diff --git a/scripts/bin2sql.c b/scripts/bin2sql.c
index 8bc72f842..ce5e600a3 100644
--- a/scripts/bin2sql.c
+++ b/scripts/bin2sql.c
@@ -6,7 +6,6 @@
  */
 int main(int argc, char *argv[])
 {
-	int end = 0;
 	unsigned char byte;
 
 	printf("X'");
@@ -14,7 +13,6 @@ int main(int argc, char *argv[])
 	{
 		if (fread(&byte, 1, 1, stdin) != 1)
 		{
-			end = 1;
 			break;
 		}
 		printf("%02x", (unsigned int)byte);
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index 796e455a7..6aa771ef0 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -322,9 +322,7 @@ void libcharon_deinit()
  */
 bool libcharon_init()
 {
-	private_daemon_t *this;
-
-	this = daemon_create();
+	daemon_create();
 
 	/* for uncritical pseudo random numbers */
 	srandom(time(NULL) + getpid());
diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c
index db20d052f..89464ac3d 100644
--- a/src/libcharon/encoding/payloads/sa_payload.c
+++ b/src/libcharon/encoding/payloads/sa_payload.c
@@ -106,7 +106,6 @@ METHOD(payload_t, verify, status_t,
 	status_t status = SUCCESS;
 	enumerator_t *enumerator;
 	proposal_substructure_t *substruct;
-	bool first = TRUE;
 
 	/* check proposal numbering */
 	enumerator = this->proposals->create_enumerator(this->proposals);
@@ -136,7 +135,6 @@ METHOD(payload_t, verify, status_t,
 			DBG1(DBG_ENC, "PROPOSAL_SUBSTRUCTURE verification failed");
 			break;
 		}
-		first = FALSE;
 		expected_number = current_number;
 	}
 	enumerator->destroy(enumerator);
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index 1dd94f6fb..9dfc69205 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -814,7 +814,7 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this,
 	eap_mschapv2_header_t *eap;
 	chunk_t data;
 	char *message, *token, *msg = NULL;
-	int message_len, error = 0, retriable;
+	int message_len, error = 0;
 	chunk_t challenge = chunk_empty;
 
 	data = in->get_data(in);
@@ -842,8 +842,7 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this,
 		}
 		else if (strneq(token, "R=", 2))
 		{
-			token += 2;
-			retriable = atoi(token);
+			/* ignore retriable */
 		}
 		else if (strneq(token, "C=", 2))
 		{
@@ -860,9 +859,7 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this,
 		}
 		else if (strneq(token, "V=", 2))
 		{
-			int version;
-			token += 2;
-			version = atoi(token);
+			/* ignore version */
 		}
 		else if (strneq(token, "M=", 2))
 		{
diff --git a/src/libcharon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c
index 236a7e53e..65218d0df 100644
--- a/src/libcharon/plugins/nm/nm_service.c
+++ b/src/libcharon/plugins/nm/nm_service.c
@@ -82,12 +82,11 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
 {
 	GValue *val;
 	GHashTable *config;
-	host_t *me, *other;
+	host_t *me;
 	nm_handler_t *handler;
 
 	config = g_hash_table_new(g_str_hash, g_str_equal);
 	me = ike_sa->get_my_host(ike_sa);
-	other = ike_sa->get_other_host(ike_sa);
 	handler = NM_STRONGSWAN_PLUGIN_GET_PRIVATE(plugin)->handler;
 
 	/* NM requires a tundev, but netkey does not use one. Passing an invalid
diff --git a/src/libcharon/plugins/socket_raw/socket_raw_socket.c b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
index f6e87a86f..242d098cf 100644
--- a/src/libcharon/plugins/socket_raw/socket_raw_socket.c
+++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
@@ -435,7 +435,6 @@ static int open_send_socket(private_socket_raw_socket_t *this,
 	int on = TRUE;
 	int type = UDP_ENCAP_ESPINUDP;
 	struct sockaddr_storage addr;
-	u_int sol;
 	int skt;
 
 	memset(&addr, 0, sizeof(addr));
@@ -448,7 +447,6 @@ static int open_send_socket(private_socket_raw_socket_t *this,
 			sin->sin_family = AF_INET;
 			sin->sin_addr.s_addr = INADDR_ANY;
 			sin->sin_port = htons(port);
-			sol = SOL_IP;
 			break;
 		}
 		case AF_INET6:
@@ -457,7 +455,6 @@ static int open_send_socket(private_socket_raw_socket_t *this,
 			sin6->sin6_family = AF_INET6;
 			memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
 			sin6->sin6_port = htons(port);
-			sol = SOL_IPV6;
 			break;
 		}
 		default:
@@ -514,18 +511,16 @@ static int open_recv_socket(private_socket_raw_socket_t *this, int family)
 {
 	int skt;
 	int on = TRUE;
-	u_int proto_offset, ip_len, sol, udp_header, ike_header;
+	u_int ip_len, sol, udp_header, ike_header;
 
 	/* precalculate constants depending on address family */
 	switch (family)
 	{
 		case AF_INET:
-			proto_offset = IP_PROTO_OFFSET;
 			ip_len = IP_LEN;
 			sol = SOL_IP;
 			break;
 		case AF_INET6:
-			proto_offset = IP6_PROTO_OFFSET;
 			ip_len = 0; /* IPv6 raw sockets contain no IP header */
 			sol = SOL_IPV6;
 			break;
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.c b/src/libstrongswan/plugins/af_alg/af_alg_prf.c
index 1c1174abb..673ca5e7a 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_prf.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.c
@@ -90,7 +90,7 @@ void af_alg_prf_probe(char *plugin)
 /**
  * Get the kernel algorithm string and block size for our identifier
  */
-static size_t lookup_alg(integrity_algorithm_t algo, char **name, bool *xcbc)
+static size_t lookup_alg(pseudo_random_function_t algo, char **name, bool *xcbc)
 {
 	int i;
 
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index 0864f4118..dae130bba 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -161,7 +161,7 @@ static int open_connection(char *path)
  */
 static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
 {
-	int len, count;
+	int len;
 	char buf[2048];
 	chunk_t blob, key, type, n;
 
@@ -184,7 +184,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
 		DBG1(DBG_LIB, "received invalid ssh-agent identity response");
 		return FALSE;
 	}
-	count = read_uint32(&blob);
+	read_uint32(&blob);
 
 	while (blob.len)
 	{
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index 38ce2cd6c..feda05bca 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -504,7 +504,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
 													  va_list args)
 {
 	private_gcrypt_rsa_private_key_t *this;
-	chunk_t n, e, d, p, q, exp, u;
+	chunk_t n, e, d, p, q, u;
 	gcry_error_t err;
 
 	n = e = d = p = q = u = chunk_empty;
@@ -531,7 +531,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
 			case BUILD_RSA_EXP1:
 			case BUILD_RSA_EXP2:
 				/* not required for gcrypt */
-				exp = va_arg(args, chunk_t);
+				va_arg(args, chunk_t);
 				continue;
 			case BUILD_RSA_COEFF:
 				u = va_arg(args, chunk_t);
diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c
index e51780290..5fd4cfd4d 100644
--- a/src/libstrongswan/utils/optionsfrom.c
+++ b/src/libstrongswan/utils/optionsfrom.c
@@ -67,7 +67,6 @@ METHOD(options_t, from, bool,
 	int newargc;
 	int next;			/* place for next argument */
 	char **newargv;
-	size_t bytes;
 	chunk_t src, line, token;
 	bool good = TRUE;
 	int linepos = 0;
@@ -99,7 +98,14 @@ METHOD(options_t, from, bool,
 	src.ptr = this->buffers[this->nuses] = malloc(src.len + 1);
 
 	/* read the whole file into a chunk */
-	bytes = fread(src.ptr, 1, src.len, fd);
+	if (fread(src.ptr, 1, src.len, fd) != src.len)
+	{
+		DBG1(DBG_LIB, "optionsfrom: unable to read file '%s': %s",
+			 filename, strerror(errno));
+		free(src.ptr);
+		fclose(fd);
+		return FALSE;
+	}
 	fclose(fd);
 
 	if (this->room)
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index d9f6b0925..e91b3f5c0 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -333,7 +333,6 @@ int main(int argc, char **argv)
 	char *file_out_pkcs7     = DEFAULT_FILENAME_PKCS7;
 	char *file_out_cert_self = DEFAULT_FILENAME_CERT_SELF;
 	char *file_out_cert      = DEFAULT_FILENAME_CERT;
-	char *file_out_prefix_cacert = DEFAULT_FILENAME_PREFIX_CACERT;
 
 	/* by default user certificate is requested */
 	bool request_ca_certificate = FALSE;
@@ -540,8 +539,6 @@ int main(int argc, char **argv)
 				else if (strcaseeq("cacert", optarg))
 				{
 					request_ca_certificate = TRUE;
-					if (filename)
-						file_out_prefix_cacert = filename;
 				}
 				else
 				{
diff --git a/src/starter/starter.c b/src/starter/starter.c
index fcef2f7ff..d86da21b8 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -233,7 +233,6 @@ int main (int argc, char **argv)
 
 	struct stat stb;
 
-	char *err = NULL;
 	int i;
 	int id = 1;
 	struct timeval tv;
@@ -495,7 +494,6 @@ int main (int argc, char **argv)
 		 */
 		if (_action_ & FLAG_ACTION_UPDATE)
 		{
-			err = NULL;
 			DBG(DBG_CONTROL,
 				DBG_log("Reloading config...")
 			   );