diff --git a/base64.c b/base64.c
new file mode 100644
index 0000000..66b48ab
--- /dev/null
+++ b/base64.c
@@ -0,0 +1,170 @@
+/*
+ * SSLsplit - transparent and scalable SSL/TLS interception
+ * Copyright (c) 2009-2012, Daniel Roethlisberger <daniel@roe.ch>
+ * All rights reserved.
+ * http://www.roe.ch/SSLsplit
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice unmodified, this list of conditions, and the following
+ *    disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+
+/*
+ * Base64 decode insz bytes from in.
+ * Returns allocated buffer containing outsz bytes, not null terminated.
+ * If in does not contain valid Base64 encoded data, returns NULL.
+ * This is a very strict implementation.  Any characters not within the
+ * Base64 alphabet are considered invalid, including newline and whitespace.
+ */
+unsigned char *
+base64_dec(const char *in, size_t insz, size_t *outsz)
+{
+	static const int revalphabet[] = {
+		-1, -1, -1, -1, -1, -1, -1, -1,   /*   0 ..   7 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /*   8 ..  15 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /*  16 ..  23 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /*  24 ..  31 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /*  32 ..  39 */
+		-1, -1, -1, 62, -1, -1, -1, 63,   /*  40 ..  47 */
+		52, 53, 54, 55, 56, 57, 58, 59,   /*  48  .. 55 */
+		60, 61, -1, -1, -1, -1, -1, -1,   /*  56 ..  63 */
+		-1,  0,  1,  2,  3,  4,  5,  6,   /*  64 ..  71 */
+		 7,  8,  9, 10, 11, 12, 13, 14,   /*  72 ..  79 */
+		15, 16, 17, 18, 19, 20, 21, 22,   /*  80 ..  87 */
+		23, 24, 25, -1, -1, -1, -1, -1,   /*  88 ..  95 */
+		-1, 26, 27, 28, 29, 30, 31, 32,   /*  96 .. 103 */
+		33, 34, 35, 36, 37, 38, 39, 40,   /* 104 .. 111 */
+		41, 42, 43, 44, 45, 46, 47, 48,   /* 112 .. 119 */
+		49, 50, 51, -1, -1, -1, -1, -1,   /* 120 .. 127 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 128 .. 135 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 136 .. 143 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 144 .. 151 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 152 .. 159 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 160 .. 167 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 168 .. 175 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 176 .. 183 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 184 .. 191 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 192 .. 199 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 200 .. 207 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 208 .. 215 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 216 .. 223 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 224 .. 231 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 232 .. 239 */
+		-1, -1, -1, -1, -1, -1, -1, -1,   /* 240 .. 247 */
+		-1, -1, -1, -1, -1, -1, -1, -1 }; /* 248 .. 255 */
+	size_t i, o;
+	int tmp, digit;
+	unsigned char *out;
+
+	if (insz % 4)
+		return NULL;
+
+	if (in[insz - 2] == '=')
+		*outsz = ((insz / 4) * 3) - 2;
+	else if (in[insz - 1] == '=')
+		*outsz = ((insz / 4) * 3) - 1;
+	else
+		*outsz = (insz / 4) * 3;
+	if (!(out = malloc(*outsz))) {
+		*outsz = 0;
+		return NULL;
+	}
+
+	for (i = 0, o = 0; i < insz; i += 4, o += 3) {
+		if ((digit = revalphabet[(unsigned char)in[i    ]]) == -1)
+			goto leave;
+		tmp  = digit << 18;
+		if ((digit = revalphabet[(unsigned char)in[i + 1]]) == -1)
+			goto leave;
+		tmp += digit << 12;
+		if ((digit = revalphabet[(unsigned char)in[i + 2]]) == -1) {
+			if ((i == insz - 4) && (in[i + 2] == '='))
+				digit = 0;
+			else
+				goto leave;
+		}
+		tmp += digit <<  6;
+		if ((digit = revalphabet[(unsigned char)in[i + 3]]) == -1) {
+			if ((i == insz - 4) && (in[i + 3] == '='))
+				digit = 0;
+			else
+				goto leave;
+		}
+		tmp += digit;
+			out[o    ] = (tmp >> 16) & 0xff;
+		if (o + 1 < *outsz)
+			out[o + 1] = (tmp >>  8) & 0xff;
+		if (o + 2 < *outsz)
+			out[o + 2] =  tmp        & 0xff;
+	}
+	return out;
+
+leave:
+	free(out);
+	return NULL;
+}
+
+/*
+ * Base64 encode insz bytes from in.
+ * Returns allocated buffer containing outsz bytes, not null terminated.
+ */
+char *
+base64_enc(const unsigned char *in, size_t insz, size_t *outsz)
+{
+	static const int alphabet[] = {
+		'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+		'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+		'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+		'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+		'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+		'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+		'w', 'x', 'y', 'z', '0', '1', '2', '3',
+		'4', '5', '6', '7', '8', '9', '+', '/' };
+	size_t i, o;
+	int tmp;
+	char *out;
+
+	*outsz = ((insz + 2) / 3) * 4;
+	if (!(out = malloc(*outsz))) {
+		*outsz = 0;
+		return NULL;
+	}
+
+	for (i = 0, o = 0; i < insz; i += 3, o += 4) {
+			tmp  = in[i    ] << 16;
+		if (i + 1 < insz)
+			tmp += in[i + 1] <<  8;
+		if (i + 2 < insz)
+			tmp += in[i + 2];
+		out[o    ] = alphabet[(tmp >> 18) & 0x3f];
+		out[o + 1] = alphabet[(tmp >> 12) & 0x3f];
+		out[o + 2] = alphabet[(tmp >>  6) & 0x3f];
+		out[o + 3] = alphabet[ tmp        & 0x3f];
+		if (i + 2 > insz)
+			out[o + 2] = '=';
+		if (i + 3 > insz)
+			out[o + 3] = '=';
+	}
+	return out;
+}
+
+/* vim: set noet ft=c: */
diff --git a/base64.h b/base64.h
new file mode 100644
index 0000000..5d81f64
--- /dev/null
+++ b/base64.h
@@ -0,0 +1,39 @@
+/*
+ * SSLsplit - transparent and scalable SSL/TLS interception
+ * Copyright (c) 2009-2012, Daniel Roethlisberger <daniel@roe.ch>
+ * All rights reserved.
+ * http://www.roe.ch/SSLsplit
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice unmodified, this list of conditions, and the following
+ *    disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BASE64_H
+#define BASE64_H
+
+#include "attrib.h"
+
+unsigned char * base64_dec(const char *, size_t, size_t *) NONNULL() MALLOC;
+char * base64_enc(const unsigned char *, size_t, size_t *) NONNULL() MALLOC;
+
+#endif /* !BASE64_H */
+
+/* vim: set noet ft=c: */
diff --git a/base64.t b/base64.t
new file mode 100644
index 0000000..27f4bd7
--- /dev/null
+++ b/base64.t
@@ -0,0 +1,326 @@
+/*
+ * SSLsplit - transparent and scalable SSL/TLS interception
+ * Copyright (c) 2009-2012, Daniel Roethlisberger <daniel@roe.ch>
+ * All rights reserved.
+ * http://www.roe.ch/SSLsplit
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice unmodified, this list of conditions, and the following
+ *    disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <check.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "base64.h"
+
+static const char *plain01 = "any carnal pleasure.";
+static const char *plain02 = "any carnal pleasure";
+static const char *plain03 = "any carnal pleasur";
+static const char *plain04 = "any carnal pleasu";
+static const char *plain05 = "any carnal pleas";
+
+static const char *coded01 = "YW55IGNhcm5hbCBwbGVhc3VyZS4=";
+static const char *coded02 = "YW55IGNhcm5hbCBwbGVhc3VyZQ==";
+static const char *coded03 = "YW55IGNhcm5hbCBwbGVhc3Vy";
+static const char *coded04 = "YW55IGNhcm5hbCBwbGVhc3U=";
+static const char *coded05 = "YW55IGNhcm5hbCBwbGVhcw==";
+
+static const char *coded06 = "YW55=GNhcm5hbCBwbGVhcw==";
+static const char *coded07 = "YW55I=Nhcm5hbCBwbGVhcw==";
+static const char *coded08 = "YW55IG=hcm5hbCBwbGVhcw==";
+static const char *coded09 = "YW55IGN=cm5hbCBwbGVhcw==";
+static const char *coded10 = "YW55\nGNhcm5hbCBwbGVhcw==";
+static const char *coded11 = "YW55 GNhcm5hbCBwbGVhcw==";
+static const char *coded12 = "YW55-GNhcm5hbCBwbGVhcw==";
+static const char *coded13 = "YW55%GNhcm5hbCBwbGVhcw==";
+static const char *coded14 = "YW55IGNhcm5hbCBwbGVhcw=";
+static const char *coded15 = "YW55IGNhcm5hbCBwbGVhcw";
+
+START_TEST(base64_enc_01)
+{
+	char *buf;
+	size_t sz;
+
+	buf = base64_enc((unsigned char *)plain01, strlen(plain01), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(coded01), "wrong length");
+	fail_unless(!memcmp(coded01, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_enc_02)
+{
+	char *buf;
+	size_t sz;
+
+	buf = base64_enc((unsigned char *)plain02, strlen(plain02), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(coded02), "wrong length");
+	fail_unless(!memcmp(coded02, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_enc_03)
+{
+	char *buf;
+	size_t sz;
+
+	buf = base64_enc((unsigned char *)plain03, strlen(plain03), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(coded03), "wrong length");
+	fail_unless(!memcmp(coded03, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_enc_04)
+{
+	char *buf;
+	size_t sz;
+
+	buf = base64_enc((unsigned char *)plain04, strlen(plain04), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(coded04), "wrong length");
+	fail_unless(!memcmp(coded04, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_enc_05)
+{
+	char *buf;
+	size_t sz;
+
+	buf = base64_enc((unsigned char *)plain05, strlen(plain05), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(coded05), "wrong length");
+	fail_unless(!memcmp(coded05, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_dec_01)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded01, strlen(coded01), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(plain01), "wrong length");
+	fail_unless(!memcmp(plain01, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_dec_02)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded02, strlen(coded02), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(plain02), "wrong length");
+	fail_unless(!memcmp(plain02, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_dec_03)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded03, strlen(coded03), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(plain03), "wrong length");
+	fail_unless(!memcmp(plain03, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_dec_04)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded04, strlen(coded04), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(plain04), "wrong length");
+	fail_unless(!memcmp(plain04, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_dec_05)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded05, strlen(coded05), &sz);
+	fail_unless(!!buf, "no buffer returned");
+	fail_unless(sz == strlen(plain05), "wrong length");
+	fail_unless(!memcmp(plain05, buf, sz), "wrong data");
+	free(buf);
+}
+END_TEST
+
+START_TEST(base64_dec_06)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded06, strlen(coded06), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+START_TEST(base64_dec_07)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded07, strlen(coded07), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+START_TEST(base64_dec_08)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded08, strlen(coded08), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+START_TEST(base64_dec_09)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded09, strlen(coded09), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+START_TEST(base64_dec_10)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded10, strlen(coded10), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+START_TEST(base64_dec_11)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded11, strlen(coded11), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+START_TEST(base64_dec_12)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded12, strlen(coded12), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+START_TEST(base64_dec_13)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded13, strlen(coded13), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+START_TEST(base64_dec_14)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded14, strlen(coded14), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+START_TEST(base64_dec_15)
+{
+	unsigned char *buf;
+	size_t sz;
+
+	buf = base64_dec(coded15, strlen(coded15), &sz);
+	fail_unless(!buf, "buffer returned");
+}
+END_TEST
+
+Suite *
+base64_suite(void)
+{
+	Suite *s;
+	TCase *tc;
+
+	s = suite_create("base64");
+
+	tc = tcase_create("base64_enc");
+	tcase_add_test(tc, base64_enc_01);
+	tcase_add_test(tc, base64_enc_02);
+	tcase_add_test(tc, base64_enc_03);
+	tcase_add_test(tc, base64_enc_04);
+	tcase_add_test(tc, base64_enc_05);
+	suite_add_tcase(s, tc);
+
+	tc = tcase_create("base64_dec");
+	tcase_add_test(tc, base64_dec_01);
+	tcase_add_test(tc, base64_dec_02);
+	tcase_add_test(tc, base64_dec_03);
+	tcase_add_test(tc, base64_dec_04);
+	tcase_add_test(tc, base64_dec_05);
+	tcase_add_test(tc, base64_dec_06);
+	tcase_add_test(tc, base64_dec_07);
+	tcase_add_test(tc, base64_dec_08);
+	tcase_add_test(tc, base64_dec_09);
+	tcase_add_test(tc, base64_dec_10);
+	tcase_add_test(tc, base64_dec_11);
+	tcase_add_test(tc, base64_dec_12);
+	tcase_add_test(tc, base64_dec_13);
+	tcase_add_test(tc, base64_dec_14);
+	tcase_add_test(tc, base64_dec_15);
+	suite_add_tcase(s, tc);
+
+	return s;
+}
+
+/* vim: set noet ft=c: */
diff --git a/main.t b/main.t
index 18f0192..11766d5 100644
--- a/main.t
+++ b/main.t
@@ -73,6 +73,7 @@ Suite * cachedsess_suite(void);
 Suite * cachessess_suite(void);
 Suite * ssl_suite(void);
 Suite * sys_suite(void);
+Suite * base64_suite(void);
 
 int
 main(UNUSED int argc, UNUSED char *argv[])
@@ -91,6 +92,7 @@ main(UNUSED int argc, UNUSED char *argv[])
 	srunner_add_suite(sr, cachessess_suite());
 	srunner_add_suite(sr, ssl_suite());
 	srunner_add_suite(sr, sys_suite());
+	srunner_add_suite(sr, base64_suite());
 	srunner_run_all(sr, CK_NORMAL);
 	nfail = srunner_ntests_failed(sr);
 	srunner_free(sr);