diff --git a/Makefile b/Makefile
index 08ca231..76528ff 100644
--- a/Makefile
+++ b/Makefile
@@ -38,8 +38,8 @@ libnss_mxshadow.so.2: libnss_mxshadow.c get_shadow_line.c common.h
 test_server: test_server.c get_shadow_line.c common.h
 	gcc $(CFLAGS) -o test_server test_server.c -l:libssl.a -l:libcrypto.a -lpthread -ldl
 
-test_query_shadow: test_query_shadow.c get_shadow_line.c common.h
-	gcc $(CFLAGS) -o test_query_shadow test_query_shadow.c -l:libssl.a -l:libcrypto.a -lpthread -ldl
+test_query_shadow: test_query_shadow.c
+	gcc $(CFLAGS) -o test_query_shadow test_query_shadow.c
 
 mxshadowsrv: mxshadowsrv.c common.h
 	gcc $(CFLAGS) -o mxshadowsrv mxshadowsrv.c -l:libssl.a -l:libcrypto.a -lpthread -ldl
diff --git a/common.h b/common.h
index 4bdb577..fbe67af 100644
--- a/common.h
+++ b/common.h
@@ -44,7 +44,8 @@ static void __attribute__((unused)) free_string(char **ptr) {
 }
 
 static void __attribute__((unused)) psslerror(char *str) {
-    COMMON_LOG(LOG_ERR, "%s:", str);
+    if (str != NULL && strcmp(str, "") != 0)
+        COMMON_LOG(LOG_ERR, "%s:", str);
     unsigned long ssl_err;
     while ((ssl_err = ERR_get_error())) {
         COMMON_LOG(LOG_ERR, "ssl error: %lud:%s:%s:%s",
@@ -99,8 +100,10 @@ static int __attribute__((unused)) ssl_write_with_timeout(SSL *ssl, int fd, char
         switch (ssl_error) {
             case SSL_ERROR_WANT_READ:
                 status = wait_rd_with_timeout(fd, timeout);
-                if (status == -1)
+                if (status == -1) {
+                    COMMON_LOG(LOG_ERR, "%s: %m", __func__);
                     return -1;
+                }
                 continue;
             case SSL_ERROR_SYSCALL:
                 COMMON_LOG(LOG_ERR, "%s: %m", __func__);
@@ -118,6 +121,7 @@ static int __attribute__((unused)) ssl_write_with_timeout(SSL *ssl, int fd, char
 }
 
 static int __attribute__((unused)) ssl_read_with_timeout(SSL *ssl, int fd, void *buf, size_t num, int timeout){
+    errno = 0;   /* see commit message */
     while (1) {
         int status = SSL_read(ssl, buf, num);
         if (status > 0)
@@ -126,11 +130,13 @@ static int __attribute__((unused)) ssl_read_with_timeout(SSL *ssl, int fd, void
         switch (ssl_error) {
             case SSL_ERROR_WANT_READ:
                 status = wait_rd_with_timeout(fd, timeout);
-                if (status == -1)
+                if (status == -1) {
+                    COMMON_LOG(LOG_ERR, "%s: %m", __func__);
                     return -1;
+                }
                 continue;
             case SSL_ERROR_SYSCALL:
-                if (errno==0) {
+                if (errno == 0) {
                     COMMON_LOG(LOG_ERR, "%s: unexpected EOF from peer", __func__);
                     errno = ECONNABORTED;
                     return -1;
@@ -148,6 +154,7 @@ static int __attribute__((unused)) ssl_read_with_timeout(SSL *ssl, int fd, void
 }
 
 static int __attribute__((unused))  ssl_accept_with_timeout(SSL *ssl, int fd, int timeout) {
+    errno = 0;   /* see commit message */
     while (1) {
         int status = SSL_accept(ssl);
         if (status == 1)
@@ -156,10 +163,17 @@ static int __attribute__((unused))  ssl_accept_with_timeout(SSL *ssl, int fd, in
         switch (ssl_error) {
             case SSL_ERROR_WANT_READ:
                 status = wait_rd_with_timeout(fd, timeout);
-                if (status == -1)
+                if (status == -1) {
+                    COMMON_LOG(LOG_ERR, "%s: %m", __func__);
                     return -1;
+                }
                 continue;
             case SSL_ERROR_SYSCALL:
+                if (errno == 0) {
+                    COMMON_LOG(LOG_ERR, "%s: unexpected EOF from peer", __func__);
+                    errno = ECONNABORTED;
+                    return -1;
+                }
                 COMMON_LOG(LOG_ERR, "%s: %m", __func__);
                 return -1;
             case SSL_ERROR_SSL:
diff --git a/mxshadowsrv.c b/mxshadowsrv.c
index 7e4614b..f926a44 100644
--- a/mxshadowsrv.c
+++ b/mxshadowsrv.c
@@ -25,7 +25,6 @@ static char *map_shadow(char *filename, struct stat *statbufptr) {
     int fd;
     while (1) {
         while (1) {
-            fprintf(stderr, "loading %s\n", filename);
             fd = open(filename, O_RDONLY);
             if (fd != -1)
                 break;
@@ -153,18 +152,13 @@ static void process_client(int socket) {
     if (ssl == NULL) { psslerror("SSL_new"); return; }
     SSL_set_fd(ssl, socket);
     if (ssl_accept_with_timeout(ssl, socket, TIMEOUT) <= 0) {
-        perror("accept");
         return;
     }
 
     char buf[64];
     int len = ssl_read_with_timeout(ssl, socket, buf, sizeof(buf), TIMEOUT);
-    if (len == 0)
+    if (len <= 0 )
         return;
-    if (len < 0) {
-        perror("read");
-        return;
-    }
     if (len == sizeof(buf)) {
         fprintf(stderr, "identifier to long\n");
         SSL_shutdown(ssl);
@@ -181,11 +175,8 @@ static void process_client(int socket) {
     status = pthread_mutex_unlock(&shadow_mutex);
     if (status != 0) { errno = status; perror("pthread_mutex_unlock"); exit(1);}
 
-    if (line_len) {
-        int status = ssl_write_with_timeout(ssl, socket, line, line_len, TIMEOUT);
-        if (status == -1)
-            perror("write");
-    }
+    if (line_len)
+        ssl_write_with_timeout(ssl, socket, line, line_len, TIMEOUT);
     SSL_shutdown(ssl);
 }
 
@@ -193,7 +184,7 @@ static void *client_thread(void *arg) {
 
     while (1) {
 #ifdef DEBUG_MAX_CONNECTS
-        if ( __sync_fetch_and_sub(&debug_remaining_connects, 1) <= 0)
+        if ( __atomic_fetch_sub(&debug_remaining_connects, 1, __ATOMIC_RELAXED) <= 0)
             return NULL;
 #endif
         int _cleanup_(free_fd) socket = accept4(listen_socket, NULL, NULL, SOCK_NONBLOCK);