diff --git a/.gitignore b/.gitignore
index ddd734967..d0c69f81d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -56,4 +56,3 @@
 /testdata/.perfstats.txt
 /doc/html
 /doc/xml
-.idea
diff --git a/configure b/configure
index d27ded8a5..457efb480 100755
--- a/configure
+++ b/configure
@@ -683,7 +683,6 @@ HAVE_SSL
 PC_CRYPTO_DEPENDENCY
 CONFIG_DATE
 NETBSD_LINTFLAGS
-GCC_DOCKER_LINTFLAGS
 PYUNBOUND_UNINSTALL
 PYUNBOUND_INSTALL
 PYUNBOUND_TARGET
@@ -17889,10 +17888,6 @@ if test "`uname`" = "NetBSD"; then
 
 fi
 
-if test "`uname -o`" = "GNU/Linux"; then
-	# splint cannot parse modern c99 header files
-	GCC_DOCKER_LINTFLAGS='-syntax'
-fi
 CONFIG_DATE=`date +%Y%m%d`
 
 
diff --git a/configure.ac b/configure.ac
index fe911723c..128232b1c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -776,6 +776,12 @@ if test "`uname`" = "NetBSD"; then
 	NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_'
 	AC_SUBST(NETBSD_LINTFLAGS)
 fi
+
+if test "`uname -o`" = "GNU/Linux"; then
+	# splint cannot parse modern c99 header files
+	GCC_DOCKER_LINTFLAGS='-syntax'
+	AC_SUBST(GCC_DOCKER_LINTFLAGS)
+fi
 CONFIG_DATE=`date +%Y%m%d`
 AC_SUBST(CONFIG_DATE)
 
diff --git a/Dockerfile b/contrib/Dockerfile.tests
similarity index 100%
rename from Dockerfile
rename to contrib/Dockerfile.tests
diff --git a/doc/README.tests b/doc/README.tests
index 122bf02f3..376f01717 100644
--- a/doc/README.tests
+++ b/doc/README.tests
@@ -16,7 +16,7 @@ You need to have the following programs installed and in your PATH.
 The optional programs are detected and can be omitted.
 
 You can also use prepared Dockerfile to run tests inside docker based on latest gcc image:
-* build container: docker build -t unbound-tester .
+* build container: docker build -t unbound-tester -f contrib/Dockerfile.tests .
 * run container: docker run -it --mount type=bind,source="$(pwd)",target=/usr/src/unbound --rm unbound-tester
 * configure environment: ./configure
 * run test: make test
diff --git a/util/netevent.c b/util/netevent.c
index b3df164e6..11c642a2b 100644
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -1232,13 +1232,6 @@ ssl_handshake(struct comm_point* c)
 		if(want == SSL_ERROR_WANT_READ) {
 			if(c->ssl_shake_state == comm_ssl_shake_read)
 				return 1;
-			/* According to https://www.openssl.org/docs/man1.1.1/man3/SSL_do_handshake.html
-			 * we should repeat handshake - for non blocking BIO
-			 */
-			if(c->ssl_shake_state == comm_ssl_shake_write) {
-			    comm_point_listen_for_rw(c, 0, 1);
-			    return 1;
-			}
 			c->ssl_shake_state = comm_ssl_shake_read;
 			comm_point_listen_for_rw(c, 1, 0);
 			return 1;