diff --git a/include/libbb.h b/include/libbb.h
index bc1453e12..69f76cbb3 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -962,7 +962,7 @@ static inline tls_state_t *new_tls_state(void)
 	tls_state_t *tls = xzalloc(sizeof(*tls));
 	return tls;
 }
-void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC;
+//void tls_handshake(tls_state_t *tls, const char *sni) FAST_FUNC;
 #define TLSLOOP_EXIT_ON_LOCAL_EOF (1 << 0)
 void tls_run_copy_loop(tls_state_t *tls, unsigned flags) FAST_FUNC;
 
diff --git a/networking/tls.c b/networking/tls.c
index 9f1dd67ec..7e8da6df2 100644
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -2221,6 +2221,7 @@ static void send_client_finished(tls_state_t *tls)
 	xwrite_encrypted(tls, sizeof(*record), RECORD_TYPE_HANDSHAKE);
 }
 
+/*
 void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
 {
 	// Client              RFC 5246                Server
@@ -2291,8 +2292,8 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
 		// defined in Section 7.4.2."
 		// (i.e. the same format as server certs)
 
-		/*send_empty_client_cert(tls); - WRONG (breaks handshake hash calc) */
-		/* need to hash _all_ server replies first, up to ServerHelloDone */
+		//send_empty_client_cert(tls); - WRONG (breaks handshake hash calc)
+		//need to hash _all_ server replies first, up to ServerHelloDone
 		len = tls_xread_handshake_block(tls, 4);
 	}
 
@@ -2308,13 +2309,13 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
 	send_client_key_exchange(tls);
 
 	send_change_cipher_spec(tls);
-	/* from now on we should send encrypted */
-	/* tls->write_seq64_be = 0; - already is */
+	// from now on we should send encrypted
+	// tls->write_seq64_be = 0; - already is
 	tls->flags |= ENCRYPT_ON_WRITE;
 
 	send_client_finished(tls);
 
-	/* Get CHANGE_CIPHER_SPEC */
+	// Get CHANGE_CIPHER_SPEC
 	len = tls_xread_record(tls, "switch to encrypted traffic");
 	if (len != 1 || memcmp(tls->inbuf, rec_CHANGE_CIPHER_SPEC, 6) != 0)
 		bad_record_die(tls, "switch to encrypted traffic", len);
@@ -2327,29 +2328,29 @@ void FAST_FUNC tls_handshake(tls_state_t *tls, const char *sni)
 	} else
 	if (!(tls->flags & ENCRYPTION_AESGCM)) {
 		unsigned mac_blocks = (unsigned)(TLS_MAC_SIZE(tls) + AES_BLOCK_SIZE-1) / AES_BLOCK_SIZE;
-		/* all incoming packets now should be encrypted and have
-		 * at least IV + (MAC padded to blocksize):
-		 */
+		// all incoming packets now should be encrypted and have
+		// at least IV + (MAC padded to blocksize):
 		tls->min_encrypted_len_on_read = AES_BLOCK_SIZE + (mac_blocks * AES_BLOCK_SIZE);
 	} else {
 		tls->min_encrypted_len_on_read = 8 + AES_BLOCK_SIZE;
 	}
 	dbg("min_encrypted_len_on_read: %u\n", tls->min_encrypted_len_on_read);
 
-	/* Get (encrypted) FINISHED from the server */
+	// Get (encrypted) FINISHED from the server
 	len = tls_xread_record(tls, "'server finished'");
 	if (len < 4 || tls->inbuf[RECHDR_LEN] != HANDSHAKE_FINISHED)
 		bad_record_die(tls, "'server finished'", len);
 	dbg("<< FINISHED\n");
-	/* application data can be sent/received */
+	// application data can be sent/received
 
-	/* free handshake data */
+	// free handshake data
 	psRsaKey_clear(&tls->hsd->server_rsa_pub_key);
 //	if (PARANOIA)
 //		memset(tls->hsd, 0, tls->hsd->hsd_size);
 	free(tls->hsd);
 	tls->hsd = NULL;
 }
+*/
 
 static void tls_xwrite(tls_state_t *tls, int len)
 {
diff --git a/networking/wget.c b/networking/wget.c
index 6a64836fb..6a82f1fa4 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -689,6 +689,7 @@ static void reset_beg_range_to_zero(void)
 }
 
 #if ENABLE_FEATURE_WGET_OPENSSL
+# if !ENABLE_PLATFORM_MINGW32
 static int spawn_https_helper_openssl(const char *host, unsigned port)
 {
 	char *allocated = NULL;
@@ -777,6 +778,34 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
 # endif
 	return sp[0];
 }
+# else
+#include <tls.h>
+static int spawn_https_helper_openssl(const char *host, unsigned port)
+{
+		char* allocated = NULL;
+        int fd1;
+        char *servername, *p, *cmd;
+		int sp[2];
+        if(!strchr(host,":"))
+                host = allocated = xasprintf("%s:%u",host,port);
+        servername = xstrdup(host);
+        fflush_all();
+
+        struct tls *ctx = tls_client();
+        if(ctx == NULL)
+                bb_error_msg_and_die("Out of memory");
+        struct tls_config *config = tls_config_new();
+        if(config == NULL)
+                bb_error_msg_and_die("Out of memory");
+        if(tls_configure(ctx,config) != 0)
+                bb_error_msg_and_die("Failed to configure client");
+        tls_connect_fds(ctx,sp[0],sp[1],servername);
+        close(sp[1]);
+		free(allocated);
+		free(servername);
+        return sp[0];
+}
+# endif
 #endif
 
 #if ENABLE_FEATURE_WGET_HTTPS
diff --git a/scripts/trylink b/scripts/trylink
index 2456252a3..6186284f1 100755
--- a/scripts/trylink
+++ b/scripts/trylink
@@ -84,7 +84,8 @@ A_FILES="$6"
 # a real utmp library in LDLIBS, dropping it "works" but resulting binary
 # does not work properly).
 LDLIBS="$7"
-CONFIG_EXTRA_LDLIBS="$8"
+shift 7
+CONFIG_EXTRA_LDLIBS="$@"
 
 # The --sort-section option is not supported by older versions of ld
 SORT_SECTION="-Wl,--sort-section,alignment"
diff --git a/win32/mingw.c b/win32/mingw.c
index 87e7ca602..7bad3e4fa 100644
--- a/win32/mingw.c
+++ b/win32/mingw.c
@@ -1214,11 +1214,13 @@ elevation_state(void)
 	return elevated | (enabled << 1);
 }
 
+/*
 int getuid(void)
 {
 	return elevation_state() == (ELEVATED_PRIVILEGE | ADMIN_ENABLED) ?
 				0 : DEFAULT_UID;
 }
+*/
 
 struct passwd *getpwnam(const char *name)
 {