diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc
index dde755b0c..2dcafd093 100644
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
@@ -2010,7 +2010,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
             if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
             {
                     #ifdef AUTHSSL_DEBUG
-                    fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
+                    fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not accepted : \n");
                     fprintf(stderr, "issuer pgpid : ");
                     fprintf(stderr, "%s\n",pgpid.c_str());
                     fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
@@ -2024,7 +2024,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
 
         } else {
                 #ifdef AUTHSSL_DEBUG
-                fprintf(stderr, "Failing Normal Certificate!!!\n");
+                fprintf(stderr, "A normal certificate is probably a security breach attempt. We sould fail it !!!\n");
                 #endif
                 preverify_ok = false;
         }
diff --git a/libretroshare/src/pqi/p3cfgmgr.cc b/libretroshare/src/pqi/p3cfgmgr.cc
index 5acb40589..cbae5dc2c 100644
--- a/libretroshare/src/pqi/p3cfgmgr.cc
+++ b/libretroshare/src/pqi/p3cfgmgr.cc
@@ -39,7 +39,7 @@ using std::ifstream;
 
 #include "serialiser/rsconfigitems.h"
 
-#define CONFIG_DEBUG 1
+//#define CONFIG_DEBUG 1
 
 
 p3ConfigMgr::p3ConfigMgr(std::string dir, std::string fname, std::string signame)
@@ -633,7 +633,9 @@ bool	p3Config::saveConfiguration()
 		ofstream ofstrm;
 		ifstrm.open(fname.c_str(), std::ifstream::binary);
 
-		std::cerr << "p3config::saveConfiguration() Is file open: " <<  ifstrm.is_open();
+                #ifdef CONFIG_DEBUG
+                std::cerr << "p3config::saveConfiguration() Is file open: " <<  ifstrm.is_open() << std::endl;
+                #endif
 
 		// if file does not exist then open temporay file already created
 		if(!ifstrm.is_open()){
diff --git a/libretroshare/src/pqi/p3connmgr.cc b/libretroshare/src/pqi/p3connmgr.cc
index 42f83b8de..156f90677 100644
--- a/libretroshare/src/pqi/p3connmgr.cc
+++ b/libretroshare/src/pqi/p3connmgr.cc
@@ -2635,41 +2635,40 @@ bool    p3ConnectMgr::setAddressList(std::string id, std::list<IpAddressTimed> I
         #ifdef CONN_DEBUG
                         std::cerr << "p3ConnectMgr::setAddressList() called for id : " << id << std::endl;
         #endif
+
+        RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
+
         /* check if it is our own ip */
         if (id == getOwnId()) {
             ownState.updateIpAddressList(IpAddressTimedList);
             //if we have no ext address from upnp or extAdrFinder, we will use this list for ext ip detection
-            sockaddr_in extAddr;
-            if (!getExtFinderExtAddress(extAddr) && !getUpnpExtAddress(extAddr)) { //TODO fix it
-                IpAddressTimed extractedAddress;
-                if (peerConnectState::extractExtAddress(IpAddressTimedList, extractedAddress)) {
-                    #ifdef CONN_DEBUG
-                                    std::cerr << "p3ConnectMgr::setAddressList() using ip address list to set external addres." << std::endl;
-                    #endif
-                    ownState.currentserveraddr.sin_addr = extractedAddress.ipAddr.sin_addr;
-                    IndicateConfigChanged();
-                } else {
-                    #ifdef CONN_DEBUG
-                                    std::cerr << "p3ConnectMgr::setAddressList() no valuable ext adress found." << std::endl;
-                    #endif
-                }
-            }
+            //useless, already done in network consistency check
+//            sockaddr_in extAddr;
+//            if (!getExtFinderExtAddress(extAddr) && !getUpnpExtAddress(extAddr)) { //TODO fix it
+//                IpAddressTimed extractedAddress;
+//                if (peerConnectState::extractExtAddress(IpAddressTimedList, extractedAddress)) {
+//                    #ifdef CONN_DEBUG
+//                                    std::cerr << "p3ConnectMgr::setAddressList() using ip address list to set external addres." << std::endl;
+//                    #endif
+//                    ownState.currentserveraddr.sin_addr = extractedAddress.ipAddr.sin_addr;
+//                    IndicateConfigChanged();
+//                } else {
+//                    #ifdef CONN_DEBUG
+//                                    std::cerr << "p3ConnectMgr::setAddressList() no valuable ext adress found." << std::endl;
+//                    #endif
+//                }
+//            }
             return true;
         }
 
-        RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
-
         /* check if it is a friend */
 	std::map<std::string, peerConnectState>::iterator it;
 	if (mFriendList.end() == (it = mFriendList.find(id)))
 	{
-		if (mOthersList.end() == (it = mOthersList.find(id)))
-		{
-			#ifdef CONN_DEBUG
-					std::cerr << "p3ConnectMgr::setLocalAddress() cannot add addres info : peer id not found in friend list  id: " << id << std::endl;
-			#endif
-			return false;
-		}
+            #ifdef CONN_DEBUG
+            std::cerr << "p3ConnectMgr::setLocalAddress() cannot add addres info : peer id not found in friend list. id: " << id << std::endl;
+            #endif
+            return false;
 	}
 
 	/* "it" points to peer */
diff --git a/libretroshare/src/pqi/pqissl.cc b/libretroshare/src/pqi/pqissl.cc
index 35d6942f2..2e436f3cd 100644
--- a/libretroshare/src/pqi/pqissl.cc
+++ b/libretroshare/src/pqi/pqissl.cc
@@ -1137,6 +1137,7 @@ int 	pqissl::Authorise_SSL_Connection()
 		reset();
 		return -1;
 	}
+
         std::string certPeerId;
         getX509id(peercert, certPeerId);
         if (certPeerId != PeerId()) {
@@ -1153,39 +1154,6 @@ int 	pqissl::Authorise_SSL_Connection()
 
         accept(ssl_connection, sockfd, remote_addr);
         return 1;
-
-	// save certificate... (and ip locations)
-	// false for outgoing....
-	// we actually connected to remote_addr, 
-	// 	which could be 
-	//      (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
-
-//	bool certCorrect = false;
-//        certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
-//
-//	// check it's the right one.
-//	if (certCorrect)
-//	{
-//		// then okay...
-//		std::ostringstream out;
-//	  	out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
-//  		rslog(RSL_WARNING, pqisslzone, out.str());
-//
-//		accept(ssl_connection, sockfd, remote_addr);
-//		return 1;
-//        }
-//
-//	{
-//		std::ostringstream out;
-//	  	out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
-//		out << " Shutdown. Peer: " << PeerId();
-//  		rslog(RSL_WARNING, pqisslzone, out.str());
-//	}
-
-	// else shutdown ssl connection.
-
-	reset();
-	return 0;
 }
 
 int	pqissl::accept(SSL *ssl, int fd, struct sockaddr_in foreign_addr) // initiate incoming connection.
diff --git a/libretroshare/src/pqi/pqissllistener.cc b/libretroshare/src/pqi/pqissllistener.cc
index 06245ebc2..591c325bb 100644
--- a/libretroshare/src/pqi/pqissllistener.cc
+++ b/libretroshare/src/pqi/pqissllistener.cc
@@ -391,7 +391,7 @@ int	pqissllistenbase::continueSSL(SSL *ssl, struct sockaddr_in remote_addr, bool
 		}
 
 		/* we have failed -> get certificate if possible */
-		Extract_Failed_SSL_Certificate(ssl, &remote_addr);
+                //Extract_Failed_SSL_Certificate(ssl, &remote_addr);
 
 		// other wise delete ssl connection.
 		// kill connection....
@@ -675,33 +675,17 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
   	        pqioutput(PQL_DEBUG_BASIC, pqissllistenzone, out.str());
 	}
 	
-	if (found == false)
-	{
-		std::ostringstream out;
-		out << "No Matching Certificate/Already Connected";
-		out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
-		out << std::endl;
-		out << "pqissllistenbase: Will shut it down!" << std::endl;
-  	        pqioutput(PQL_WARNING, pqissllistenzone, out.str());
-		X509_free(peercert);
-
-		return -1;
+        if (found == false) {
+            std::ostringstream out;
+            out << "Don't accept connection because friend is not found or (probably) already connected";
+            out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
+            out << std::endl;
+            out << "pqissllistenbase: Will shut it down!" << std::endl;
+            pqioutput(PQL_WARNING, pqissllistenzone, out.str());
+            X509_free(peercert);
+            return -1;
 	}
 
-//	/* Certificate consumed! */
-//        bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
-//
-//	if (certKnown == false)
-//	{
-//		std::ostringstream out;
-//		out << "Failed Final Check";
-//		out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
-//		out << std::endl;
-//		out << "pqissllistenbase: Will shut it down!" << std::endl;
-//  	        pqioutput(PQL_WARNING, pqissllistenzone, out.str());
-//		return -1;
-//	}
-
 	pqissl *pqis = it -> second;
 
 	// dont remove from the list of certificates.