Index: src/OFTLSStream.h
==================================================================
--- src/OFTLSStream.h
+++ src/OFTLSStream.h
@@ -101,13 +101,12 @@
     OFReadyForWritingObserving>
 {
 	OFStream <OFReadyForReadingObserving, OFReadyForWritingObserving>
 	    *_underlyingStream;
 	bool _verifiesCertificates;
-	OFArray OF_GENERIC(OF_KINDOF(OFX509Certificate *)) *_Nullable
-	    _certificateChain;
-	OF_KINDOF(OFX509CertificatePrivateKey *) _Nullable _privateKey;
+	OFArray OF_GENERIC(OFX509Certificate *) *_Nullable _certificateChain;
+	OFX509CertificatePrivateKey *_Nullable _privateKey;
 	OF_RESERVE_IVARS(OFTLSStream, 2)
 }
 
 /**
  * @brief The underlying stream.

Index: src/tls/OFGnuTLSTLSStream.m
==================================================================
--- src/tls/OFGnuTLSTLSStream.m
+++ src/tls/OFGnuTLSTLSStream.m
@@ -252,10 +252,12 @@
 		if (_verifiesCertificates)
 			gnutls_session_set_verify_cert(_session, _host.UTF8String, 0);
 	}
 
 	if (_certificateChain != nil) {
+		OFGnuTLSX509CertificatePrivateKey *privateKey =
+		    (OFGnuTLSX509CertificatePrivateKey *)_privateKey;
 		OFMutableData *certs = [OFMutableData
 		    dataWithItemSize: sizeof(gnutls_x509_crt_t)
 			    capacity: _certificateChain.count];
 
 		for (OFGnuTLSX509Certificate *cert in _certificateChain) {
@@ -264,11 +266,11 @@
 			[certs addItem: &gnuTLSCert];
 		}
 
 		if (gnutls_certificate_set_x509_key(_credentials,
 		    (gnutls_x509_crt_t *)certs.items, (unsigned int)certs.count,
-		    [_privateKey of_gnuTLSPrivateKey]) < 0)
+		    privateKey.of_gnuTLSPrivateKey) < 0)
 			@throw [OFTLSHandshakeFailedException
 			    exceptionWithStream: self
 					   host: host
 				      errorCode: initFailedErrorCode];
 	}