ssl.h (100928) | ssl.h (100936) |
---|---|
1/* ssl/ssl.h */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 336 unchanged lines hidden (view full) --- 345 346 CRYPTO_EX_DATA ex_data; /* application specific data */ 347 348 /* These are used to make removal of session-ids more 349 * efficient and to implement a maximum cache size. */ 350 struct ssl_session_st *prev,*next; 351 } SSL_SESSION; 352 | 1/* ssl/ssl.h */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 336 unchanged lines hidden (view full) --- 345 346 CRYPTO_EX_DATA ex_data; /* application specific data */ 347 348 /* These are used to make removal of session-ids more 349 * efficient and to implement a maximum cache size. */ 350 struct ssl_session_st *prev,*next; 351 } SSL_SESSION; 352 |
353 |
|
353#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 354#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 355#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 356#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L 357#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 358#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L 359#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L 360#define SSL_OP_TLS_D5_BUG 0x00000100L 361#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L 362#define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L 363 | 354#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 355#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 356#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 357#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L 358#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 359#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L 360#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L 361#define SSL_OP_TLS_D5_BUG 0x00000100L 362#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L 363#define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L 364 |
365/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added 366 * in OpenSSL 0.9.6d. Usually (depending on the application protocol) 367 * the workaround is not needed. Unfortunately some broken SSL/TLS 368 * implementations cannot handle it at all, which is why we include 369 * it in SSL_OP_ALL. */ 370#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ 371 372/* SSL_OP_ALL: various bug workarounds that should be rather harmless */ 373#define SSL_OP_ALL 0x000FFFFFL 374 |
|
364/* If set, always create a new key when using tmp_dh parameters */ 365#define SSL_OP_SINGLE_DH_USE 0x00100000L 366/* Set to also use the tmp_rsa key when doing RSA operations. */ 367#define SSL_OP_EPHEMERAL_RSA 0x00200000L 368 | 375/* If set, always create a new key when using tmp_dh parameters */ 376#define SSL_OP_SINGLE_DH_USE 0x00100000L 377/* Set to also use the tmp_rsa key when doing RSA operations. */ 378#define SSL_OP_EPHEMERAL_RSA 0x00200000L 379 |
380#define SSL_OP_NO_SSLv2 0x01000000L 381#define SSL_OP_NO_SSLv3 0x02000000L 382#define SSL_OP_NO_TLSv1 0x04000000L 383 |
|
369/* The next flag deliberately changes the ciphertest, this is a check 370 * for the PKCS#1 attack */ 371#define SSL_OP_PKCS1_CHECK_1 0x08000000L 372#define SSL_OP_PKCS1_CHECK_2 0x10000000L 373#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 374/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */ 375#define SSL_OP_NON_EXPORT_FIRST 0x40000000L 376#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L | 384/* The next flag deliberately changes the ciphertest, this is a check 385 * for the PKCS#1 attack */ 386#define SSL_OP_PKCS1_CHECK_1 0x08000000L 387#define SSL_OP_PKCS1_CHECK_2 0x10000000L 388#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 389/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */ 390#define SSL_OP_NON_EXPORT_FIRST 0x40000000L 391#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L |
377#define SSL_OP_ALL 0x000FFFFFL | |
378 | 392 |
379#define SSL_OP_NO_SSLv2 0x01000000L 380#define SSL_OP_NO_SSLv3 0x02000000L 381#define SSL_OP_NO_TLSv1 0x04000000L | |
382 383/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 384 * when just a single record has been written): */ 385#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L 386/* Make it possible to retry SSL_write() with changed buffer location 387 * (buffer contents must stay the same!); this is not the default to avoid 388 * the misconception that non-blocking SSL_write() behaves like 389 * non-blocking write(): */ 390#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L 391/* Never bother the application with retries if the transport 392 * is blocking: */ 393#define SSL_MODE_AUTO_RETRY 0x00000004L 394 | 393 394/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 395 * when just a single record has been written): */ 396#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L 397/* Make it possible to retry SSL_write() with changed buffer location 398 * (buffer contents must stay the same!); this is not the default to avoid 399 * the misconception that non-blocking SSL_write() behaves like 400 * non-blocking write(): */ 401#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L 402/* Never bother the application with retries if the transport 403 * is blocking: */ 404#define SSL_MODE_AUTO_RETRY 0x00000004L 405 |
406 |
|
395/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, 396 * they cannot be used to clear bits. */ 397 398#define SSL_CTX_set_options(ctx,op) \ 399 SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL) 400#define SSL_CTX_get_options(ctx) \ 401 SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL) 402#define SSL_set_options(ssl,op) \ --- 1070 unchanged lines hidden (view full) --- 1473#define SSL_R_HTTPS_PROXY_REQUEST 155 1474#define SSL_R_HTTP_REQUEST 156 1475#define SSL_R_ILLEGAL_PADDING 1110 1476#define SSL_R_INTERNAL_ERROR 157 1477#define SSL_R_INVALID_CHALLENGE_LENGTH 158 1478#define SSL_R_INVALID_COMMAND 280 1479#define SSL_R_INVALID_PURPOSE 278 1480#define SSL_R_INVALID_TRUST 279 | 407/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, 408 * they cannot be used to clear bits. */ 409 410#define SSL_CTX_set_options(ctx,op) \ 411 SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL) 412#define SSL_CTX_get_options(ctx) \ 413 SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL) 414#define SSL_set_options(ssl,op) \ --- 1070 unchanged lines hidden (view full) --- 1485#define SSL_R_HTTPS_PROXY_REQUEST 155 1486#define SSL_R_HTTP_REQUEST 156 1487#define SSL_R_ILLEGAL_PADDING 1110 1488#define SSL_R_INTERNAL_ERROR 157 1489#define SSL_R_INVALID_CHALLENGE_LENGTH 158 1490#define SSL_R_INVALID_COMMAND 280 1491#define SSL_R_INVALID_PURPOSE 278 1492#define SSL_R_INVALID_TRUST 279 |
1493#define SSL_R_KEY_ARG_TOO_LONG 1112 |
|
1481#define SSL_R_LENGTH_MISMATCH 159 1482#define SSL_R_LENGTH_TOO_SHORT 160 1483#define SSL_R_LIBRARY_BUG 274 1484#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 1485#define SSL_R_MESSAGE_TOO_LONG 1111 1486#define SSL_R_MISSING_DH_DSA_CERT 162 1487#define SSL_R_MISSING_DH_KEY 163 1488#define SSL_R_MISSING_DH_RSA_CERT 164 --- 52 unchanged lines hidden (view full) --- 1541#define SSL_R_REQUIRED_CIPHER_MISSING 215 1542#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 1543#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 1544#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 1545#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 1546#define SSL_R_SHORT_READ 219 1547#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 1548#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | 1494#define SSL_R_LENGTH_MISMATCH 159 1495#define SSL_R_LENGTH_TOO_SHORT 160 1496#define SSL_R_LIBRARY_BUG 274 1497#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 1498#define SSL_R_MESSAGE_TOO_LONG 1111 1499#define SSL_R_MISSING_DH_DSA_CERT 162 1500#define SSL_R_MISSING_DH_KEY 163 1501#define SSL_R_MISSING_DH_RSA_CERT 164 --- 52 unchanged lines hidden (view full) --- 1554#define SSL_R_REQUIRED_CIPHER_MISSING 215 1555#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 1556#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 1557#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 1558#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 1559#define SSL_R_SHORT_READ 219 1560#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 1561#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 |
1562#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 |
|
1549#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 1550#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 1551#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 1552#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 1553#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 1554#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 1555#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 1556#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 --- 71 unchanged lines hidden --- | 1563#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 1564#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 1565#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 1566#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 1567#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 1568#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 1569#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 1570#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 --- 71 unchanged lines hidden --- |