +749,7 @@ claim_op (GTlsConnectionGnutls    *gnutls,
               (!success || g_cancellable_set_error_if_cancelled (cancellable, &my_error)))
             {
               g_propagate_error (error, my_error);
-              g_mutex_unlock (&gnutls->priv->op_mutex);
+              g_mutex_unlock (&priv->op_mutex);
               return FALSE;
             }
 
@@ -744,18 +757,18 @@ claim_op (GTlsConnectionGnutls    *gnutls,
         }
     }
 
-  if ((op != G_TLS_CONNECTION_GNUTLS_OP_WRITE && gnutls->priv->reading) ||
-      (op != G_TLS_CONNECTION_GNUTLS_OP_READ && gnutls->priv->writing) ||
-      (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE && gnutls->priv->handshaking))
+  if ((op != G_TLS_CONNECTION_GNUTLS_OP_WRITE && priv->reading) ||
+      (op != G_TLS_CONNECTION_GNUTLS_OP_READ && priv->writing) ||
+      (op != G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE && priv->handshaking))
     {
       GPollFD fds[2];
       int nfds;
       gint64 start_time;
       gint result = 1;  /* if the loop is never entered, it’s as if we cancelled early */
 
-      g_cancellable_reset (gnutls->priv->waiting_for_op);
+      g_cancellable_reset (priv->waiting_for_op);
 
-      g_mutex_unlock (&gnutls->priv->op_mutex);
+      g_mutex_unlock (&priv->op_mutex);
 
       if (timeout == 0)
         {
@@ -764,7 +777,7 @@ claim_op (GTlsConnectionGnutls    *gnutls,
           return FALSE;
         }
 
-      g_cancellable_make_pollfd (gnutls->priv->waiting_for_op, &fds[0]);
+      g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]);
       if (g_cancellable_make_pollfd (cancellable, &fds[1]))
         nfds = 2;
       else
@@ -777,7 +790,7 @@ claim_op (GTlsConnectionGnutls    *gnutls,
       /* Poll until cancellation or the timeout is reached. */
       start_time = g_get_monotonic_time ();
 
-      while (!g_cancellable_is_cancelled (gnutls->priv->waiting_for_op) &&
+      while (!g_cancellable_is_cancelled (priv->waiting_for_op) &&
              !g_cancellable_is_cancelled (cancellable))
         {
           result = g_poll (fds, nfds, timeout);
@@ -810,22 +823,22 @@ claim_op (GTlsConnectionGnutls    *gnutls,
 
   if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
     {
-      gnutls->priv->handshaking = TRUE;
-      gnutls->priv->need_handshake = FALSE;
+      priv->handshaking = TRUE;
+      priv->need_handshake = FALSE;
     }
   if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
       op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
-    gnutls->priv->read_closing = TRUE;
+    priv->read_closing = TRUE;
   if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
       op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
-    gnutls->priv->write_closing = TRUE;
+    priv->write_closing = TRUE;
 
   if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
-    gnutls->priv->reading = TRUE;
+    priv->reading = TRUE;
   if (op != G_TLS_CONNECTION_GNUTLS_OP_READ)
-    gnutls->priv->writing = TRUE;
+    priv->writing = TRUE;
 
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  g_mutex_unlock (&priv->op_mutex);
   return TRUE;
 }
 
@@ -833,24 +846,26 @@ static void
 yield_op (GTlsConnectionGnutls   *gnutls,
           GTlsConnectionGnutlsOp  op)
 {
-  g_mutex_lock (&gnutls->priv->op_mutex);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
+  g_mutex_lock (&priv->op_mutex);
 
   if (op == G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE)
-    gnutls->priv->handshaking = FALSE;
+    priv->handshaking = FALSE;
   if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
       op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_READ)
-    gnutls->priv->read_closing = FALSE;
+    priv->read_closing = FALSE;
   if (op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_BOTH ||
       op == G_TLS_CONNECTION_GNUTLS_OP_CLOSE_WRITE)
-    gnutls->priv->write_closing = FALSE;
+    priv->write_closing = FALSE;
 
   if (op != G_TLS_CONNECTION_GNUTLS_OP_WRITE)
-    gnutls->priv->reading = FALSE;
+    priv->reading = FALSE;
   if (op != G_TLS_CONNECTION_GNUTLS_OP_READ)
-    gnutls->priv->writing = FALSE;
+    priv->writing = FALSE;
 
-  g_cancellable_cancel (gnutls->priv->waiting_for_op);
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  g_cancellable_cancel (priv->waiting_for_op);
+  g_mutex_unlock (&priv->op_mutex);
 }
 
 static void
@@ -859,20 +874,22 @@ begin_gnutls_io (GTlsConnectionGnutls  *gnutls,
                  gint64                 timeout,
                  GCancellable          *cancellable)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
   g_assert (direction & (G_IO_IN | G_IO_OUT));
 
   if (direction & G_IO_IN)
     {
-      gnutls->priv->read_timeout = timeout;
-      gnutls->priv->read_cancellable = cancellable;
-      g_clear_error (&gnutls->priv->read_error);
+      priv->read_timeout = timeout;
+      priv->read_cancellable = cancellable;
+      g_clear_error (&priv->read_error);
     }
 
   if (direction & G_IO_OUT)
     {
-      gnutls->priv->write_timeout = timeout;
-      gnutls->priv->write_cancellable = cancellable;
-      g_clear_error (&gnutls->priv->write_error);
+      priv->write_timeout = timeout;
+      priv->write_cancellable = cancellable;
+      g_clear_error (&priv->write_error);
     }
 }
 
@@ -890,6 +907,7 @@ end_gnutls_io (GTlsConnectionGnutls  *gnutls,
                GError               **error,
                const char            *err_prefix)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GError *my_error = NULL;
 
   g_assert (direction & (G_IO_IN | G_IO_OUT));
@@ -901,31 +919,31 @@ end_gnutls_io (GTlsConnectionGnutls  *gnutls,
 
   if (direction & G_IO_IN)
     {
-      gnutls->priv->read_cancellable = NULL;
+      priv->read_cancellable = NULL;
       if (status < 0)
         {
-          my_error = gnutls->priv->read_error;
-          gnutls->priv->read_error = NULL;
+          my_error = priv->read_error;
+          priv->read_error = NULL;
         }
       else
-        g_clear_error (&gnutls->priv->read_error);
+        g_clear_error (&priv->read_error);
     }
   if (direction & G_IO_OUT)
     {
-      gnutls->priv->write_cancellable = NULL;
+      priv->write_cancellable = NULL;
       if (status < 0 && !my_error)
         {
-          my_error = gnutls->priv->write_error;
-          gnutls->priv->write_error = NULL;
+          my_error = priv->write_error;
+          priv->write_error = NULL;
         }
       else
-        g_clear_error (&gnutls->priv->write_error);
+        g_clear_error (&priv->write_error);
     }
 
   if (status >= 0)
     return status;
 
-  if (gnutls->priv->handshaking && !gnutls->priv->ever_handshaked)
+  if (priv->handshaking && !priv->ever_handshaked)
     {
       if (g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_FAILED) ||
           g_error_matches (my_error, G_IO_ERROR, G_IO_ERROR_BROKEN_PIPE) ||
@@ -950,34 +968,34 @@ end_gnutls_io (GTlsConnectionGnutls  *gnutls,
     }
   else if (status == GNUTLS_E_REHANDSHAKE)
     {
-      if (gnutls->priv->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
+      if (priv->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
         {
           g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                                _("Peer requested illegal TLS rehandshake"));
           return GNUTLS_E_PULL_ERROR;
         }
 
-      g_mutex_lock (&gnutls->priv->op_mutex);
-      if (!gnutls->priv->handshaking)
-        gnutls->priv->need_handshake = TRUE;
-      g_mutex_unlock (&gnutls->priv->op_mutex);
+      g_mutex_lock (&priv->op_mutex);
+      if (!priv->handshaking)
+        priv->need_handshake = TRUE;
+      g_mutex_unlock (&priv->op_mutex);
       return status;
     }
   else if (
 #ifdef GNUTLS_E_PREMATURE_TERMINATION
            status == GNUTLS_E_PREMATURE_TERMINATION
 #else
-           status == GNUTLS_E_UNEXPECTED_PACKET_LENGTH && gnutls->priv->eof
+           status == GNUTLS_E_UNEXPECTED_PACKET_LENGTH && priv->eof
 #endif
            )
     {
-      if (gnutls->priv->handshaking && !gnutls->priv->ever_handshaked)
+      if (priv->handshaking && !priv->ever_handshaked)
         {
           g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
                                _("Peer failed to perform TLS handshake"));
           return GNUTLS_E_PULL_ERROR;
         }
-      else if (gnutls->priv->require_close_notify)
+      else if (priv->require_close_notify)
         {
           g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_EOF,
                                _("TLS connection closed unexpectedly"));
@@ -997,12 +1015,12 @@ end_gnutls_io (GTlsConnectionGnutls  *gnutls,
     {
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                    _("Peer sent fatal TLS alert: %s"),
-                   gnutls_alert_get_name (gnutls_alert_get (gnutls->priv->session)));
+                   gnutls_alert_get_name (gnutls_alert_get (priv->session)));
       return status;
     }
   else if (status == GNUTLS_E_LARGE_PACKET)
     {
-      guint mtu = gnutls_dtls_get_data_mtu (gnutls->priv->session);
+      guint mtu = gnutls_dtls_get_data_mtu (priv->session);
       g_set_error (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE,
                    ngettext ("Message is too large for DTLS connection; maximum is %u byte",
                              "Message is too large for DTLS connection; maximum is %u bytes", mtu), mtu);
@@ -1036,13 +1054,15 @@ static gboolean
 g_tls_connection_gnutls_base_check (GTlsConnectionGnutls  *gnutls,
                                     GIOCondition           condition)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
   if (g_tls_connection_gnutls_is_dtls (gnutls))
-    return g_datagram_based_condition_check (gnutls->priv->base_socket,
+    return g_datagram_based_condition_check (priv->base_socket,
                                              condition);
   else if (condition & G_IO_IN)
-    return g_pollable_input_stream_is_readable (gnutls->priv->base_istream);
+    return g_pollable_input_stream_is_readable (priv->base_istream);
   else if (condition & G_IO_OUT)
-    return g_pollable_output_stream_is_writable (gnutls->priv->base_ostream);
+    return g_pollable_output_stream_is_writable (priv->base_ostream);
   else
     g_assert_not_reached ();
 }
@@ -1053,18 +1073,20 @@ gboolean
 g_tls_connection_gnutls_check (GTlsConnectionGnutls  *gnutls,
                                GIOCondition           condition)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
   /* Racy, but worst case is that we just get WOULD_BLOCK back */
-  if (gnutls->priv->need_finish_handshake)
+  if (priv->need_finish_handshake)
     return TRUE;
 
   /* If a handshake or close is in progress, then tls_istream and
    * tls_ostream are blocked, regardless of the base stream status.
    */
-  if (gnutls->priv->handshaking)
+  if (priv->handshaking)
     return FALSE;
 
-  if (((condition & G_IO_IN) && gnutls->priv->read_closing) ||
-      ((condition & G_IO_OUT) && gnutls->priv->write_closing))
+  if (((condition & G_IO_IN) && priv->read_closing) ||
+      ((condition & G_IO_OUT) && priv->write_closing))
     return FALSE;
 
   /* Defer to the base stream or GDatagramBased. */
@@ -1114,26 +1136,27 @@ static void
 gnutls_source_sync (GTlsConnectionGnutlsSource *gnutls_source)
 {
   GTlsConnectionGnutls *gnutls = gnutls_source->gnutls;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gboolean io_waiting, op_waiting;
 
   /* Was the source destroyed earlier in this main context iteration? */
   if (g_source_is_destroyed ((GSource *) gnutls_source))
     return;
 
-  g_mutex_lock (&gnutls->priv->op_mutex);
-  if (((gnutls_source->condition & G_IO_IN) && gnutls->priv->reading) ||
-      ((gnutls_source->condition & G_IO_OUT) && gnutls->priv->writing) ||
-      (gnutls->priv->handshaking && !gnutls->priv->need_finish_handshake))
+  g_mutex_lock (&priv->op_mutex);
+  if (((gnutls_source->condition & G_IO_IN) && priv->reading) ||
+      ((gnutls_source->condition & G_IO_OUT) && priv->writing) ||
+      (priv->handshaking && !priv->need_finish_handshake))
     op_waiting = TRUE;
   else
     op_waiting = FALSE;
 
-  if (!op_waiting && !gnutls->priv->need_handshake &&
-      !gnutls->priv->need_finish_handshake)
+  if (!op_waiting && !priv->need_handshake &&
+      !priv->need_finish_handshake)
     io_waiting = TRUE;
   else
     io_waiting = FALSE;
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  g_mutex_unlock (&priv->op_mutex);
 
   if (op_waiting == gnutls_source->op_waiting &&
       io_waiting == gnutls_source->io_waiting)
@@ -1149,13 +1172,13 @@ gnutls_source_sync (GTlsConnectionGnutlsSource *gnutls_source)
     }
 
   if (op_waiting)
-    gnutls_source->child_source = g_cancellable_source_new (gnutls->priv->waiting_for_op);
+    gnutls_source->child_source = g_cancellable_source_new (priv->waiting_for_op);
   else if (io_waiting && G_IS_DATAGRAM_BASED (gnutls_source->base))
-    gnutls_source->child_source = g_datagram_based_create_source (gnutls->priv->base_socket, 
gnutls_source->condition, NULL);
+    gnutls_source->child_source = g_datagram_based_create_source (priv->base_socket, 
gnutls_source->condition, NULL);
   else if (io_waiting && G_IS_POLLABLE_INPUT_STREAM (gnutls_source->base))
-    gnutls_source->child_source = g_pollable_input_stream_create_source (gnutls->priv->base_istream, NULL);
+    gnutls_source->child_source = g_pollable_input_stream_create_source (priv->base_istream, NULL);
   else if (io_waiting && G_IS_POLLABLE_OUTPUT_STREAM (gnutls_source->base))
-    gnutls_source->child_source = g_pollable_output_stream_create_source (gnutls->priv->base_ostream, NULL);
+    gnutls_source->child_source = g_pollable_output_stream_create_source (priv->base_ostream, NULL);
   else
     gnutls_source->child_source = g_timeout_source_new (0);
 
@@ -1271,6 +1294,7 @@ g_tls_connection_gnutls_create_source (GTlsConnectionGnutls  *gnutls,
                                        GIOCondition           condition,
                                        GCancellable          *cancellable)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GSource *source, *cancellable_source;
   GTlsConnectionGnutlsSource *gnutls_source;
 
@@ -1290,10 +1314,10 @@ g_tls_connection_gnutls_create_source (GTlsConnectionGnutls  *gnutls,
   gnutls_source->condition = condition;
   if (g_tls_connection_gnutls_is_dtls (gnutls))
     gnutls_source->base = G_OBJECT (gnutls);
-  else if (gnutls->priv->tls_istream != NULL && condition & G_IO_IN)
-    gnutls_source->base = G_OBJECT (gnutls->priv->tls_istream);
-  else if (gnutls->priv->tls_ostream != NULL && condition & G_IO_OUT)
-    gnutls_source->base = G_OBJECT (gnutls->priv->tls_ostream);
+  else if (priv->tls_istream != NULL && condition & G_IO_IN)
+    gnutls_source->base = G_OBJECT (priv->tls_istream);
+  else if (priv->tls_ostream != NULL && condition & G_IO_OUT)
+    gnutls_source->base = G_OBJECT (priv->tls_ostream);
   else
     g_assert_not_reached ();
 
@@ -1339,6 +1363,7 @@ g_tls_connection_gnutls_condition_wait (GDatagramBased  *datagram_based,
                                         GError         **error)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (datagram_based);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GPollFD fds[2];
   guint n_fds;
   gint result = 1;  /* if the loop is never entered, it’s as if we cancelled early */
@@ -1353,7 +1378,7 @@ g_tls_connection_gnutls_condition_wait (GDatagramBased  *datagram_based,
 
   start_time = g_get_monotonic_time ();
 
-  g_cancellable_make_pollfd (gnutls->priv->waiting_for_op, &fds[0]);
+  g_cancellable_make_pollfd (priv->waiting_for_op, &fds[0]);
   n_fds = 1;
 
   if (g_cancellable_make_pollfd (cancellable, &fds[1]))
@@ -1393,6 +1418,8 @@ static void
 set_gnutls_error (GTlsConnectionGnutls *gnutls,
                   GError               *error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
+
   /* We set EINTR rather than EAGAIN for G_IO_ERROR_WOULD_BLOCK so
    * that GNUTLS_E_AGAIN only gets returned for gnutls-internal
    * reasons, not for actual socket EAGAINs (and we have access
@@ -1401,23 +1428,22 @@ set_gnutls_error (GTlsConnectionGnutls *gnutls,
    */
 
   if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
-    gnutls_transport_set_errno (gnutls->priv->session, EINTR);
+    gnutls_transport_set_errno (priv->session, EINTR);
   else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK))
     {
       /* Return EAGAIN while handshaking so that GnuTLS handles retries for us
        * internally in its handshaking code. */
-      if (gnutls->priv->base_socket &&
-          gnutls->priv->handshaking)
-        gnutls_transport_set_errno (gnutls->priv->session, EAGAIN);
+      if (priv->base_socket && priv->handshaking)
+        gnutls_transport_set_errno (priv->session, EAGAIN);
       else
-        gnutls_transport_set_errno (gnutls->priv->session, EINTR);
+        gnutls_transport_set_errno (priv->session, EINTR);
     }
   else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_TIMED_OUT))
-    gnutls_transport_set_errno (gnutls->priv->session, EINTR);
+    gnutls_transport_set_errno (priv->session, EINTR);
   else if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_MESSAGE_TOO_LARGE))
-    gnutls_transport_set_errno (gnutls->priv->session, EMSGSIZE);
+    gnutls_transport_set_errno (priv->session, EMSGSIZE);
   else
-    gnutls_transport_set_errno (gnutls->priv->session, EIO);
+    gnutls_transport_set_errno (priv->session, EIO);
 }
 
 static ssize_t
@@ -1426,44 +1452,45 @@ g_tls_connection_gnutls_pull_func (gnutls_transport_ptr_t  transport_data,
                                    size_t                  buflen)
 {
   GTlsConnectionGnutls *gnutls = transport_data;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   ssize_t ret;
 
-  /* If gnutls->priv->read_error is non-%NULL when we're called, it means
+  /* If priv->read_error is non-%NULL when we're called, it means
    * that an error previously occurred, but gnutls decided not to
    * propagate it. So it's correct for us to just clear it. (Usually
    * this means it ignored an EAGAIN after a short read, and now
    * we'll return EAGAIN again, which it will obey this time.)
    */
-  g_clear_error (&gnutls->priv->read_error);
+  g_clear_error (&priv->read_error);
 
   if (g_tls_connection_gnutls_is_dtls (gnutls))
     {
       GInputVector vector = { buf, buflen };
       GInputMessage message = { NULL, &vector, 1, 0, 0, NULL, NULL };
 
-      ret = g_datagram_based_receive_messages (gnutls->priv->base_socket,
+      ret = g_datagram_based_receive_messages (priv->base_socket,
                                                &message, 1, 0,
-                                               gnutls->priv->handshaking ? 0 : gnutls->priv->read_timeout,
-                                               gnutls->priv->read_cancellable,
-                                               &gnutls->priv->read_error);
+                                               priv->handshaking ? 0 : priv->read_timeout,
+                                               priv->read_cancellable,
+                                               &priv->read_error);
 
       if (ret > 0)
         ret = message.bytes_received;
     }
   else
     {
-      ret = g_pollable_stream_read (G_INPUT_STREAM (gnutls->priv->base_istream),
+      ret = g_pollable_stream_read (G_INPUT_STREAM (priv->base_istream),
                                     buf, buflen,
-                                    (gnutls->priv->read_timeout != 0),
-                                    gnutls->priv->read_cancellable,
-                                    &gnutls->priv->read_error);
+                                    (priv->read_timeout != 0),
+                                    priv->read_cancellable,
+                                    &priv->read_error);
     }
 
   if (ret < 0)
-    set_gnutls_error (gnutls, gnutls->priv->read_error);
+    set_gnutls_error (gnutls, priv->read_error);
 #ifndef GNUTLS_E_PREMATURE_TERMINATION
   else if (ret == 0)
-    gnutls->priv->eof = TRUE;
+    priv->eof = TRUE;
 #endif
 
   return ret;
@@ -1475,36 +1502,37 @@ g_tls_connection_gnutls_push_func (gnutls_transport_ptr_t  transport_data,
                                    size_t                  buflen)
 {
   GTlsConnectionGnutls *gnutls = transport_data;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   ssize_t ret;
 
   /* See comment in pull_func. */
-  g_clear_error (&gnutls->priv->write_error);
+  g_clear_error (&priv->write_error);
 
   if (g_tls_connection_gnutls_is_dtls (gnutls))
     {
       GOutputVector vector = { buf, buflen };
       GOutputMessage message = { NULL, &vector, 1, 0, NULL, 0 };
 
-      ret = g_datagram_based_send_messages (gnutls->priv->base_socket,
+      ret = g_datagram_based_send_messages (priv->base_socket,
                                             &message, 1, 0,
-                                            gnutls->priv->write_timeout,
-                                            gnutls->priv->write_cancellable,
-                                            &gnutls->priv->write_error);
+                                            priv->write_timeout,
+                                            priv->write_cancellable,
+                                            &priv->write_error);
 
       if (ret > 0)
         ret = message.bytes_sent;
     }
   else
     {
-      ret = g_pollable_stream_write (G_OUTPUT_STREAM (gnutls->priv->base_ostream),
+      ret = g_pollable_stream_write (G_OUTPUT_STREAM (priv->base_ostream),
                                      buf, buflen,
-                                     (gnutls->priv->write_timeout != 0),
-                                     gnutls->priv->write_cancellable,
-                                     &gnutls->priv->write_error);
+                                     (priv->write_timeout != 0),
+                                     priv->write_cancellable,
+                                     &priv->write_error);
     }
 
   if (ret < 0)
-    set_gnutls_error (gnutls, gnutls->priv->write_error);
+    set_gnutls_error (gnutls, priv->write_error);
 
   return ret;
 }
@@ -1515,15 +1543,16 @@ g_tls_connection_gnutls_vec_push_func (gnutls_transport_ptr_t  transport_data,
                                        int                     iovcnt)
 {
   GTlsConnectionGnutls *gnutls = transport_data;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   ssize_t ret;
   GOutputMessage message = { NULL, };
   GOutputVector *vectors;
 
   /* This function should only be set if we’re using base_socket. */
-  g_assert (gnutls->priv->base_socket != NULL);
+  g_assert (priv->base_socket != NULL);
 
   /* See comment in pull_func. */
-  g_clear_error (&gnutls->priv->write_error);
+  g_clear_error (&priv->write_error);
 
   /* this entire expression will be evaluated at compile time */
   if (sizeof *iov == sizeof *vectors &&
@@ -1552,16 +1581,16 @@ g_tls_connection_gnutls_vec_push_func (gnutls_transport_ptr_t  transport_data,
       message.num_vectors = iovcnt;
     }
 
-  ret = g_datagram_based_send_messages (gnutls->priv->base_socket,
+  ret = g_datagram_based_send_messages (priv->base_socket,
                                         &message, 1, 0,
-                                        gnutls->priv->write_timeout,
-                                        gnutls->priv->write_cancellable,
-                                        &gnutls->priv->write_error);
+                                        priv->write_timeout,
+                                        priv->write_cancellable,
+                                        &priv->write_error);
 
   if (ret > 0)
     ret = message.bytes_sent;
   else if (ret < 0)
-    set_gnutls_error (gnutls, gnutls->priv->write_error);
+    set_gnutls_error (gnutls, priv->write_error);
 
   return ret;
 }
@@ -1604,10 +1633,11 @@ g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data
                                            unsigned int           ms)
 {
   GTlsConnectionGnutls *gnutls = transport_data;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
 
   /* Fast path. */
   if (g_tls_connection_gnutls_base_check (gnutls, G_IO_IN) ||
-      g_cancellable_is_cancelled (gnutls->priv->read_cancellable))
+      g_cancellable_is_cancelled (priv->read_cancellable))
     return 1;
 
   /* If @ms is 0, GnuTLS wants an instant response, so there’s no need to
@@ -1630,13 +1660,13 @@ g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data
        * internals of the #GDatagramBased’s #GSource implementation. */
       if (g_tls_connection_gnutls_is_dtls (gnutls))
         {
-          read_source = g_datagram_based_create_source (gnutls->priv->base_socket, G_IO_IN, NULL);
+          read_source = g_datagram_based_create_source (priv->base_socket, G_IO_IN, NULL);
           g_source_set_callback (read_source, (GSourceFunc) read_datagram_based_cb,
                                  &read_done, NULL);
         }
       else
         {
-          read_source = g_pollable_input_stream_create_source (gnutls->priv->base_istream, NULL);
+          read_source = g_pollable_input_stream_create_source (priv->base_istream, NULL);
           g_source_set_callback (read_source, (GSourceFunc) read_pollable_cb,
                                  &read_done, NULL);
         }
@@ -1657,7 +1687,7 @@ g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data
       /* If @read_source was dispatched due to cancellation, the resulting error
        * will be handled in g_tls_connection_gnutls_pull_func(). */
       if (g_tls_connection_gnutls_base_check (gnutls, G_IO_IN) ||
-          g_cancellable_is_cancelled (gnutls->priv->read_cancellable))
+          g_cancellable_is_cancelled (priv->read_cancellable))
         return 1;
     }
 
@@ -1667,11 +1697,12 @@ g_tls_connection_gnutls_pull_timeout_func (gnutls_transport_ptr_t transport_data
 static GTlsCertificate *
 get_peer_certificate_from_session (GTlsConnectionGnutls *gnutls)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   const gnutls_datum_t *certs;
   GTlsCertificateGnutls *chain;
   unsigned int num_certs;
 
-  certs = gnutls_certificate_get_peers (gnutls->priv->session, &num_certs);
+  certs = gnutls_certificate_get_peers (priv->session, &num_certs);
   if (!certs || !num_certs)
     return NULL;
 
@@ -1740,6 +1771,7 @@ handshake_thread (GTask        *task,
                   GCancellable *cancellable)
 {
   GTlsConnectionGnutls *gnutls = object;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gboolean is_client;
   GError *error = NULL;
   int ret;
@@ -1751,7 +1783,7 @@ handshake_thread (GTask        *task,
 
   timeout = *((gint64 *) task_data);
   start_time = g_get_monotonic_time ();
-  gnutls->priv->started_handshake = FALSE;
+  priv->started_handshake = FALSE;
 
   if (!claim_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE,
                  timeout, cancellable, &error))
@@ -1760,12 +1792,11 @@ handshake_thread (GTask        *task,
       return;
     }
 
-  g_clear_error (&gnutls->priv->handshake_error);
+  g_clear_error (&priv->handshake_error);
 
   is_client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
 
-  if (!is_client && gnutls->priv->ever_handshaked &&
-      !gnutls->priv->implicit_handshake)
+  if (!is_client && priv->ever_handshaked && !priv->implicit_handshake)
     {
       /* Adjust the timeout for the next operation in the sequence. */
       if (timeout > 0)
@@ -1780,13 +1811,13 @@ handshake_thread (GTask        *task,
            * remains positive. */
           timeout_ms = (timeout + 999) / 1000;
 
-          gnutls_handshake_set_timeout (gnutls->priv->session, timeout_ms);
-          gnutls_dtls_set_timeouts (gnutls->priv->session, 1000 /* default */,
+          gnutls_handshake_set_timeout (priv->session, timeout_ms);
+          gnutls_dtls_set_timeouts (priv->session, 1000 /* default */,
                                     timeout_ms);
         }
 
       BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
-      ret = gnutls_rehandshake (gnutls->priv->session);
+      ret = gnutls_rehandshake (priv->session);
       END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
                      _("Error performing TLS handshake"), &error);
 
@@ -1797,10 +1828,10 @@ handshake_thread (GTask        *task,
         }
     }
 
-  gnutls->priv->started_handshake = TRUE;
+  priv->started_handshake = TRUE;
 
-  g_clear_object (&gnutls->priv->peer_certificate);
-  gnutls->priv->peer_certificate_errors = 0;
+  g_clear_object (&priv->peer_certificate);
+  priv->peer_certificate_errors = 0;
 
   g_tls_connection_gnutls_set_handshake_priority (gnutls);
 
@@ -1817,35 +1848,35 @@ handshake_thread (GTask        *task,
        * remains positive. */
       timeout_ms = (timeout + 999) / 1000;
 
-      gnutls_handshake_set_timeout (gnutls->priv->session, timeout_ms);
-      gnutls_dtls_set_timeouts (gnutls->priv->session, 1000 /* default */,
+      gnutls_handshake_set_timeout (priv->session, timeout_ms);
+      gnutls_dtls_set_timeouts (priv->session, 1000 /* default */,
                                 timeout_ms);
     }
 
   BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
-  ret = gnutls_handshake (gnutls->priv->session);
+  ret = gnutls_handshake (priv->session);
   if (ret == GNUTLS_E_GOT_APPLICATION_DATA)
     {
       guint8 buf[1024];
 
       /* Got app data while waiting for rehandshake; buffer it and try again */
-      ret = gnutls_record_recv (gnutls->priv->session, buf, sizeof (buf));
+      ret = gnutls_record_recv (priv->session, buf, sizeof (buf));
       if (ret > -1)
         {
-          if (!gnutls->priv->app_data_buf)
-            gnutls->priv->app_data_buf = g_byte_array_new ();
-          g_byte_array_append (gnutls->priv->app_data_buf, buf, ret);
+          if (!priv->app_data_buf)
+            priv->app_data_buf = g_byte_array_new ();
+          g_byte_array_append (priv->app_data_buf, buf, ret);
           ret = GNUTLS_E_AGAIN;
         }
     }
   END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
                  _("Error performing TLS handshake"), &error);
 
-  if (ret == 0 && gnutls_certificate_type_get (gnutls->priv->session) == GNUTLS_CRT_X509)
+  if (ret == 0 && gnutls_certificate_type_get (priv->session) == GNUTLS_CRT_X509)
     {
-      gnutls->priv->peer_certificate_tmp = get_peer_certificate_from_session (gnutls);
-      if (gnutls->priv->peer_certificate_tmp)
-        gnutls->priv->peer_certificate_errors_tmp = verify_peer_certificate (gnutls, 
gnutls->priv->peer_certificate_tmp);
+      priv->peer_certificate_tmp = get_peer_certificate_from_session (gnutls);
+      if (priv->peer_certificate_tmp)
+        priv->peer_certificate_errors_tmp = verify_peer_certificate (gnutls, priv->peer_certificate_tmp);
       else if (G_IS_TLS_CLIENT_CONNECTION (gnutls))
         {
           g_set_error_literal (&error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
@@ -1861,7 +1892,7 @@ handshake_thread (GTask        *task,
     }
   else
     {
-      gnutls->priv->ever_handshaked = TRUE;
+      priv->ever_handshaked = TRUE;
       g_task_return_boolean (task, TRUE);
     }
 }
@@ -1909,15 +1940,16 @@ finish_handshake (GTlsConnectionGnutls  *gnutls,
                   GTask                 *task,
                   GError               **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsCertificate *peer_certificate;
   GTlsCertificateFlags peer_certificate_errors;
 
   g_assert (error != NULL);
 
-  peer_certificate = gnutls->priv->peer_certificate_tmp;
-  gnutls->priv->peer_certificate_tmp = NULL;
-  peer_certificate_errors = gnutls->priv->peer_certificate_errors_tmp;
-  gnutls->priv->peer_certificate_errors_tmp = 0;
+  peer_certificate = priv->peer_certificate_tmp;
+  priv->peer_certificate_tmp = NULL;
+  peer_certificate_errors = priv->peer_certificate_errors_tmp;
+  priv->peer_certificate_errors_tmp = 0;
 
   if (g_task_propagate_boolean (task, error) && peer_certificate)
     {
@@ -1928,14 +1960,14 @@ finish_handshake (GTlsConnectionGnutls  *gnutls,
                                _("Unacceptable TLS certificate"));
         }
 
-      gnutls->priv->peer_certificate = peer_certificate;
-      gnutls->priv->peer_certificate_errors = peer_certificate_errors;
+      priv->peer_certificate = peer_certificate;
+      priv->peer_certificate_errors = peer_certificate_errors;
       g_object_notify (G_OBJECT (gnutls), "peer-certificate");
       g_object_notify (G_OBJECT (gnutls), "peer-certificate-errors");
     }
 
-  if (*error && gnutls->priv->started_handshake)
-    gnutls->priv->handshake_error = g_error_copy (*error);
+  if (*error && priv->started_handshake)
+    priv->handshake_error = g_error_copy (*error);
 
   return (*error == NULL);
 }
@@ -1991,18 +2023,19 @@ handshake_thread_completed (GObject      *object,
 {
   GTask *caller_task = user_data;
   GTlsConnectionGnutls *gnutls = g_task_get_source_object (caller_task);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GError *error = NULL;
   gboolean need_finish_handshake, success;
 
-  g_mutex_lock (&gnutls->priv->op_mutex);
-  if (gnutls->priv->need_finish_handshake)
+  g_mutex_lock (&priv->op_mutex);
+  if (priv->need_finish_handshake)
     {
       need_finish_handshake = TRUE;
-      gnutls->priv->need_finish_handshake = FALSE;
+      priv->need_finish_handshake = FALSE;
     }
   else
     need_finish_handshake = FALSE;
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  g_mutex_unlock (&priv->op_mutex);
 
   if (need_finish_handshake)
     {
@@ -2012,8 +2045,8 @@ handshake_thread_completed (GObject      *object,
       else
         g_task_return_error (caller_task, error);
     }
-  else if (gnutls->priv->handshake_error)
-    g_task_return_error (caller_task, g_error_copy (gnutls->priv->handshake_error));
+  else if (priv->handshake_error)
+    g_task_return_error (caller_task, g_error_copy (priv->handshake_error));
   else
     g_task_return_boolean (caller_task, TRUE);
 
@@ -2027,17 +2060,18 @@ async_handshake_thread (GTask        *task,
                         GCancellable *cancellable)
 {
   GTlsConnectionGnutls *gnutls = object;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
 
   handshake_thread (task, object, task_data, cancellable);
 
-  g_mutex_lock (&gnutls->priv->op_mutex);
-  gnutls->priv->need_finish_handshake = TRUE;
+  g_mutex_lock (&priv->op_mutex);
+  priv->need_finish_handshake = TRUE;
   /* yield_op will clear handshaking too, but we don't want the
    * connection to be briefly "handshaking && need_finish_handshake"
    * after we unlock the mutex.
    */
-  gnutls->priv->handshaking = FALSE;
-  g_mutex_unlock (&gnutls->priv->op_mutex);
+  priv->handshaking = FALSE;
+  g_mutex_unlock (&priv->op_mutex);
 
   yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE);
 }
@@ -2107,17 +2141,18 @@ do_implicit_handshake (GTlsConnectionGnutls  *gnutls,
                        GCancellable          *cancellable,
                        GError               **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gint64 *thread_timeout = NULL;
 
   /* We have op_mutex */
 
-  g_assert (gnutls->priv->implicit_handshake == NULL);
-  gnutls->priv->implicit_handshake = g_task_new (gnutls, cancellable, NULL, NULL);
-  g_task_set_source_tag (gnutls->priv->implicit_handshake,
+  g_assert (priv->implicit_handshake == NULL);
+  priv->implicit_handshake = g_task_new (gnutls, cancellable, NULL, NULL);
+  g_task_set_source_tag (priv->implicit_handshake,
                          do_implicit_handshake);
 
   thread_timeout = g_new0 (gint64, 1);
-  g_task_set_task_data (gnutls->priv->implicit_handshake,
+  g_task_set_task_data (priv->implicit_handshake,
                         thread_timeout, g_free);
 
   begin_handshake (gnutls);
@@ -2134,15 +2169,15 @@ do_implicit_handshake (GTlsConnectionGnutls  *gnutls,
        * operation is complete or errors. */
       *thread_timeout = timeout;
 
-      g_mutex_unlock (&gnutls->priv->op_mutex);
-      g_task_run_in_thread_sync (gnutls->priv->implicit_handshake,
+      g_mutex_unlock (&priv->op_mutex);
+      g_task_run_in_thread_sync (priv->implicit_handshake,
                                  handshake_thread);
       success = finish_handshake (gnutls,
-                                  gnutls->priv->implicit_handshake,
+                                  priv->implicit_handshake,
                                   &my_error);
-      g_clear_object (&gnutls->priv->implicit_handshake);
+      g_clear_object (&priv->implicit_handshake);
       yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_HANDSHAKE);
-      g_mutex_lock (&gnutls->priv->op_mutex);
+      g_mutex_lock (&priv->op_mutex);
 
       if (my_error)
         g_propagate_error (error, my_error);
@@ -2156,7 +2191,7 @@ do_implicit_handshake (GTlsConnectionGnutls  *gnutls,
        * about. Run the actual operation as blocking in its thread. */
       *thread_timeout = -1;  /* blocking */
 
-      g_task_run_in_thread (gnutls->priv->implicit_handshake,
+      g_task_run_in_thread (priv->implicit_handshake,
                             async_handshake_thread);
 
       g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_WOULD_BLOCK,
@@ -2173,16 +2208,17 @@ g_tls_connection_gnutls_read (GTlsConnectionGnutls  *gnutls,
                               GCancellable          *cancellable,
                               GError               **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gssize ret;
 
-  if (gnutls->priv->app_data_buf && !gnutls->priv->handshaking)
+  if (priv->app_data_buf && !priv->handshaking)
     {
-      ret = MIN (count, gnutls->priv->app_data_buf->len);
-      memcpy (buffer, gnutls->priv->app_data_buf->data, ret);
-      if (ret == gnutls->priv->app_data_buf->len)
-        g_clear_pointer (&gnutls->priv->app_data_buf, g_byte_array_unref);
+      ret = MIN (count, priv->app_data_buf->len);
+      memcpy (buffer, priv->app_data_buf->data, ret);
+      if (ret == priv->app_data_buf->len)
+        g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
       else
-        g_byte_array_remove_range (gnutls->priv->app_data_buf, 0, ret);
+        g_byte_array_remove_range (priv->app_data_buf, 0, ret);
       return ret;
     }
 
@@ -2192,7 +2228,7 @@ g_tls_connection_gnutls_read (GTlsConnectionGnutls  *gnutls,
     return -1;
 
   BEGIN_GNUTLS_IO (gnutls, G_IO_IN, timeout, cancellable);
-  ret = gnutls_record_recv (gnutls->priv->session, buffer, count);
+  ret = gnutls_record_recv (priv->session, buffer, count);
   END_GNUTLS_IO (gnutls, G_IO_IN, ret, _("Error reading data from TLS socket"), error);
 
   yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_READ);
@@ -2238,12 +2274,13 @@ g_tls_connection_gnutls_read_message (GTlsConnectionGnutls  *gnutls,
                                       GCancellable          *cancellable,
                                       GError               **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   guint i;
   gssize ret;
   gnutls_packet_t packet = { 0, };
 
   /* Copy data out of the app data buffer first. */
-  if (gnutls->priv->app_data_buf && !gnutls->priv->handshaking)
+  if (priv->app_data_buf && !priv->handshaking)
     {
       ret = 0;
 
@@ -2252,14 +2289,14 @@ g_tls_connection_gnutls_read_message (GTlsConnectionGnutls  *gnutls,
           gsize count;
           GInputVector *vec = &vectors[i];
 
-          count = MIN (vec->size, gnutls->priv->app_data_buf->len);
+          count = MIN (vec->size, priv->app_data_buf->len);
           ret += count;
 
-          memcpy (vec->buffer, gnutls->priv->app_data_buf->data, count);
-          if (count == gnutls->priv->app_data_buf->len)
-            g_clear_pointer (&gnutls->priv->app_data_buf, g_byte_array_unref);
+          memcpy (vec->buffer, priv->app_data_buf->data, count);
+          if (count == priv->app_data_buf->len)
+            g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
           else
-            g_byte_array_remove_range (gnutls->priv->app_data_buf, 0, count);
+            g_byte_array_remove_range (priv->app_data_buf, 0, count);
         }
 
       return ret;
@@ -2273,7 +2310,7 @@ g_tls_connection_gnutls_read_message (GTlsConnectionGnutls  *gnutls,
   BEGIN_GNUTLS_IO (gnutls, G_IO_IN, timeout, cancellable);
 
   /* Receive the entire datagram (zero-copy). */
-  ret = gnutls_record_recv_packet (gnutls->priv->session, &packet);
+  ret = gnutls_record_recv_packet (priv->session, &packet);
 
   if (ret > 0)
     {
@@ -2381,6 +2418,7 @@ g_tls_connection_gnutls_write (GTlsConnectionGnutls  *gnutls,
                                GCancellable          *cancellable,
                                GError               **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gssize ret;
 
  again:
@@ -2389,7 +2427,7 @@ g_tls_connection_gnutls_write (GTlsConnectionGnutls  *gnutls,
     return -1;
 
   BEGIN_GNUTLS_IO (gnutls, G_IO_OUT, timeout, cancellable);
-  ret = gnutls_record_send (gnutls->priv->session, buffer, count);
+  ret = gnutls_record_send (priv->session, buffer, count);
   END_GNUTLS_IO (gnutls, G_IO_OUT, ret, _("Error writing data to TLS socket"), error);
 
   yield_op (gnutls, G_TLS_CONNECTION_GNUTLS_OP_WRITE);
@@ -2410,6 +2448,7 @@ g_tls_connection_gnutls_write_message (GTlsConnectionGnutls  *gnutls,
                                        GCancellable          *cancellable,
                                        GError               **error)
 {
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   gssize ret;
   guint i;
   gsize total_message_size;
@@ -2423,11 +2462,11 @@ g_tls_connection_gnutls_write_message (GTlsConnectionGnutls  *gnutls,
   for (i = 0, total_message_size = 0; i < num_vectors; i++)
     total_message_size += vectors[i].size;
 
-  if (gnutls->priv->base_socket != NULL &&
-      gnutls_dtls_get_data_mtu (gnutls->priv->session) < total_message_size)
+  if (priv->base_socket != NULL &&
+      gnutls_dtls_get_data_mtu (priv->session) < total_message_size)
     {
       char *message;
-      guint mtu = gnutls_dtls_get_data_mtu (gnutls->priv->session);
+      guint mtu = gnutls_dtls_get_data_mtu (priv->session);
 
       ret = GNUTLS_E_LARGE_PACKET;
       message = g_strdup_printf("%s %s",
@@ -2444,11 +2483,11 @@ g_tls_connection_gnutls_write_message (GTlsConnectionGnutls  *gnutls,
     }
 
   /* Queue up the data from all the vectors. */
-  gnutls_record_cork (gnutls->priv->session);
+  gnutls_record_cork (priv->session);
 
   for (i = 0; i < num_vectors; i++)
     {
-      ret = gnutls_record_send (gnutls->priv->session,
+      ret = gnutls_record_send (priv->session,
                                 vectors[i].buffer, vectors[i].size);
 
       if (ret < 0 || ret < vectors[i].size)
@@ -2460,7 +2499,7 @@ g_tls_connection_gnutls_write_message (GTlsConnectionGnutls  *gnutls,
     }
 
   BEGIN_GNUTLS_IO (gnutls, G_IO_OUT, timeout, cancellable);
-  ret = gnutls_record_uncork (gnutls->priv->session, 0  /* flags */);
+  ret = gnutls_record_uncork (priv->session, 0  /* flags */);
   END_GNUTLS_IO (gnutls, G_IO_OUT, ret, _("Error writing data to TLS socket"), error);
 
  done:
@@ -2543,16 +2582,18 @@ static GInputStream  *
 g_tls_connection_gnutls_get_input_stream (GIOStream *stream)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
 
-  return gnutls->priv->tls_istream;
+  return priv->tls_istream;
 }
 
 static GOutputStream *
 g_tls_connection_gnutls_get_output_stream (GIOStream *stream)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
 
-  return gnutls->priv->tls_ostream;
+  return priv->tls_ostream;
 }
 
 gboolean
@@ -2563,6 +2604,7 @@ g_tls_connection_gnutls_close_internal (GIOStream     *stream,
                                         GError       **error)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (stream);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsConnectionGnutlsOp op;
   gboolean success = TRUE;
   int ret = 0;
@@ -2586,33 +2628,33 @@ g_tls_connection_gnutls_close_internal (GIOStream     *stream,
   if (!claim_op (gnutls, op, timeout, cancellable, error))
     return FALSE;
 
-  if (gnutls->priv->ever_handshaked && !gnutls->priv->write_closed &&
+  if (priv->ever_handshaked && !priv->write_closed &&
       direction & G_TLS_DIRECTION_WRITE)
     {
       BEGIN_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, timeout, cancellable);
-      ret = gnutls_bye (gnutls->priv->session, GNUTLS_SHUT_WR);
+      ret = gnutls_bye (priv->session, GNUTLS_SHUT_WR);
       END_GNUTLS_IO (gnutls, G_IO_IN | G_IO_OUT, ret,
                      _("Error performing TLS close"), &gnutls_error);
 
-      gnutls->priv->write_closed = TRUE;
+      priv->write_closed = TRUE;
     }
 
-  if (!gnutls->priv->read_closed && direction & G_TLS_DIRECTION_READ)
-    gnutls->priv->read_closed = TRUE;
+  if (!priv->read_closed && direction & G_TLS_DIRECTION_READ)
+    priv->read_closed = TRUE;
 
   /* Close the underlying streams. Do this even if the gnutls_bye() call failed,
    * as the parent GIOStream will have set its internal closed flag and hence
    * this implementation will never be called again. */
-  if (gnutls->priv->base_io_stream != NULL)
+  if (priv->base_io_stream != NULL)
     {
       if (direction == G_TLS_DIRECTION_BOTH)
-        success = g_io_stream_close (gnutls->priv->base_io_stream,
+        success = g_io_stream_close (priv->base_io_stream,
                                      cancellable, &stream_error);
       else if (direction & G_TLS_DIRECTION_READ)
-        success = g_input_stream_close (g_io_stream_get_input_stream (gnutls->priv->base_io_stream),
+        success = g_input_stream_close (g_io_stream_get_input_stream (priv->base_io_stream),
                                         cancellable, &stream_error);
       else if (direction & G_TLS_DIRECTION_WRITE)
-        success = g_output_stream_close (g_io_stream_get_output_stream (gnutls->priv->base_io_stream),
+        success = g_output_stream_close (g_io_stream_get_output_stream (priv->base_io_stream),
                                          cancellable, &stream_error);
     }
   else if (g_tls_connection_gnutls_is_dtls (gnutls))
@@ -2780,13 +2822,14 @@ on_pin_prompt_callback (const char     *pinfile,
                         void           *callback_data)
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (callback_data);
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsInteractionResult result;
   GTlsPasswordFlags flags = 0;
   GTlsPassword *password;
   P11KitPin *pin = NULL;
   GError *error = NULL;
 
-  if (!gnutls->priv->interaction)
+  if (!priv->interaction)
     return NULL;
 
   if (pin_flags & P11_KIT_PIN_FLAGS_RETRY)
@@ -2798,7 +2841,7 @@ on_pin_prompt_callback (const char     *pinfile,
 
   password = g_pkcs11_pin_new (flags, pin_description);
 
-  result = g_tls_interaction_ask_password (gnutls->priv->interaction, password,
+  result = g_tls_interaction_ask_password (priv->interaction, password,
                                            g_cancellable_get_current (), &error);
 
   switch (result)
@@ -2830,8 +2873,6 @@ g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass)
   GTlsConnectionClass *connection_class = G_TLS_CONNECTION_CLASS (klass);
   GIOStreamClass *iostream_class = G_IO_STREAM_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsConnectionGnutlsPrivate));
-
   gobject_class->get_property = g_tls_connection_gnutls_get_property;
   gobject_class->set_property = g_tls_connection_gnutls_set_property;
   gobject_class->finalize     = g_tls_connection_gnutls_finalize;
@@ -2887,22 +2928,23 @@ g_tls_connection_gnutls_datagram_based_iface_init (GDatagramBasedInterface *ifac
 }
 
 gboolean
-g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls  *self,
+g_tls_connection_gnutls_request_certificate (GTlsConnectionGnutls  *gnutls,
                                              GError               **error)
 {
   GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
+  GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
   GTlsInteraction *interaction;
   GTlsConnection *conn;
 
-  g_return_val_if_fail (G_IS_TLS_CONNECTION_GNUTLS (self), FALSE);
+  g_return_val_if_fail (G_IS_TLS_CONNECTION_GNUTLS (gnutls), FALSE);
 
-  conn = G_TLS_CONNECTION (self);
+  conn = G_TLS_CONNECTION (gnutls);
 
   interaction = g_tls_connection_get_interaction (conn);
   if (!interaction)
     return FALSE;
 
   res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
-                                                      self->priv->read_cancellable, error);
+                                                      priv->read_cancellable, error);
   return res != G_TLS_INTERACTION_FAILED;
 }
diff --git a/tls/gnutls/gtlsconnection-gnutls.h b/tls/gnutls/gtlsconnection-gnutls.h
index f792911..4c623c2 100644
--- a/tls/gnutls/gtlsconnection-gnutls.h
+++ b/tls/gnutls/gtlsconnection-gnutls.h
@@ -31,15 +31,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_CONNECTION_GNUTLS            (g_tls_connection_gnutls_get_type ())
-#define G_TLS_CONNECTION_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_CONNECTION_GNUTLS, GTlsConnectionGnutls))
-#define G_TLS_CONNECTION_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_CONNECTION_GNUTLS, GTlsConnectionGnutlsClass))
-#define G_IS_TLS_CONNECTION_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_CONNECTION_GNUTLS))
-#define G_IS_TLS_CONNECTION_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_CONNECTION_GNUTLS))
-#define G_TLS_CONNECTION_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_CONNECTION_GNUTLS, GTlsConnectionGnutlsClass))
 
-typedef struct _GTlsConnectionGnutlsPrivate                   GTlsConnectionGnutlsPrivate;
-typedef struct _GTlsConnectionGnutlsClass                     GTlsConnectionGnutlsClass;
-typedef struct _GTlsConnectionGnutls                          GTlsConnectionGnutls;
+G_DECLARE_DERIVABLE_TYPE (GTlsConnectionGnutls, g_tls_connection_gnutls, G, TLS_CONNECTION_GNUTLS, 
GTlsConnection)
 
 struct _GTlsConnectionGnutlsClass
 {
@@ -52,14 +45,6 @@ struct _GTlsConnectionGnutlsClass
                                 GError               **inout_error);
 };
 
-struct _GTlsConnectionGnutls
-{
-  GTlsConnection parent_instance;
-  GTlsConnectionGnutlsPrivate *priv;
-};
-
-GType g_tls_connection_gnutls_get_type (void) G_GNUC_CONST;
-
 gnutls_certificate_credentials_t g_tls_connection_gnutls_get_credentials (GTlsConnectionGnutls *connection);
 gnutls_session_t                 g_tls_connection_gnutls_get_session     (GTlsConnectionGnutls *connection);
 
diff --git a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
index 575d2b7..118e7d2 100644
--- a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
+++ b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
@@ -51,19 +51,21 @@ static const CK_ATTRIBUTE_TYPE KEY_ATTRIBUTE_TYPES[] = {
 
 static void g_tls_database_gnutls_pkcs11_initable_iface_init (GInitableIface *iface);
 
-G_DEFINE_TYPE_WITH_CODE (GTlsDatabaseGnutlsPkcs11, g_tls_database_gnutls_pkcs11,
-                         G_TYPE_TLS_DATABASE_GNUTLS,
-                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                                g_tls_database_gnutls_pkcs11_initable_iface_init));
-
-struct _GTlsDatabaseGnutlsPkcs11Private
+struct _GTlsDatabaseGnutlsPkcs11
 {
+  GTlsDatabaseGnutls parent_instance;
+
   /* no changes after construction */
   CK_FUNCTION_LIST **modules;
   GList *pkcs11_slots;
   GList *trust_uris;
 };
 
+G_DEFINE_TYPE_WITH_CODE (GTlsDatabaseGnutlsPkcs11, g_tls_database_gnutls_pkcs11,
+                         G_TYPE_TLS_DATABASE_GNUTLS,
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_database_gnutls_pkcs11_initable_iface_init));
+
 static gboolean
 discover_module_slots_and_options (GTlsDatabaseGnutlsPkcs11   *self,
                                    CK_FUNCTION_LIST_PTR        module,
@@ -114,7 +116,7 @@ discover_module_slots_and_options (GTlsDatabaseGnutlsPkcs11   *self,
                            "slot-id", list[i],
                            "module", module,
                            NULL);
-      self->priv->pkcs11_slots = g_list_append (self->priv->pkcs11_slots, slot);
+      self->pkcs11_slots = g_list_append (self->pkcs11_slots, slot);
     }
 
   /*
@@ -137,7 +139,7 @@ discover_module_slots_and_options (GTlsDatabaseGnutlsPkcs11   *self,
         }
       else
         {
-          self->priv->trust_uris = g_list_append (self->priv->trust_uris, uri);
+          self->trust_uris = g_list_append (self->trust_uris, uri);
         }
 
       free (string);
@@ -234,16 +236,16 @@ g_tls_database_gnutls_pkcs11_finalize (GObject *object)
   GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (object);
   GList *l;
 
-  for (l = self->priv->pkcs11_slots; l; l = g_list_next (l))
+  for (l = self->pkcs11_slots; l; l = g_list_next (l))
       g_object_unref (l->data);
-  g_list_free (self->priv->pkcs11_slots);
+  g_list_free (self->pkcs11_slots);
 
-  for (l = self->priv->trust_uris; l; l = g_list_next (l))
+  for (l = self->trust_uris; l; l = g_list_next (l))
     p11_kit_uri_free (l->data);
-  g_list_free (self->priv->trust_uris);
+  g_list_free (self->trust_uris);
 
-  if (self->priv->modules)
-    p11_kit_modules_release (self->priv->modules);
+  if (self->modules)
+    p11_kit_modules_release (self->modules);
 
   G_OBJECT_CLASS (g_tls_database_gnutls_pkcs11_parent_class)->finalize (object);
 }
@@ -251,11 +253,6 @@ g_tls_database_gnutls_pkcs11_finalize (GObject *object)
 static void
 g_tls_database_gnutls_pkcs11_init (GTlsDatabaseGnutlsPkcs11 *self)
 {
-
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_TLS_DATABASE_GNUTLS_PKCS11,
-                                            GTlsDatabaseGnutlsPkcs11Private);
-
 }
 
 static gboolean
@@ -363,7 +360,7 @@ enumerate_assertion_exists_in_database (GTlsDatabaseGnutlsPkcs11   *self,
   GPkcs11Slot *slot;
   GList *l, *t;
 
-  for (l = self->priv->pkcs11_slots; l != NULL; l = g_list_next (l))
+  for (l = self->pkcs11_slots; l != NULL; l = g_list_next (l))
     {
       if (g_cancellable_set_error_if_cancelled (cancellable, error))
         return G_PKCS11_ENUMERATE_FAILED;
@@ -372,7 +369,7 @@ enumerate_assertion_exists_in_database (GTlsDatabaseGnutlsPkcs11   *self,
 
       /* We only search for assertions on slots that match the trust-lookup uris */
       slot_matched = FALSE;
-      for (t = self->priv->trust_uris; !slot_matched && t != NULL; t = g_list_next (t))
+      for (t = self->trust_uris; !slot_matched && t != NULL; t = g_list_next (t))
           slot_matched = g_pkcs11_slot_matches_uri (slot, t->data);
       if (!slot_matched)
         continue;
@@ -621,7 +618,7 @@ enumerate_certificates_in_database (GTlsDatabaseGnutlsPkcs11  *self,
   if (flags & ~(G_TLS_DATABASE_LOOKUP_KEYPAIR))
     return G_PKCS11_ENUMERATE_CONTINUE;
 
-  for (l = self->priv->pkcs11_slots; l; l = g_list_next (l))
+  for (l = self->pkcs11_slots; l; l = g_list_next (l))
     {
       if (g_cancellable_set_error_if_cancelled (cancellable, error))
         return G_PKCS11_ENUMERATE_FAILED;
@@ -1074,9 +1071,7 @@ g_tls_database_gnutls_pkcs11_class_init (GTlsDatabaseGnutlsPkcs11Class *klass)
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsDatabaseGnutlsPkcs11Private));
-
-  gobject_class->finalize     = g_tls_database_gnutls_pkcs11_finalize;
+  gobject_class->finalize = g_tls_database_gnutls_pkcs11_finalize;
 
   database_class->create_certificate_handle = g_tls_database_gnutls_pkcs11_create_certificate_handle;
   database_class->lookup_certificate_issuer = g_tls_database_gnutls_pkcs11_lookup_certificate_issuer;
@@ -1096,15 +1091,15 @@ g_tls_database_gnutls_pkcs11_initable_init (GInitable     *initable,
   gboolean any_failure = FALSE;
   guint i;
 
-  g_return_val_if_fail (!self->priv->modules, FALSE);
+  g_return_val_if_fail (!self->modules, FALSE);
 
-  self->priv->modules = p11_kit_modules_load (NULL, 0);
-  if (self->priv->modules == NULL) {
+  self->modules = p11_kit_modules_load (NULL, 0);
+  if (self->modules == NULL) {
     g_set_error_literal (error, G_PKCS11_ERROR, CKR_FUNCTION_FAILED, p11_kit_message ());
     return FALSE;
   }
 
-  for (i = 0; self->priv->modules[i] != NULL; i++)
+  for (i = 0; self->modules[i] != NULL; i++)
     {
       if (g_cancellable_set_error_if_cancelled (cancellable, error))
         {
@@ -1113,7 +1108,7 @@ g_tls_database_gnutls_pkcs11_initable_init (GInitable     *initable,
           break;
         }
 
-      if (discover_module_slots_and_options (self, self->priv->modules[i], &err))
+      if (discover_module_slots_and_options (self, self->modules[i], &err))
         {
           /* A module was setup correctly */
           any_success = TRUE;
diff --git a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h
index a6a5770..7ae710b 100644
--- a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h
+++ b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.h
@@ -34,28 +34,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_DATABASE_GNUTLS_PKCS11            (g_tls_database_gnutls_pkcs11_get_type ())
-#define G_TLS_DATABASE_GNUTLS_PKCS11(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_DATABASE_GNUTLS_PKCS11, GTlsDatabaseGnutlsPkcs11))
-#define G_TLS_DATABASE_GNUTLS_PKCS11_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_DATABASE_GNUTLS_PKCS11, GTlsDatabaseGnutlsPkcs11Class))
-#define G_IS_TLS_DATABASE_GNUTLS_PKCS11(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_DATABASE_GNUTLS_PKCS11))
-#define G_IS_TLS_DATABASE_GNUTLS_PKCS11_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_DATABASE_GNUTLS_PKCS11))
-#define G_TLS_DATABASE_GNUTLS_PKCS11_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_DATABASE_GNUTLS_PKCS11, GTlsDatabaseGnutlsPkcs11Class))
 
-typedef struct _GTlsDatabaseGnutlsPkcs11Private                   GTlsDatabaseGnutlsPkcs11Private;
-typedef struct _GTlsDatabaseGnutlsPkcs11Class                     GTlsDatabaseGnutlsPkcs11Class;
-typedef struct _GTlsDatabaseGnutlsPkcs11                          GTlsDatabaseGnutlsPkcs11;
-
-struct _GTlsDatabaseGnutlsPkcs11Class
-{
-  GTlsDatabaseGnutlsClass parent_class;
-};
-
-struct _GTlsDatabaseGnutlsPkcs11
-{
-  GTlsDatabaseGnutls parent_instance;
-  GTlsDatabaseGnutlsPkcs11Private *priv;
-};
-
-GType                        g_tls_database_gnutls_pkcs11_get_type              (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE (GTlsDatabaseGnutlsPkcs11, g_tls_database_gnutls_pkcs11, G, TLS_DATABASE_GNUTLS_PKCS11, 
GTlsDatabaseGnutls)
 
 GTlsDatabase*                g_tls_database_gnutls_pkcs11_new                   (GError **error);
 
diff --git a/tls/gnutls/gtlsdatabase-gnutls.h b/tls/gnutls/gtlsdatabase-gnutls.h
index 9c1b2a8..0fc6afb 100644
--- a/tls/gnutls/gtlsdatabase-gnutls.h
+++ b/tls/gnutls/gtlsdatabase-gnutls.h
@@ -39,28 +39,14 @@ typedef enum {
 } GTlsDatabaseGnutlsAssertion;
 
 #define G_TYPE_TLS_DATABASE_GNUTLS            (g_tls_database_gnutls_get_type ())
-#define G_TLS_DATABASE_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_DATABASE_GNUTLS, GTlsDatabaseGnutls))
-#define G_TLS_DATABASE_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_TLS_DATABASE_GNUTLS, 
GTlsDatabaseGnutlsClass))
-#define G_IS_TLS_DATABASE_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_DATABASE_GNUTLS))
-#define G_IS_TLS_DATABASE_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_TLS_DATABASE_GNUTLS))
-#define G_TLS_DATABASE_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_DATABASE_GNUTLS, GTlsDatabaseGnutlsClass))
 
-typedef struct _GTlsDatabaseGnutlsPrivate                   GTlsDatabaseGnutlsPrivate;
-typedef struct _GTlsDatabaseGnutlsClass                     GTlsDatabaseGnutlsClass;
-typedef struct _GTlsDatabaseGnutls                          GTlsDatabaseGnutls;
+G_DECLARE_DERIVABLE_TYPE (GTlsDatabaseGnutls, g_tls_database_gnutls, G, TLS_DATABASE_GNUTLS, GTlsDatabase)
 
 struct _GTlsDatabaseGnutlsClass
 {
   GTlsDatabaseClass parent_class;
 };
 
-struct _GTlsDatabaseGnutls
-{
-  GTlsDatabase parent_instance;
-};
-
-GType          g_tls_database_gnutls_get_type              (void) G_GNUC_CONST;
-
 G_END_DECLS
 
 #endif /* __G_TLS_DATABASE_GNUTLS_H___ */
diff --git a/tls/gnutls/gtlsfiledatabase-gnutls.c b/tls/gnutls/gtlsfiledatabase-gnutls.c
index 2a5f194..5a5c965 100644
--- a/tls/gnutls/gtlsfiledatabase-gnutls.c
+++ b/tls/gnutls/gtlsfiledatabase-gnutls.c
@@ -34,25 +34,16 @@
 
 #include "gtlscertificate-gnutls.h"
 
-static void g_tls_file_database_gnutls_file_database_interface_init (GTlsFileDatabaseInterface *iface);
-
-static void g_tls_file_database_gnutls_initable_interface_init (GInitableIface *iface);
-
-G_DEFINE_TYPE_WITH_CODE (GTlsFileDatabaseGnutls, g_tls_file_database_gnutls, G_TYPE_TLS_DATABASE_GNUTLS,
-                         G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
-                                                g_tls_file_database_gnutls_file_database_interface_init);
-                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
-                                                g_tls_file_database_gnutls_initable_interface_init);
-                         );
-
 enum
 {
   PROP_0,
   PROP_ANCHORS,
 };
 
-struct _GTlsFileDatabaseGnutlsPrivate
+struct _GTlsFileDatabaseGnutls
 {
+  GTlsDatabaseGnutls parent_instance;
+
   /* read-only after construct */
   gchar *anchor_filename;
   gnutls_x509_trust_list_t trust_list;
@@ -82,6 +73,17 @@ struct _GTlsFileDatabaseGnutlsPrivate
   GHashTable *handles;
 };
 
+static void g_tls_file_database_gnutls_file_database_interface_init (GTlsFileDatabaseInterface *iface);
+
+static void g_tls_file_database_gnutls_initable_interface_init (GInitableIface *iface);
+
+G_DEFINE_TYPE_WITH_CODE (GTlsFileDatabaseGnutls, g_tls_file_database_gnutls, G_TYPE_TLS_DATABASE_GNUTLS,
+                         G_IMPLEMENT_INTERFACE (G_TYPE_TLS_FILE_DATABASE,
+                                                g_tls_file_database_gnutls_file_database_interface_init);
+                         G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
+                                                g_tls_file_database_gnutls_initable_interface_init);
+                         );
+
 static GHashTable *
 bytes_multi_table_new (void)
 {
@@ -261,16 +263,16 @@ g_tls_file_database_gnutls_finalize (GObject *object)
 {
   GTlsFileDatabaseGnutls *self = G_TLS_FILE_DATABASE_GNUTLS (object);
 
-  g_clear_pointer (&self->priv->subjects, g_hash_table_destroy);
-  g_clear_pointer (&self->priv->issuers, g_hash_table_destroy);
-  g_clear_pointer (&self->priv->complete, g_hash_table_destroy);
-  g_clear_pointer (&self->priv->handles, g_hash_table_destroy);
-  if (self->priv->anchor_filename)
+  g_clear_pointer (&self->subjects, g_hash_table_destroy);
+  g_clear_pointer (&self->issuers, g_hash_table_destroy);
+  g_clear_pointer (&self->complete, g_hash_table_destroy);
+  g_clear_pointer (&self->handles, g_hash_table_destroy);
+  if (self->anchor_filename)
     {
-      g_free (self->priv->anchor_filename);
-      gnutls_x509_trust_list_deinit (self->priv->trust_list, 1);
+      g_free (self->anchor_filename);
+      gnutls_x509_trust_list_deinit (self->trust_list, 1);
     }
-  g_mutex_clear (&self->priv->mutex);
+  g_mutex_clear (&self->mutex);
 
   G_OBJECT_CLASS (g_tls_file_database_gnutls_parent_class)->finalize (object);
 }
@@ -286,7 +288,7 @@ g_tls_file_database_gnutls_get_property (GObject    *object,
   switch (prop_id)
     {
     case PROP_ANCHORS:
-      g_value_set_string (value, self->priv->anchor_filename);
+      g_value_set_string (value, self->anchor_filename);
       break;
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
@@ -313,14 +315,14 @@ g_tls_file_database_gnutls_set_property (GObject      *object,
           return;
         }
 
-      if (self->priv->anchor_filename)
+      if (self->anchor_filename)
         {
-          g_free (self->priv->anchor_filename);
-          gnutls_x509_trust_list_deinit (self->priv->trust_list, 1);
+          g_free (self->anchor_filename);
+          gnutls_x509_trust_list_deinit (self->trust_list, 1);
         }
-      self->priv->anchor_filename = g_strdup (anchor_path);
-      gnutls_x509_trust_list_init (&self->priv->trust_list, 0);
-      gnutls_x509_trust_list_add_trust_file (self->priv->trust_list,
+      self->anchor_filename = g_strdup (anchor_path);
+      gnutls_x509_trust_list_init (&self->trust_list, 0);
+      gnutls_x509_trust_list_add_trust_file (self->trust_list,
                                              anchor_path, NULL,
                                              GNUTLS_X509_FMT_PEM, 0, 0);
       break;
@@ -332,10 +334,7 @@ g_tls_file_database_gnutls_set_property (GObject      *object,
 static void
 g_tls_file_database_gnutls_init (GTlsFileDatabaseGnutls *self)
 {
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_TLS_FILE_DATABASE_GNUTLS,
-                                            GTlsFileDatabaseGnutlsPrivate);
-  g_mutex_init (&self->priv->mutex);
+  g_mutex_init (&self->mutex);
 }
 
 static gchar *
@@ -350,16 +349,16 @@ g_tls_file_database_gnutls_create_certificate_handle (GTlsDatabase    *database,
   der = g_tls_certificate_gnutls_get_bytes (G_TLS_CERTIFICATE_GNUTLS (certificate));
   g_return_val_if_fail (der != NULL, FALSE);
 
-  g_mutex_lock (&self->priv->mutex);
+  g_mutex_lock (&self->mutex);
 
   /* At the same time look up whether this certificate is in list */
-  contains = g_hash_table_lookup (self->priv->complete, der) ? TRUE : FALSE;
+  contains = g_hash_table_lookup (self->complete, der) ? TRUE : FALSE;
 
-  g_mutex_unlock (&self->priv->mutex);
+  g_mutex_unlock (&self->mutex);
 
   /* Certificate is in the database */
   if (contains)
-    handle = create_handle_for_certificate (self->priv->anchor_filename, der);
+    handle = create_handle_for_certificate (self->anchor_filename, der);
 
   g_bytes_unref (der);
   return handle;
@@ -385,18 +384,18 @@ g_tls_file_database_gnutls_lookup_certificate_for_handle (GTlsDatabase
   if (!handle)
     return NULL;
 
-  g_mutex_lock (&self->priv->mutex);
+  g_mutex_lock (&self->mutex);
 
   /* Create the handles table if not already done */
-  if (!self->priv->handles)
-    self->priv->handles = create_handles_array_unlocked (self->priv->anchor_filename,
-                                                         self->priv->complete);
+  if (!self->handles)
+    self->handles = create_handles_array_unlocked (self->anchor_filename,
+                                                   self->complete);
 
-  der = g_hash_table_lookup (self->priv->handles, handle);
+  der = g_hash_table_lookup (self->handles, handle);
   if (der != NULL)
     g_bytes_ref (der);
 
-  g_mutex_unlock (&self->priv->mutex);
+  g_mutex_unlock (&self->mutex);
 
   if (der == NULL)
     return NULL;
@@ -450,9 +449,9 @@ g_tls_file_database_gnutls_lookup_certificate_issuer (GTlsDatabase             *
   subject = g_bytes_new_with_free_func (dn.data, dn.size, gnutls_free, dn.data);
 
   /* Find the full DER value of the certificate */
-  g_mutex_lock (&self->priv->mutex);
-  der = bytes_multi_table_lookup_ref_one (self->priv->subjects, subject);
-  g_mutex_unlock (&self->priv->mutex);
+  g_mutex_lock (&self->mutex);
+  der = bytes_multi_table_lookup_ref_one (self->subjects, subject);
+  g_mutex_unlock (&self->mutex);
 
   g_bytes_unref (subject);
 
@@ -498,9 +497,9 @@ g_tls_file_database_gnutls_lookup_certificates_issued_by (GTlsDatabase
   issuer = g_bytes_new_static (issuer_raw_dn->data, issuer_raw_dn->len);
 
   /* Find the full DER value of the certificate */
-  g_mutex_lock (&self->priv->mutex);
-  ders = bytes_multi_table_lookup_ref_all (self->priv->issuers, issuer);
-  g_mutex_unlock (&self->priv->mutex);
+  g_mutex_lock (&self->mutex);
+  ders = bytes_multi_table_lookup_ref_all (self->issuers, issuer);
+  g_mutex_unlock (&self->mutex);
 
   g_bytes_unref (issuer);
 
@@ -576,7 +575,7 @@ g_tls_file_database_gnutls_verify_chain (GTlsDatabase             *database,
 
   convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
                                        &certs, &certs_length);
-  gerr = gnutls_x509_trust_list_verify_crt (self->priv->trust_list,
+  gerr = gnutls_x509_trust_list_verify_crt (self->trust_list,
                                             certs, certs_length,
                                             0, &gnutls_result, NULL);
 
@@ -616,8 +615,6 @@ g_tls_file_database_gnutls_class_init (GTlsFileDatabaseGnutlsClass *klass)
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GTlsDatabaseClass *database_class = G_TLS_DATABASE_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsFileDatabaseGnutlsPrivate));
-
   gobject_class->get_property = g_tls_file_database_gnutls_get_property;
   gobject_class->set_property = g_tls_file_database_gnutls_set_property;
   gobject_class->finalize     = g_tls_file_database_gnutls_finalize;
@@ -656,8 +653,8 @@ g_tls_file_database_gnutls_initable_init (GInitable     *initable,
                                     (GDestroyNotify)g_bytes_unref,
                                     (GDestroyNotify)g_bytes_unref);
 
-  if (self->priv->anchor_filename)
-    result = load_anchor_file (self->priv->anchor_filename, subjects, issuers,
+  if (self->anchor_filename)
+    result = load_anchor_file (self->anchor_filename, subjects, issuers,
         complete, error);
   else
     result = TRUE;
@@ -667,23 +664,23 @@ g_tls_file_database_gnutls_initable_init (GInitable     *initable,
 
   if (result)
     {
-      g_mutex_lock (&self->priv->mutex);
-      if (!self->priv->subjects)
+      g_mutex_lock (&self->mutex);
+      if (!self->subjects)
         {
-          self->priv->subjects = subjects;
+          self->subjects = subjects;
           subjects = NULL;
         }
-      if (!self->priv->issuers)
+      if (!self->issuers)
         {
-          self->priv->issuers = issuers;
+          self->issuers = issuers;
           issuers = NULL;
         }
-      if (!self->priv->complete)
+      if (!self->complete)
         {
-          self->priv->complete = complete;
+          self->complete = complete;
           complete = NULL;
         }
-      g_mutex_unlock (&self->priv->mutex);
+      g_mutex_unlock (&self->mutex);
     }
 
   if (subjects != NULL)
diff --git a/tls/gnutls/gtlsfiledatabase-gnutls.h b/tls/gnutls/gtlsfiledatabase-gnutls.h
index 86f8a5b..9feccc3 100644
--- a/tls/gnutls/gtlsfiledatabase-gnutls.h
+++ b/tls/gnutls/gtlsfiledatabase-gnutls.h
@@ -34,28 +34,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_FILE_DATABASE_GNUTLS            (g_tls_file_database_gnutls_get_type ())
-#define G_TLS_FILE_DATABASE_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_FILE_DATABASE_GNUTLS, GTlsFileDatabaseGnutls))
-#define G_TLS_FILE_DATABASE_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_FILE_DATABASE_GNUTLS, GTlsFileDatabaseGnutlsClass))
-#define G_IS_TLS_FILE_DATABASE_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_FILE_DATABASE_GNUTLS))
-#define G_IS_TLS_FILE_DATABASE_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_FILE_DATABASE_GNUTLS))
-#define G_TLS_FILE_DATABASE_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_FILE_DATABASE_GNUTLS, GTlsFileDatabaseGnutlsClass))
 
-typedef struct _GTlsFileDatabaseGnutlsPrivate                   GTlsFileDatabaseGnutlsPrivate;
-typedef struct _GTlsFileDatabaseGnutlsClass                     GTlsFileDatabaseGnutlsClass;
-typedef struct _GTlsFileDatabaseGnutls                          GTlsFileDatabaseGnutls;
-
-struct _GTlsFileDatabaseGnutlsClass
-{
-  GTlsDatabaseGnutlsClass parent_class;
-};
-
-struct _GTlsFileDatabaseGnutls
-{
-  GTlsDatabaseGnutls parent_instance;
-  GTlsFileDatabaseGnutlsPrivate *priv;
-};
-
-GType                        g_tls_file_database_gnutls_get_type              (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE (GTlsFileDatabaseGnutls, g_tls_file_database_gnutls, G, TLS_FILE_DATABASE_GNUTLS, 
GTlsDatabaseGnutls)
 
 GTlsDatabase*                g_tls_file_database_gnutls_new                   (const gchar *anchor_file);
 
diff --git a/tls/gnutls/gtlsinputstream-gnutls.c b/tls/gnutls/gtlsinputstream-gnutls.c
index 73462a6..65ca3cb 100644
--- a/tls/gnutls/gtlsinputstream-gnutls.c
+++ b/tls/gnutls/gtlsinputstream-gnutls.c
@@ -25,23 +25,25 @@
 #include "config.h"
 #include "gtlsinputstream-gnutls.h"
 
+struct _GTlsInputStreamGnutls
+{
+  GInputStream parent_instance;
+
+  GWeakRef weak_conn;
+};
+
 static void g_tls_input_stream_gnutls_pollable_iface_init (GPollableInputStreamInterface *iface);
 
 G_DEFINE_TYPE_WITH_CODE (GTlsInputStreamGnutls, g_tls_input_stream_gnutls, G_TYPE_INPUT_STREAM,
                          G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_INPUT_STREAM, 
g_tls_input_stream_gnutls_pollable_iface_init)
                          )
 
-struct _GTlsInputStreamGnutlsPrivate
-{
-  GWeakRef weak_conn;
-};
-
 static void
 g_tls_input_stream_gnutls_dispose (GObject *object)
 {
   GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
 
-  g_weak_ref_set (&stream->priv->weak_conn, NULL);
+  g_weak_ref_set (&stream->weak_conn, NULL);
 
   G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->dispose (object);
 }
@@ -51,7 +53,7 @@ g_tls_input_stream_gnutls_finalize (GObject *object)
 {
   GTlsInputStreamGnutls *stream = G_TLS_INPUT_STREAM_GNUTLS (object);
 
-  g_weak_ref_clear (&stream->priv->weak_conn);
+  g_weak_ref_clear (&stream->weak_conn);
 
   G_OBJECT_CLASS (g_tls_input_stream_gnutls_parent_class)->finalize (object);
 }
@@ -67,7 +69,7 @@ g_tls_input_stream_gnutls_read (GInputStream  *stream,
   GTlsConnectionGnutls *conn;
   gssize ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
   g_return_val_if_fail (conn != NULL, -1);
 
   ret = g_tls_connection_gnutls_read (conn,
@@ -84,7 +86,7 @@ g_tls_input_stream_gnutls_pollable_is_readable (GPollableInputStream *pollable)
   GTlsConnectionGnutls *conn;
   gboolean ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
   g_return_val_if_fail (conn != NULL, FALSE);
 
   ret = g_tls_connection_gnutls_check (conn, G_IO_IN);
@@ -101,7 +103,7 @@ g_tls_input_stream_gnutls_pollable_create_source (GPollableInputStream *pollable
   GTlsConnectionGnutls *conn;
   GSource *ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
   g_return_val_if_fail (conn != NULL, NULL);
 
   ret = g_tls_connection_gnutls_create_source (conn, G_IO_IN, cancellable);
@@ -119,7 +121,7 @@ g_tls_input_stream_gnutls_pollable_read_nonblocking (GPollableInputStream  *poll
   GTlsConnectionGnutls *conn;
   gssize ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
   g_return_val_if_fail (conn != NULL, -1);
 
   ret = g_tls_connection_gnutls_read (conn, buffer, size,
@@ -138,7 +140,7 @@ g_tls_input_stream_gnutls_close (GInputStream            *stream,
   GIOStream *conn;
   gboolean ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
 
   /* Special case here because this is called by the finalize
    * of the main GTlsConnection object.
@@ -168,7 +170,7 @@ close_thread (GTask        *task,
   GError *error = NULL;
   GIOStream *conn;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
 
   if (conn && !g_tls_connection_gnutls_close_internal (conn,
                                                        G_TLS_DIRECTION_READ,
@@ -217,8 +219,6 @@ g_tls_input_stream_gnutls_class_init (GTlsInputStreamGnutlsClass *klass)
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GInputStreamClass *input_stream_class = G_INPUT_STREAM_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsInputStreamGnutlsPrivate));
-
   gobject_class->dispose = g_tls_input_stream_gnutls_dispose;
   gobject_class->finalize = g_tls_input_stream_gnutls_finalize;
 
@@ -239,7 +239,6 @@ g_tls_input_stream_gnutls_pollable_iface_init (GPollableInputStreamInterface *if
 static void
 g_tls_input_stream_gnutls_init (GTlsInputStreamGnutls *stream)
 {
-  stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_INPUT_STREAM_GNUTLS, 
GTlsInputStreamGnutlsPrivate);
 }
 
 GInputStream *
@@ -248,7 +247,7 @@ g_tls_input_stream_gnutls_new (GTlsConnectionGnutls *conn)
   GTlsInputStreamGnutls *tls_stream;
 
   tls_stream = g_object_new (G_TYPE_TLS_INPUT_STREAM_GNUTLS, NULL);
-  g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+  g_weak_ref_init (&tls_stream->weak_conn, conn);
 
   return G_INPUT_STREAM (tls_stream);
 }
diff --git a/tls/gnutls/gtlsinputstream-gnutls.h b/tls/gnutls/gtlsinputstream-gnutls.h
index d398511..ecafa07 100644
--- a/tls/gnutls/gtlsinputstream-gnutls.h
+++ b/tls/gnutls/gtlsinputstream-gnutls.h
@@ -31,28 +31,9 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_INPUT_STREAM_GNUTLS            (g_tls_input_stream_gnutls_get_type ())
-#define G_TLS_INPUT_STREAM_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_INPUT_STREAM_GNUTLS, GTlsInputStreamGnutls))
-#define G_TLS_INPUT_STREAM_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_INPUT_STREAM_GNUTLS, GTlsInputStreamGnutlsClass))
-#define G_IS_TLS_INPUT_STREAM_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_INPUT_STREAM_GNUTLS))
-#define G_IS_TLS_INPUT_STREAM_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_INPUT_STREAM_GNUTLS))
-#define G_TLS_INPUT_STREAM_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_INPUT_STREAM_GNUTLS, GTlsInputStreamGnutlsClass))
-
-typedef struct _GTlsInputStreamGnutlsPrivate GTlsInputStreamGnutlsPrivate;
-typedef struct _GTlsInputStreamGnutlsClass   GTlsInputStreamGnutlsClass;
-typedef struct _GTlsInputStreamGnutls        GTlsInputStreamGnutls;
-
-struct _GTlsInputStreamGnutlsClass
-{
-  GInputStreamClass parent_class;
-};
-
-struct _GTlsInputStreamGnutls
-{
-  GInputStream parent_instance;
-  GTlsInputStreamGnutlsPrivate *priv;
-};
-
-GType         g_tls_input_stream_gnutls_get_type (void) G_GNUC_CONST;
+
+G_DECLARE_FINAL_TYPE (GTlsInputStreamGnutls, g_tls_input_stream_gnutls, G, TLS_INPUT_STREAM_GNUTLS, 
GInputStream)
+
 GInputStream *g_tls_input_stream_gnutls_new      (GTlsConnectionGnutls *conn);
 
 G_END_DECLS
diff --git a/tls/gnutls/gtlsoutputstream-gnutls.c b/tls/gnutls/gtlsoutputstream-gnutls.c
index e21e99c..44b10f7 100644
--- a/tls/gnutls/gtlsoutputstream-gnutls.c
+++ b/tls/gnutls/gtlsoutputstream-gnutls.c
@@ -25,23 +25,25 @@
 #include "config.h"
 #include "gtlsoutputstream-gnutls.h"
 
+struct _GTlsOutputStreamGnutls
+{
+  GOutputStream parent_instance;
+
+  GWeakRef weak_conn;
+};
+
 static void g_tls_output_stream_gnutls_pollable_iface_init (GPollableOutputStreamInterface *iface);
 
 G_DEFINE_TYPE_WITH_CODE (GTlsOutputStreamGnutls, g_tls_output_stream_gnutls, G_TYPE_OUTPUT_STREAM,
                          G_IMPLEMENT_INTERFACE (G_TYPE_POLLABLE_OUTPUT_STREAM, 
g_tls_output_stream_gnutls_pollable_iface_init)
                          )
 
-struct _GTlsOutputStreamGnutlsPrivate
-{
-  GWeakRef weak_conn;
-};
-
 static void
 g_tls_output_stream_gnutls_dispose (GObject *object)
 {
   GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
 
-  g_weak_ref_set (&stream->priv->weak_conn, NULL);
+  g_weak_ref_set (&stream->weak_conn, NULL);
 
   G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->dispose (object);
 }
@@ -51,7 +53,7 @@ g_tls_output_stream_gnutls_finalize (GObject *object)
 {
   GTlsOutputStreamGnutls *stream = G_TLS_OUTPUT_STREAM_GNUTLS (object);
 
-  g_weak_ref_clear (&stream->priv->weak_conn);
+  g_weak_ref_clear (&stream->weak_conn);
 
   G_OBJECT_CLASS (g_tls_output_stream_gnutls_parent_class)->finalize (object);
 }
@@ -67,7 +69,7 @@ g_tls_output_stream_gnutls_write (GOutputStream  *stream,
   GTlsConnectionGnutls *conn;
   gssize ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
   g_return_val_if_fail (conn != NULL, -1);
 
   ret = g_tls_connection_gnutls_write (conn, buffer, count, -1  /* blocking */,
@@ -83,7 +85,7 @@ g_tls_output_stream_gnutls_pollable_is_writable (GPollableOutputStream *pollable
   GTlsConnectionGnutls *conn;
   gboolean ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
   g_return_val_if_fail (conn != NULL, FALSE);
 
   ret = g_tls_connection_gnutls_check (conn, G_IO_OUT);
@@ -101,7 +103,7 @@ g_tls_output_stream_gnutls_pollable_create_source (GPollableOutputStream *pollab
   GTlsConnectionGnutls *conn;
   GSource *ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
   g_return_val_if_fail (conn != NULL, NULL);
 
   ret = g_tls_connection_gnutls_create_source (conn,
@@ -121,7 +123,7 @@ g_tls_output_stream_gnutls_pollable_write_nonblocking (GPollableOutputStream  *p
   GTlsConnectionGnutls *conn;
   gssize ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
   g_return_val_if_fail (conn != NULL, -1);
 
   ret = g_tls_connection_gnutls_write (conn, buffer, size,
@@ -140,7 +142,7 @@ g_tls_output_stream_gnutls_close (GOutputStream            *stream,
   GIOStream *conn;
   gboolean ret;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
 
   /* Special case here because this is called by the finalize
    * of the main GTlsConnection object.
@@ -170,7 +172,7 @@ close_thread (GTask        *task,
   GError *error = NULL;
   GIOStream *conn;
 
-  conn = g_weak_ref_get (&tls_stream->priv->weak_conn);
+  conn = g_weak_ref_get (&tls_stream->weak_conn);
 
   if (conn && !g_tls_connection_gnutls_close_internal (conn,
                                                        G_TLS_DIRECTION_WRITE,
@@ -219,8 +221,6 @@ g_tls_output_stream_gnutls_class_init (GTlsOutputStreamGnutlsClass *klass)
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GOutputStreamClass *output_stream_class = G_OUTPUT_STREAM_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsOutputStreamGnutlsPrivate));
-
   gobject_class->dispose = g_tls_output_stream_gnutls_dispose;
   gobject_class->finalize = g_tls_output_stream_gnutls_finalize;
 
@@ -241,7 +241,6 @@ g_tls_output_stream_gnutls_pollable_iface_init (GPollableOutputStreamInterface *
 static void
 g_tls_output_stream_gnutls_init (GTlsOutputStreamGnutls *stream)
 {
-  stream->priv = G_TYPE_INSTANCE_GET_PRIVATE (stream, G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, 
GTlsOutputStreamGnutlsPrivate);
 }
 
 GOutputStream *
@@ -250,7 +249,7 @@ g_tls_output_stream_gnutls_new (GTlsConnectionGnutls *conn)
   GTlsOutputStreamGnutls *tls_stream;
 
   tls_stream = g_object_new (G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, NULL);
-  g_weak_ref_init (&tls_stream->priv->weak_conn, conn);
+  g_weak_ref_init (&tls_stream->weak_conn, conn);
 
   return G_OUTPUT_STREAM (tls_stream);
 }
diff --git a/tls/gnutls/gtlsoutputstream-gnutls.h b/tls/gnutls/gtlsoutputstream-gnutls.h
index 83497af..e7f40d6 100644
--- a/tls/gnutls/gtlsoutputstream-gnutls.h
+++ b/tls/gnutls/gtlsoutputstream-gnutls.h
@@ -31,28 +31,9 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_OUTPUT_STREAM_GNUTLS            (g_tls_output_stream_gnutls_get_type ())
-#define G_TLS_OUTPUT_STREAM_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, GTlsOutputStreamGnutls))
-#define G_TLS_OUTPUT_STREAM_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, GTlsOutputStreamGnutlsClass))
-#define G_IS_TLS_OUTPUT_STREAM_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_OUTPUT_STREAM_GNUTLS))
-#define G_IS_TLS_OUTPUT_STREAM_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_OUTPUT_STREAM_GNUTLS))
-#define G_TLS_OUTPUT_STREAM_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_OUTPUT_STREAM_GNUTLS, GTlsOutputStreamGnutlsClass))
-
-typedef struct _GTlsOutputStreamGnutlsPrivate GTlsOutputStreamGnutlsPrivate;
-typedef struct _GTlsOutputStreamGnutlsClass   GTlsOutputStreamGnutlsClass;
-typedef struct _GTlsOutputStreamGnutls        GTlsOutputStreamGnutls;
-
-struct _GTlsOutputStreamGnutlsClass
-{
-  GOutputStreamClass parent_class;
-};
-
-struct _GTlsOutputStreamGnutls
-{
-  GOutputStream parent_instance;
-  GTlsOutputStreamGnutlsPrivate *priv;
-};
-
-GType          g_tls_output_stream_gnutls_get_type (void) G_GNUC_CONST;
+
+G_DECLARE_FINAL_TYPE (GTlsOutputStreamGnutls, g_tls_output_stream_gnutls, G, TLS_OUTPUT_STREAM_GNUTLS, 
GOutputStream)
+
 GOutputStream *g_tls_output_stream_gnutls_new      (GTlsConnectionGnutls *conn);
 
 G_END_DECLS
diff --git a/tls/gnutls/gtlsserverconnection-gnutls.c b/tls/gnutls/gtlsserverconnection-gnutls.c
index fad679b..8e323b3 100644
--- a/tls/gnutls/gtlsserverconnection-gnutls.c
+++ b/tls/gnutls/gtlsserverconnection-gnutls.c
@@ -40,6 +40,13 @@ enum
   PROP_AUTHENTICATION_MODE
 };
 
+struct _GTlsServerConnectionGnutls
+{
+  GTlsConnectionGnutls parent_instance;
+
+  GTlsAuthenticationMode authentication_mode;
+};
+
 static void     g_tls_server_connection_gnutls_initable_interface_init (GInitableIface  *iface);
 
 static void g_tls_server_connection_gnutls_server_connection_interface_init (GTlsServerConnectionInterface 
*iface);
@@ -70,18 +77,11 @@ G_DEFINE_TYPE_WITH_CODE (GTlsServerConnectionGnutls, g_tls_server_connection_gnu
                                                 NULL)
 )
 
-struct _GTlsServerConnectionGnutlsPrivate
-{
-  GTlsAuthenticationMode authentication_mode;
-};
-
 static void
 g_tls_server_connection_gnutls_init (GTlsServerConnectionGnutls *gnutls)
 {
   gnutls_certificate_credentials_t creds;
 
-  gnutls->priv = G_TYPE_INSTANCE_GET_PRIVATE (gnutls, G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, 
GTlsServerConnectionGnutlsPrivate);
-
   creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
   gnutls_certificate_set_retrieve_function (creds, g_tls_server_connection_gnutls_retrieve_function);
 }
@@ -126,7 +126,7 @@ g_tls_server_connection_gnutls_get_property (GObject    *object,
   switch (prop_id)
     {
     case PROP_AUTHENTICATION_MODE:
-      g_value_set_enum (value, gnutls->priv->authentication_mode);
+      g_value_set_enum (value, gnutls->authentication_mode);
       break;
       
     default:
@@ -145,7 +145,7 @@ g_tls_server_connection_gnutls_set_property (GObject      *object,
   switch (prop_id)
     {
     case PROP_AUTHENTICATION_MODE:
-      gnutls->priv->authentication_mode = g_value_get_enum (value);
+      gnutls->authentication_mode = g_value_get_enum (value);
       break;
 
     default:
@@ -178,7 +178,7 @@ g_tls_server_connection_gnutls_begin_handshake (GTlsConnectionGnutls *conn)
   gnutls_session_t session;
   gnutls_certificate_request_t req_mode;
 
-  switch (gnutls->priv->authentication_mode)
+  switch (gnutls->authentication_mode)
     {
     case G_TLS_AUTHENTICATION_REQUESTED:
       req_mode = GNUTLS_CERT_REQUEST;
@@ -266,8 +266,6 @@ g_tls_server_connection_gnutls_class_init (GTlsServerConnectionGnutlsClass *klas
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
   GTlsConnectionGnutlsClass *connection_gnutls_class = G_TLS_CONNECTION_GNUTLS_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GTlsServerConnectionGnutlsPrivate));
-
   gobject_class->get_property = g_tls_server_connection_gnutls_get_property;
   gobject_class->set_property = g_tls_server_connection_gnutls_set_property;
 
diff --git a/tls/gnutls/gtlsserverconnection-gnutls.h b/tls/gnutls/gtlsserverconnection-gnutls.h
index e5dbcf3..288dab4 100644
--- a/tls/gnutls/gtlsserverconnection-gnutls.h
+++ b/tls/gnutls/gtlsserverconnection-gnutls.h
@@ -31,28 +31,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_TLS_SERVER_CONNECTION_GNUTLS            (g_tls_server_connection_gnutls_get_type ())
-#define G_TLS_SERVER_CONNECTION_GNUTLS(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), 
G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, GTlsServerConnectionGnutls))
-#define G_TLS_SERVER_CONNECTION_GNUTLS_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), 
G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, GTlsServerConnectionGnutlsClass))
-#define G_IS_TLS_SERVER_CONNECTION_GNUTLS(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), 
G_TYPE_TLS_SERVER_CONNECTION_GNUTLS))
-#define G_IS_TLS_SERVER_CONNECTION_GNUTLS_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), 
G_TYPE_TLS_SERVER_CONNECTION_GNUTLS))
-#define G_TLS_SERVER_CONNECTION_GNUTLS_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), 
G_TYPE_TLS_SERVER_CONNECTION_GNUTLS, GTlsServerConnectionGnutlsClass))
 
-typedef struct _GTlsServerConnectionGnutlsPrivate                   GTlsServerConnectionGnutlsPrivate;
-typedef struct _GTlsServerConnectionGnutlsClass                     GTlsServerConnectionGnutlsClass;
-typedef struct _GTlsServerConnectionGnutls                          GTlsServerConnectionGnutls;
-
-struct _GTlsServerConnectionGnutlsClass
-{
-  GTlsConnectionGnutlsClass parent_class;
-};
-
-struct _GTlsServerConnectionGnutls
-{
-  GTlsConnectionGnutls parent_instance;
-  GTlsServerConnectionGnutlsPrivate *priv;
-};
-
-GType g_tls_server_connection_gnutls_get_type (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE(GTlsServerConnectionGnutls, g_tls_server_connection_gnutls, G, 
TLS_SERVER_CONNECTION_GNUTLS, GTlsConnectionGnutls)
 
 G_END_DECLS
 
diff --git a/tls/pkcs11/gpkcs11pin.c b/tls/pkcs11/gpkcs11pin.c
index 1f5c30c..8bcb4c0 100644
--- a/tls/pkcs11/gpkcs11pin.c
+++ b/tls/pkcs11/gpkcs11pin.c
@@ -39,19 +39,18 @@ enum
   PROP_DESCRIPTION
 };
 
-G_DEFINE_TYPE (GPkcs11Pin, g_pkcs11_pin, G_TYPE_TLS_PASSWORD);
-
-struct _GPkcs11PinPrivate
+struct _GPkcs11Pin
 {
+  GTlsPassword parent_instance;
+
   P11KitPin *pin;
 };
 
+G_DEFINE_TYPE (GPkcs11Pin, g_pkcs11_pin, G_TYPE_TLS_PASSWORD);
+
 static void
 g_pkcs11_pin_init (GPkcs11Pin *self)
 {
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_PKCS11_PIN,
-                                            GPkcs11PinPrivate);
 }
 
 static void
@@ -59,8 +58,8 @@ g_pkcs11_pin_finalize (GObject *object)
 {
   GPkcs11Pin *self = G_PKCS11_PIN (object);
 
-  if (self->priv->pin)
-    p11_kit_pin_unref (self->priv->pin);
+  if (self->pin)
+    p11_kit_pin_unref (self->pin);
 
   G_OBJECT_CLASS (g_pkcs11_pin_parent_class)->finalize (object);
 }
@@ -71,14 +70,14 @@ g_pkcs11_pin_get_value (GTlsPassword  *password,
 {
   GPkcs11Pin *self = G_PKCS11_PIN (password);
 
-  if (!self->priv->pin)
+  if (!self->pin)
     {
       if (length)
         *length = 0;
       return NULL;
     }
 
-  return p11_kit_pin_get_value (self->priv->pin, length);
+  return p11_kit_pin_get_value (self->pin, length);
 }
 
 static void
@@ -89,16 +88,16 @@ g_pkcs11_pin_set_value (GTlsPassword  *password,
 {
   GPkcs11Pin *self = G_PKCS11_PIN (password);
 
-  if (self->priv->pin)
+  if (self->pin)
     {
-      p11_kit_pin_unref (self->priv->pin);
-      self->priv->pin = NULL;
+      p11_kit_pin_unref (self->pin);
+      self->pin = NULL;
     }
 
   if (length < 0)
     length = strlen ((gchar *) value);
 
-  self->priv->pin = p11_kit_pin_new_for_buffer (value, length, destroy);
+  self->pin = p11_kit_pin_new_for_buffer (value, length, destroy);
 }
 
 static const gchar *
@@ -130,8 +129,6 @@ g_pkcs11_pin_class_init (GPkcs11PinClass *klass)
   password_class->get_default_warning = g_pkcs11_pin_get_default_warning;
 
   gobject_class->finalize     = g_pkcs11_pin_finalize;
-
-  g_type_class_add_private (klass, sizeof (GPkcs11PinPrivate));
 }
 
 GTlsPassword *
@@ -156,7 +153,7 @@ g_pkcs11_pin_steal_internal (GPkcs11Pin  *self)
 
   g_return_val_if_fail (G_IS_PKCS11_PIN (self), NULL);
 
-  pin = self->priv->pin;
-  self->priv->pin = NULL;
+  pin = self->pin;
+  self->pin = NULL;
   return pin;
 }
diff --git a/tls/pkcs11/gpkcs11pin.h b/tls/pkcs11/gpkcs11pin.h
index 4110843..5fbb662 100644
--- a/tls/pkcs11/gpkcs11pin.h
+++ b/tls/pkcs11/gpkcs11pin.h
@@ -33,28 +33,8 @@
 G_BEGIN_DECLS
 
 #define G_TYPE_PKCS11_PIN            (g_pkcs11_pin_get_type ())
-#define G_PKCS11_PIN(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_PKCS11_PIN, GPkcs11Pin))
-#define G_PKCS11_PIN_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_PKCS11_PIN, GPkcs11PinClass))
-#define G_IS_PKCS11_PIN(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_PKCS11_PIN))
-#define G_IS_PKCS11_PIN_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_PKCS11_PIN))
-#define G_PKCS11_PIN_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_PKCS11_PIN, GPkcs11PinClass))
 
-typedef struct _GPkcs11PinPrivate                   GPkcs11PinPrivate;
-typedef struct _GPkcs11PinClass                     GPkcs11PinClass;
-typedef struct _GPkcs11Pin                          GPkcs11Pin;
-
-struct _GPkcs11PinClass
-{
-  GTlsPasswordClass parent_class;
-};
-
-struct _GPkcs11Pin
-{
-  GTlsPassword parent_instance;
-  GPkcs11PinPrivate *priv;
-};
-
-GType                   g_pkcs11_pin_get_type        (void) G_GNUC_CONST;
+G_DECLARE_FINAL_TYPE (GPkcs11Pin, g_pkcs11_pin, G, PKCS11_PIN, GTlsPassword)
 
 GTlsPassword *          g_pkcs11_pin_new             (GTlsPasswordFlags  flags,
                                                       const gchar       *description);
diff --git a/tls/pkcs11/gpkcs11slot.c b/tls/pkcs11/gpkcs11slot.c
index 537df4e..9b24dc0 100644
--- a/tls/pkcs11/gpkcs11slot.c
+++ b/tls/pkcs11/gpkcs11slot.c
@@ -45,8 +45,10 @@ enum {
   PROP_SLOT_ID
 };
 
-struct _GPkcs11SlotPrivate
+struct _GPkcs11Slot
 {
+  GObject parent_instance;
+
   /* read-only after construct */
   CK_FUNCTION_LIST_PTR module;
   CK_SLOT_ID slot_id;
@@ -65,7 +67,7 @@ check_if_session_logged_in (GPkcs11Slot        *self,
   CK_SESSION_INFO session_info;
   CK_RV rv;
 
-  rv = (self->priv->module->C_GetSessionInfo) (session, &session_info);
+  rv = (self->module->C_GetSessionInfo) (session, &session_info);
   if (rv != CKR_OK)
     return FALSE;
 
@@ -84,7 +86,7 @@ session_login_protected_auth_path (GPkcs11Slot       *self,
 {
   CK_RV rv;
 
-  rv = (self->priv->module->C_Login) (session, CKU_USER, NULL, 0);
+  rv = (self->module->C_Login) (session, CKU_USER, NULL, 0);
   if (rv == CKR_USER_ALREADY_LOGGED_IN)
     rv = CKR_OK;
   if (g_pkcs11_propagate_error (error, rv))
@@ -135,7 +137,7 @@ session_login_with_pin (GPkcs11Slot          *self,
 
   g_assert (interaction != NULL && password != NULL);
   value = g_tls_password_get_value (password, &length);
-  rv = (self->priv->module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)value, length);
+  rv = (self->module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)value, length);
   g_object_unref (password);
 
   if (rv == CKR_USER_ALREADY_LOGGED_IN)
@@ -167,7 +169,7 @@ session_login_if_necessary (GPkcs11Slot        *self,
         return TRUE;
 
       /* Get the token information, this can change between login attempts */
-      rv = (self->priv->module->C_GetTokenInfo) (self->priv->slot_id, &token_info);
+      rv = (self->module->C_GetTokenInfo) (self->slot_id, &token_info);
       if (g_pkcs11_propagate_error (error, rv))
         return FALSE;
 
@@ -225,20 +227,20 @@ session_checkout_or_open (GPkcs11Slot     *self,
   if (g_cancellable_set_error_if_cancelled (cancellable, error))
     return 0;
 
-  g_mutex_lock (&self->priv->mutex);
+  g_mutex_lock (&self->mutex);
 
-  if (self->priv->last_session)
+  if (self->last_session)
     {
-      session = self->priv->last_session;
-      self->priv->last_session = 0;
+      session = self->last_session;
+      self->last_session = 0;
     }
 
-  g_mutex_unlock (&self->priv->mutex);
+  g_mutex_unlock (&self->mutex);
 
   if (!session)
     {
-      rv = (self->priv->module->C_OpenSession) (self->priv->slot_id, CKF_SERIAL_SESSION,
-                                                NULL, NULL, &session);
+      rv = (self->module->C_OpenSession) (self->slot_id, CKF_SERIAL_SESSION,
+                                          NULL, NULL, &session);
       if (g_pkcs11_propagate_error (error, rv))
         return 0;
     }
@@ -247,7 +249,7 @@ session_checkout_or_open (GPkcs11Slot     *self,
     {
       if (!session_login_if_necessary (self, interaction, session, cancellable, error))
         {
-          (self->priv->module->C_CloseSession) (session);
+          (self->module->C_CloseSession) (session);
           return 0;
         }
     }
@@ -263,7 +265,7 @@ session_close (GPkcs11Slot       *self,
 
   g_assert (session != 0);
 
-  rv = (self->priv->module->C_CloseSession) (session);
+  rv = (self->module->C_CloseSession) (session);
   if (rv != CKR_OK)
     g_warning ("couldn't close pkcs11 session: %s",
                p11_kit_strerror (rv));
@@ -275,15 +277,15 @@ session_checkin_or_close (GPkcs11Slot      *self,
 {
   g_assert (session != 0);
 
-  g_mutex_lock (&self->priv->mutex);
+  g_mutex_lock (&self->mutex);
 
-  if (self->priv->last_session == 0)
+  if (self->last_session == 0)
     {
-      self->priv->last_session = session;
+      self->last_session = session;
       session = 0;
     }
 
-  g_mutex_unlock (&self->priv->mutex);
+  g_mutex_unlock (&self->mutex);
 
   if (session != 0)
     session_close (self, session);
@@ -312,8 +314,8 @@ retrieve_object_attributes (GPkcs11Slot              *self,
     }
 
   /* Get all the required buffer sizes */
-  rv = (self->priv->module->C_GetAttributeValue) (session, object,
-                                                  result->attrs, result->count);
+  rv = (self->module->C_GetAttributeValue) (session, object,
+                                            result->attrs, result->count);
   if (rv == CKR_ATTRIBUTE_SENSITIVE ||
       rv == CKR_ATTRIBUTE_TYPE_INVALID)
     rv = CKR_OK;
@@ -332,8 +334,8 @@ retrieve_object_attributes (GPkcs11Slot              *self,
     }
 
   /* And finally get all the values */
-  rv = (self->priv->module->C_GetAttributeValue) (session, object,
-                                                  result->attrs, result->count);
+  rv = (self->module->C_GetAttributeValue) (session, object,
+                                            result->attrs, result->count);
   if (rv == CKR_ATTRIBUTE_SENSITIVE ||
       rv == CKR_ATTRIBUTE_TYPE_INVALID ||
       rv == CKR_BUFFER_TOO_SMALL)
@@ -350,10 +352,7 @@ retrieve_object_attributes (GPkcs11Slot              *self,
 static void
 g_pkcs11_slot_init (GPkcs11Slot *self)
 {
-  self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
-                                            G_TYPE_PKCS11_SLOT,
-                                            GPkcs11SlotPrivate);
-  g_mutex_init (&self->priv->mutex);
+  g_mutex_init (&self->mutex);
 }
 
 static void
@@ -362,12 +361,12 @@ g_pkcs11_slot_dispose (GObject *object)
   GPkcs11Slot *self = G_PKCS11_SLOT (object);
   CK_SESSION_HANDLE session = 0;
 
-  g_mutex_lock (&self->priv->mutex);
+  g_mutex_lock (&self->mutex);
 
-  session = self->priv->last_session;
-  self->priv->last_session = 0;
+  session = self->last_session;
+  self->last_session = 0;
 
-  g_mutex_unlock (&self->priv->mutex);
+  g_mutex_unlock (&self->mutex);
 
   if (session)
     session_close (self, session);
@@ -380,8 +379,8 @@ g_pkcs11_slot_finalize (GObject *object)
 {
   GPkcs11Slot *self = G_PKCS11_SLOT (object);
 
-  g_assert (self->priv->last_session == 0);
-  g_mutex_clear (&self->priv->mutex);
+  g_assert (self->last_session == 0);
+  g_mutex_clear (&self->mutex);
 
   G_OBJECT_CLASS (g_pkcs11_slot_parent_class)->finalize (object);
 }
@@ -397,11 +396,11 @@ g_pkcs11_slot_get_property (GObject    *object,
   switch (prop_id)
     {
     case PROP_MODULE:
-      g_value_set_pointer (value, self->priv->module);
+      g_value_set_pointer (value, self->module);
       break;
 
     case PROP_SLOT_ID:
-      g_value_set_ulong (value, self->priv->slot_id);
+      g_value_set_ulong (value, self->slot_id);
       break;
 
     default:
@@ -420,12 +419,12 @@ g_pkcs11_slot_set_property (GObject      *object,
   switch (prop_id)
     {
     case PROP_MODULE:
-      self->priv->module = g_value_get_pointer (value);
-      g_assert (self->priv->module);
+      self->module = g_value_get_pointer (value);
+      g_assert (self->module);
       break;
 
     case PROP_SLOT_ID:
-      self->priv->slot_id = g_value_get_ulong (value);
+      self->slot_id = g_value_get_ulong (value);
       break;
 
     default:
@@ -438,8 +437,6 @@ g_pkcs11_slot_class_init (GPkcs11SlotClass *klass)
 {
   GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
 
-  g_type_class_add_private (klass, sizeof (GPkcs11SlotPrivate));
-
   gobject_class->get_property = g_pkcs11_slot_get_property;
   gobject_class->set_property = g_pkcs11_slot_set_property;
   gobject_class->dispose      = g_pkcs11_slot_dispose;
@@ -505,14 +502,14 @@ g_pkcs11_slot_enumerate (GPkcs11Slot             *self,
       return G_PKCS11_ENUMERATE_FAILED;
     }
 
-  rv = (self->priv->module->C_FindObjectsInit) (session, match, match_count);
+  rv = (self->module->C_FindObjectsInit) (session, match, match_count);
 
   while (state == G_PKCS11_ENUMERATE_CONTINUE && rv == CKR_OK &&
          !g_cancellable_is_cancelled (cancellable))
     {
       count = 0;
-      rv = (self->priv->module->C_FindObjects) (session, objects,
-                                                G_N_ELEMENTS (objects), &count);
+      rv = (self->module->C_FindObjects) (session, objects,
+                                          G_N_ELEMENTS (objects), &count);
       if (rv == CKR_OK)
         {
           if (count == 0)
@@ -557,7 +554,7 @@ g_pkcs11_slot_enumerate (GPkcs11Slot             *self,
       state = G_PKCS11_ENUMERATE_FAILED;
     }
 
-  rv = (self->priv->module->C_FindObjectsFinal) (session);
+  rv = (self->module->C_FindObjectsFinal) (session);
   if (rv == CKR_OK)
     session_checkin_or_close (self, session);
   else
@@ -576,7 +573,7 @@ g_pkcs11_slot_get_token_info (GPkcs11Slot       *self,
   g_return_val_if_fail (token_info, FALSE);
 
   memset (token_info, 0, sizeof (CK_TOKEN_INFO));
-  rv = (self->priv->module->C_GetTokenInfo) (self->priv->slot_id, token_info);
+  rv = (self->module->C_GetTokenInfo) (self->slot_id, token_info);
   if (rv == CKR_TOKEN_NOT_PRESENT)
     return FALSE;
 
@@ -602,7 +599,7 @@ g_pkcs11_slot_matches_uri (GPkcs11Slot            *self,
   g_return_val_if_fail (uri, FALSE);
 
   memset (&library, 0, sizeof (library));
-  rv = (self->priv->module->C_GetInfo) (&library);
+  rv = (self->module->C_GetInfo) (&library);
   if (rv != CKR_OK)
     {
       g_warning ("call to C_GetInfo on PKCS#11 module failed: %s",
diff --git a/tls/pkcs11/gpkcs11slot.h b/tls/pkcs11/gpkcs11slot.h
index ad24c17..a57c2a6 100644
--- a/tls/pkcs11/gpkcs11slot.h
+++ b/tls/pkcs11/gpkcs11slot.h
@@ -44,32 +44,12 @@ typedef enum
 } GPkcs11EnumerateState;
 
 #define G_TYPE_PKCS11_SLOT            (g_pkcs11_slot_get_type ())
-#define G_PKCS11_SLOT(inst)           (G_TYPE_CHECK_INSTANCE_CAST ((inst), G_TYPE_PKCS11_SLOT, GPkcs11Slot))
-#define G_PKCS11_SLOT_CLASS(class)    (G_TYPE_CHECK_CLASS_CAST ((class), G_TYPE_PKCS11_SLOT, 
GPkcs11SlotClass))
-#define G_IS_PKCS11_SLOT(inst)        (G_TYPE_CHECK_INSTANCE_TYPE ((inst), G_TYPE_PKCS11_SLOT))
-#define G_IS_PKCS11_SLOT_CLASS(class) (G_TYPE_CHECK_CLASS_TYPE ((class), G_TYPE_PKCS11_SLOT))
-#define G_PKCS11_SLOT_GET_CLASS(inst) (G_TYPE_INSTANCE_GET_CLASS ((inst), G_TYPE_PKCS11_SLOT, 
GPkcs11SlotClass))
 
-typedef struct _GPkcs11SlotPrivate                   GPkcs11SlotPrivate;
-typedef struct _GPkcs11SlotClass                     GPkcs11SlotClass;
-typedef struct _GPkcs11Slot                          GPkcs11Slot;
-
-struct _GPkcs11SlotClass
-{
-  GObjectClass parent_class;
-};
-
-struct _GPkcs11Slot
-{
-  GObject parent_instance;
-  GPkcs11SlotPrivate *priv;
-};
+G_DECLARE_FINAL_TYPE (GPkcs11Slot, g_pkcs11_slot, G, PKCS11_SLOT, GObject)
 
 typedef gboolean             (*GPkcs11Accumulator)            (gpointer result,
                                                                gpointer user_data);
 
-GType                        g_pkcs11_slot_get_type           (void) G_GNUC_CONST;
-
 GPkcs11EnumerateState        g_pkcs11_slot_enumerate          (GPkcs11Slot             *self,
                                                                GTlsInteraction         *interaction,
                                                                CK_ATTRIBUTE_PTR         match,
diff --git a/tls/tests/mock-interaction.c b/tls/tests/mock-interaction.c
index d20f8ba..05d3ce4 100644
--- a/tls/tests/mock-interaction.c
+++ b/tls/tests/mock-interaction.c
@@ -29,6 +29,15 @@
 
 #include "mock-interaction.h"
 
+struct _MockInteraction
+{
+  GTlsInteraction parent_instance;
+
+  gchar *static_password;
+  GTlsCertificate *static_certificate;
+  GError *static_error;
+};
+
 G_DEFINE_TYPE (MockInteraction, mock_interaction, G_TYPE_TLS_INTERACTION);
 
 static void
diff --git a/tls/tests/mock-interaction.h b/tls/tests/mock-interaction.h
index c29b8ca..875207a 100644
--- a/tls/tests/mock-interaction.h
+++ b/tls/tests/mock-interaction.h
@@ -28,30 +28,8 @@
 G_BEGIN_DECLS
 
 #define MOCK_TYPE_INTERACTION         (mock_interaction_get_type ())
-#define MOCK_INTERACTION(o)           (G_TYPE_CHECK_INSTANCE_CAST ((o), MOCK_TYPE_INTERACTION, 
MockInteraction))
-#define MOCK_INTERACTION_CLASS(k)     (G_TYPE_CHECK_CLASS_CAST((k), MOCK_TYPE_INTERACTION, 
MockInteractionClass))
-#define MOCK_IS_INTERACTION(o)        (G_TYPE_CHECK_INSTANCE_TYPE ((o), MOCK_TYPE_INTERACTION))
-#define MOCK_IS_INTERACTION_CLASS(k)  (G_TYPE_CHECK_CLASS_TYPE ((k), MOCK_TYPE_INTERACTION))
-#define MOCK_INTERACTION_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), MOCK_TYPE_INTERACTION, 
MockInteractionClass))
 
-typedef struct _MockInteraction         MockInteraction;
-typedef struct _MockInteractionClass    MockInteractionClass;
-
-struct _MockInteraction
-{
-  GTlsInteraction parent_instance;
-  gchar *static_password;
-  GTlsCertificate *static_certificate;
-  GError *static_error;
-};
-
-struct _MockInteractionClass
-{
-  GTlsInteractionClass parent_class;
-};
-
-
-GType            mock_interaction_get_type   (void);
+G_DECLARE_FINAL_TYPE (MockInteraction, mock_interaction, MOCK, INTERACTION, GTlsInteraction)
 
 GTlsInteraction *mock_interaction_new_static_password       (const gchar *password);
 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]