155714Skris/* ssl/ssl.h */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8280304Sjkim * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15280304Sjkim * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22280304Sjkim * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37280304Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40280304Sjkim * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52280304Sjkim * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 58100928Snectar/* ==================================================================== 59238405Sjkim * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 60109998Smarkm * 61109998Smarkm * Redistribution and use in source and binary forms, with or without 62109998Smarkm * modification, are permitted provided that the following conditions 63109998Smarkm * are met: 64109998Smarkm * 65109998Smarkm * 1. Redistributions of source code must retain the above copyright 66280304Sjkim * notice, this list of conditions and the following disclaimer. 67109998Smarkm * 68109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright 69109998Smarkm * notice, this list of conditions and the following disclaimer in 70109998Smarkm * the documentation and/or other materials provided with the 71109998Smarkm * distribution. 72109998Smarkm * 73109998Smarkm * 3. All advertising materials mentioning features or use of this 74109998Smarkm * software must display the following acknowledgment: 75109998Smarkm * "This product includes software developed by the OpenSSL Project 76109998Smarkm * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77109998Smarkm * 78109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79109998Smarkm * endorse or promote products derived from this software without 80109998Smarkm * prior written permission. For written permission, please contact 81109998Smarkm * openssl-core@openssl.org. 82109998Smarkm * 83109998Smarkm * 5. Products derived from this software may not be called "OpenSSL" 84109998Smarkm * nor may "OpenSSL" appear in their names without prior written 85109998Smarkm * permission of the OpenSSL Project. 86109998Smarkm * 87109998Smarkm * 6. Redistributions of any form whatsoever must retain the following 88109998Smarkm * acknowledgment: 89109998Smarkm * "This product includes software developed by the OpenSSL Project 90109998Smarkm * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91109998Smarkm * 92109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95109998Smarkm * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE. 104109998Smarkm * ==================================================================== 105109998Smarkm * 106109998Smarkm * This product includes cryptographic software written by Eric Young 107109998Smarkm * (eay@cryptsoft.com). This product includes software written by Tim 108109998Smarkm * Hudson (tjh@cryptsoft.com). 109109998Smarkm * 110109998Smarkm */ 111109998Smarkm/* ==================================================================== 112238405Sjkim * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113280304Sjkim * ECC cipher suite support in OpenSSL originally developed by 114238405Sjkim * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115238405Sjkim */ 116238405Sjkim/* ==================================================================== 117238405Sjkim * Copyright 2005 Nokia. All rights reserved. 118100928Snectar * 119238405Sjkim * The portions of the attached software ("Contribution") is developed by 120238405Sjkim * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121238405Sjkim * license. 122100928Snectar * 123238405Sjkim * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124238405Sjkim * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125238405Sjkim * support (see RFC 4279) to OpenSSL. 126100928Snectar * 127238405Sjkim * No patent licenses or other rights except those expressly stated in 128238405Sjkim * the OpenSSL open source license shall be deemed granted or received 129238405Sjkim * expressly, by implication, estoppel, or otherwise. 130100928Snectar * 131238405Sjkim * No assurances are provided by Nokia that the Contribution does not 132238405Sjkim * infringe the patent or other intellectual property rights of any third 133238405Sjkim * party or that the license provides you with all the necessary rights 134238405Sjkim * to make use of the Contribution. 135100928Snectar * 136238405Sjkim * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137238405Sjkim * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138238405Sjkim * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139238405Sjkim * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140238405Sjkim * OTHERWISE. 141100928Snectar */ 14255714Skris 143280304Sjkim#ifndef HEADER_SSL_H 144280304Sjkim# define HEADER_SSL_H 14555714Skris 146280304Sjkim# include <openssl/e_os2.h> 147109998Smarkm 148280304Sjkim# ifndef OPENSSL_NO_COMP 149280304Sjkim# include <openssl/comp.h> 150280304Sjkim# endif 151280304Sjkim# ifndef OPENSSL_NO_BIO 152280304Sjkim# include <openssl/bio.h> 153280304Sjkim# endif 154280304Sjkim# ifndef OPENSSL_NO_DEPRECATED 155280304Sjkim# ifndef OPENSSL_NO_X509 156280304Sjkim# include <openssl/x509.h> 157280304Sjkim# endif 158280304Sjkim# include <openssl/crypto.h> 159280304Sjkim# include <openssl/lhash.h> 160280304Sjkim# include <openssl/buffer.h> 161280304Sjkim# endif 162280304Sjkim# include <openssl/pem.h> 163280304Sjkim# include <openssl/hmac.h> 164160814Ssimon 165280304Sjkim# include <openssl/kssl.h> 166280304Sjkim# include <openssl/safestack.h> 167280304Sjkim# include <openssl/symhacks.h> 16868651Skris 16955714Skris#ifdef __cplusplus 17055714Skrisextern "C" { 17155714Skris#endif 17255714Skris 17355714Skris/* SSLeay version number for ASN.1 encoding of the session information */ 174280304Sjkim/*- 175280304Sjkim * Version 0 - initial version 17655714Skris * Version 1 - added the optional peer certificate 17755714Skris */ 178280304Sjkim# define SSL_SESSION_ASN1_VERSION 0x0001 17955714Skris 18055714Skris/* text strings for the ciphers */ 181280304Sjkim# define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 182280304Sjkim# define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 183280304Sjkim# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 184280304Sjkim# define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 185280304Sjkim# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 186280304Sjkim# define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 187280304Sjkim# define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 188280304Sjkim# define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA 189280304Sjkim# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 190280304Sjkim# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA 19155714Skris 192280304Sjkim/* 193280304Sjkim * VRS Additional Kerberos5 entries 194109998Smarkm */ 195280304Sjkim# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA 196280304Sjkim# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA 197280304Sjkim# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA 198280304Sjkim# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA 199280304Sjkim# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 200280304Sjkim# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 201280304Sjkim# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 202280304Sjkim# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 203109998Smarkm 204280304Sjkim# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA 205280304Sjkim# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA 206280304Sjkim# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA 207280304Sjkim# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 208280304Sjkim# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 209280304Sjkim# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 210109998Smarkm 211280304Sjkim# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA 212280304Sjkim# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 213280304Sjkim# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA 214280304Sjkim# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 215280304Sjkim# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA 216280304Sjkim# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 217280304Sjkim# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 218109998Smarkm 219280304Sjkim# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 220280304Sjkim# define SSL_MAX_SID_CTX_LENGTH 32 22155714Skris 222280304Sjkim# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) 223280304Sjkim# define SSL_MAX_KEY_ARG_LENGTH 8 224280304Sjkim# define SSL_MAX_MASTER_KEY_LENGTH 48 22555714Skris 22655714Skris/* These are used to specify which ciphers to use and not to use */ 227238405Sjkim 228280304Sjkim# define SSL_TXT_EXP40 "EXPORT40" 229280304Sjkim# define SSL_TXT_EXP56 "EXPORT56" 230280304Sjkim# define SSL_TXT_LOW "LOW" 231280304Sjkim# define SSL_TXT_MEDIUM "MEDIUM" 232280304Sjkim# define SSL_TXT_HIGH "HIGH" 233280304Sjkim# define SSL_TXT_FIPS "FIPS" 23455714Skris 235280304Sjkim# define SSL_TXT_kFZA "kFZA"/* unused! */ 236280304Sjkim# define SSL_TXT_aFZA "aFZA"/* unused! */ 237280304Sjkim# define SSL_TXT_eFZA "eFZA"/* unused! */ 238280304Sjkim# define SSL_TXT_FZA "FZA"/* unused! */ 239238405Sjkim 240280304Sjkim# define SSL_TXT_aNULL "aNULL" 241280304Sjkim# define SSL_TXT_eNULL "eNULL" 242280304Sjkim# define SSL_TXT_NULL "NULL" 24355714Skris 244280304Sjkim# define SSL_TXT_kRSA "kRSA" 245280304Sjkim# define SSL_TXT_kDHr "kDHr"/* no such ciphersuites supported! */ 246280304Sjkim# define SSL_TXT_kDHd "kDHd"/* no such ciphersuites supported! */ 247280304Sjkim# define SSL_TXT_kDH "kDH"/* no such ciphersuites supported! */ 248280304Sjkim# define SSL_TXT_kEDH "kEDH" 249280304Sjkim# define SSL_TXT_kKRB5 "kKRB5" 250280304Sjkim# define SSL_TXT_kECDHr "kECDHr" 251280304Sjkim# define SSL_TXT_kECDHe "kECDHe" 252280304Sjkim# define SSL_TXT_kECDH "kECDH" 253280304Sjkim# define SSL_TXT_kEECDH "kEECDH" 254280304Sjkim# define SSL_TXT_kPSK "kPSK" 255280304Sjkim# define SSL_TXT_kGOST "kGOST" 256280304Sjkim# define SSL_TXT_kSRP "kSRP" 257109998Smarkm 258280304Sjkim# define SSL_TXT_aRSA "aRSA" 259280304Sjkim# define SSL_TXT_aDSS "aDSS" 260280304Sjkim# define SSL_TXT_aDH "aDH"/* no such ciphersuites supported! */ 261280304Sjkim# define SSL_TXT_aECDH "aECDH" 262280304Sjkim# define SSL_TXT_aKRB5 "aKRB5" 263280304Sjkim# define SSL_TXT_aECDSA "aECDSA" 264280304Sjkim# define SSL_TXT_aPSK "aPSK" 265280304Sjkim# define SSL_TXT_aGOST94 "aGOST94" 266280304Sjkim# define SSL_TXT_aGOST01 "aGOST01" 267280304Sjkim# define SSL_TXT_aGOST "aGOST" 268280304Sjkim# define SSL_TXT_aSRP "aSRP" 269238405Sjkim 270280304Sjkim# define SSL_TXT_DSS "DSS" 271280304Sjkim# define SSL_TXT_DH "DH" 272280304Sjkim# define SSL_TXT_EDH "EDH"/* same as "kEDH:-ADH" */ 273280304Sjkim# define SSL_TXT_ADH "ADH" 274280304Sjkim# define SSL_TXT_RSA "RSA" 275280304Sjkim# define SSL_TXT_ECDH "ECDH" 276280304Sjkim# define SSL_TXT_EECDH "EECDH"/* same as "kEECDH:-AECDH" */ 277280304Sjkim# define SSL_TXT_AECDH "AECDH" 278280304Sjkim# define SSL_TXT_ECDSA "ECDSA" 279280304Sjkim# define SSL_TXT_KRB5 "KRB5" 280280304Sjkim# define SSL_TXT_PSK "PSK" 281280304Sjkim# define SSL_TXT_SRP "SRP" 282238405Sjkim 283280304Sjkim# define SSL_TXT_DES "DES" 284280304Sjkim# define SSL_TXT_3DES "3DES" 285280304Sjkim# define SSL_TXT_RC4 "RC4" 286280304Sjkim# define SSL_TXT_RC2 "RC2" 287280304Sjkim# define SSL_TXT_IDEA "IDEA" 288280304Sjkim# define SSL_TXT_SEED "SEED" 289280304Sjkim# define SSL_TXT_AES128 "AES128" 290280304Sjkim# define SSL_TXT_AES256 "AES256" 291280304Sjkim# define SSL_TXT_AES "AES" 292280304Sjkim# define SSL_TXT_AES_GCM "AESGCM" 293280304Sjkim# define SSL_TXT_CAMELLIA128 "CAMELLIA128" 294280304Sjkim# define SSL_TXT_CAMELLIA256 "CAMELLIA256" 295280304Sjkim# define SSL_TXT_CAMELLIA "CAMELLIA" 296238405Sjkim 297280304Sjkim# define SSL_TXT_MD5 "MD5" 298280304Sjkim# define SSL_TXT_SHA1 "SHA1" 299280304Sjkim# define SSL_TXT_SHA "SHA"/* same as "SHA1" */ 300280304Sjkim# define SSL_TXT_GOST94 "GOST94" 301280304Sjkim# define SSL_TXT_GOST89MAC "GOST89MAC" 302280304Sjkim# define SSL_TXT_SHA256 "SHA256" 303280304Sjkim# define SSL_TXT_SHA384 "SHA384" 304238405Sjkim 305280304Sjkim# define SSL_TXT_SSLV2 "SSLv2" 306280304Sjkim# define SSL_TXT_SSLV3 "SSLv3" 307280304Sjkim# define SSL_TXT_TLSV1 "TLSv1" 308280304Sjkim# define SSL_TXT_TLSV1_1 "TLSv1.1" 309280304Sjkim# define SSL_TXT_TLSV1_2 "TLSv1.2" 310238405Sjkim 311280304Sjkim# define SSL_TXT_EXP "EXP" 312280304Sjkim# define SSL_TXT_EXPORT "EXPORT" 313238405Sjkim 314280304Sjkim# define SSL_TXT_ALL "ALL" 31555714Skris 316280304Sjkim/*- 317109998Smarkm * COMPLEMENTOF* definitions. These identifiers are used to (de-select) 318109998Smarkm * ciphers normally not being used. 319109998Smarkm * Example: "RC4" will activate all ciphers using RC4 including ciphers 320109998Smarkm * without authentication, which would normally disabled by DEFAULT (due 321109998Smarkm * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" 322109998Smarkm * will make sure that it is also disabled in the specific selection. 323109998Smarkm * COMPLEMENTOF* identifiers are portable between version, as adjustments 324109998Smarkm * to the default cipher setup will also be included here. 325109998Smarkm * 326109998Smarkm * COMPLEMENTOFDEFAULT does not experience the same special treatment that 327109998Smarkm * DEFAULT gets, as only selection is being done and no sorting as needed 328109998Smarkm * for DEFAULT. 329109998Smarkm */ 330280304Sjkim# define SSL_TXT_CMPALL "COMPLEMENTOFALL" 331280304Sjkim# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" 33255714Skris 333280304Sjkim/* 334280304Sjkim * The following cipher list is used by default. It also is substituted when 335280304Sjkim * an application-defined cipher list string starts with 'DEFAULT'. 336280304Sjkim */ 337298999Sjkim# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" 338280304Sjkim/* 339280304Sjkim * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always 340238405Sjkim * starts with a reasonable order, and all we have to do for DEFAULT is 341280304Sjkim * throwing out anonymous and unencrypted ciphersuites! (The latter are not 342280304Sjkim * actually enabled by ALL, but "ALL:RSA" would enable some of them.) 343238405Sjkim */ 344109998Smarkm 34555714Skris/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ 346280304Sjkim# define SSL_SENT_SHUTDOWN 1 347280304Sjkim# define SSL_RECEIVED_SHUTDOWN 2 34855714Skris 34968651Skris#ifdef __cplusplus 35068651Skris} 35168651Skris#endif 35268651Skris 35368651Skris#ifdef __cplusplus 35468651Skrisextern "C" { 35568651Skris#endif 35668651Skris 357280304Sjkim# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) 358280304Sjkim# define OPENSSL_NO_SSL2 359280304Sjkim# endif 36059191Skris 361280304Sjkim# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 362280304Sjkim# define SSL_FILETYPE_PEM X509_FILETYPE_PEM 36355714Skris 364280304Sjkim/* 365280304Sjkim * This is needed to stop compilers complaining about the 'struct ssl_st *' 366280304Sjkim * function parameters used to prototype callbacks in SSL_CTX. 367280304Sjkim */ 36855714Skristypedef struct ssl_st *ssl_crock_st; 369238405Sjkimtypedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; 370238405Sjkimtypedef struct ssl_method_st SSL_METHOD; 371238405Sjkimtypedef struct ssl_cipher_st SSL_CIPHER; 372238405Sjkimtypedef struct ssl_session_st SSL_SESSION; 37355714Skris 374238405SjkimDECLARE_STACK_OF(SSL_CIPHER) 375238405Sjkim 376238405Sjkim/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ 377280304Sjkimtypedef struct srtp_protection_profile_st { 378280304Sjkim const char *name; 379280304Sjkim unsigned long id; 380280304Sjkim} SRTP_PROTECTION_PROFILE; 381238405Sjkim 382238405SjkimDECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) 383238405Sjkim 384280304Sjkimtypedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, 385280304Sjkim const unsigned char *data, 386280304Sjkim int len, void *arg); 387280304Sjkimtypedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, 388280304Sjkim int *secret_len, 389280304Sjkim STACK_OF(SSL_CIPHER) *peer_ciphers, 390280304Sjkim SSL_CIPHER **cipher, void *arg); 391238405Sjkim 392280304Sjkim# ifndef OPENSSL_NO_SSL_INTERN 393238405Sjkim 39455714Skris/* used to hold info on the particular ciphers used */ 395280304Sjkimstruct ssl_cipher_st { 396280304Sjkim int valid; 397280304Sjkim const char *name; /* text name */ 398280304Sjkim unsigned long id; /* id, 4 bytes, first is version */ 399280304Sjkim /* 400280304Sjkim * changed in 0.9.9: these four used to be portions of a single value 401280304Sjkim * 'algorithms' 402280304Sjkim */ 403280304Sjkim unsigned long algorithm_mkey; /* key exchange algorithm */ 404280304Sjkim unsigned long algorithm_auth; /* server authentication */ 405280304Sjkim unsigned long algorithm_enc; /* symmetric encryption */ 406280304Sjkim unsigned long algorithm_mac; /* symmetric authentication */ 407280304Sjkim unsigned long algorithm_ssl; /* (major) protocol version */ 408280304Sjkim unsigned long algo_strength; /* strength and export flags */ 409280304Sjkim unsigned long algorithm2; /* Extra flags */ 410280304Sjkim int strength_bits; /* Number of bits really used */ 411280304Sjkim int alg_bits; /* Number of bits for algorithm */ 412280304Sjkim}; 413238405Sjkim 41455714Skris/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 415280304Sjkimstruct ssl_method_st { 416280304Sjkim int version; 417280304Sjkim int (*ssl_new) (SSL *s); 418280304Sjkim void (*ssl_clear) (SSL *s); 419280304Sjkim void (*ssl_free) (SSL *s); 420280304Sjkim int (*ssl_accept) (SSL *s); 421280304Sjkim int (*ssl_connect) (SSL *s); 422280304Sjkim int (*ssl_read) (SSL *s, void *buf, int len); 423280304Sjkim int (*ssl_peek) (SSL *s, void *buf, int len); 424280304Sjkim int (*ssl_write) (SSL *s, const void *buf, int len); 425280304Sjkim int (*ssl_shutdown) (SSL *s); 426280304Sjkim int (*ssl_renegotiate) (SSL *s); 427280304Sjkim int (*ssl_renegotiate_check) (SSL *s); 428280304Sjkim long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long 429280304Sjkim max, int *ok); 430280304Sjkim int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, 431280304Sjkim int peek); 432280304Sjkim int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); 433280304Sjkim int (*ssl_dispatch_alert) (SSL *s); 434280304Sjkim long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); 435280304Sjkim long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); 436280304Sjkim const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); 437280304Sjkim int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); 438280304Sjkim int (*ssl_pending) (const SSL *s); 439280304Sjkim int (*num_ciphers) (void); 440280304Sjkim const SSL_CIPHER *(*get_cipher) (unsigned ncipher); 441280304Sjkim const struct ssl_method_st *(*get_ssl_method) (int version); 442280304Sjkim long (*get_timeout) (void); 443280304Sjkim struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ 444280304Sjkim int (*ssl_version) (void); 445280304Sjkim long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); 446280304Sjkim long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); 447280304Sjkim}; 44855714Skris 449280304Sjkim/*- 450280304Sjkim * Lets make this into an ASN.1 type structure as follows 45155714Skris * SSL_SESSION_ID ::= SEQUENCE { 452280304Sjkim * version INTEGER, -- structure version number 453280304Sjkim * SSLversion INTEGER, -- SSL version number 454280304Sjkim * Cipher OCTET STRING, -- the 3 byte cipher ID 455280304Sjkim * Session_ID OCTET STRING, -- the Session ID 456280304Sjkim * Master_key OCTET STRING, -- the master key 457280304Sjkim * KRB5_principal OCTET STRING -- optional Kerberos principal 458280304Sjkim * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument 459280304Sjkim * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time 460280304Sjkim * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds 461280304Sjkim * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate 462280304Sjkim * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context 463280304Sjkim * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' 464280304Sjkim * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension 465280304Sjkim * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint 466280304Sjkim * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity 467280304Sjkim * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket 468280304Sjkim * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) 469280304Sjkim * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method 470280304Sjkim * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username 471280304Sjkim * } 47255714Skris * Look in ssl/ssl_asn1.c for more details 47355714Skris * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). 47455714Skris */ 475280304Sjkimstruct ssl_session_st { 476280304Sjkim int ssl_version; /* what ssl version session info is being 477280304Sjkim * kept in here? */ 478280304Sjkim /* only really used in SSLv2 */ 479280304Sjkim unsigned int key_arg_length; 480280304Sjkim unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; 481280304Sjkim int master_key_length; 482280304Sjkim unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; 483280304Sjkim /* session_id - valid? */ 484280304Sjkim unsigned int session_id_length; 485280304Sjkim unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; 486280304Sjkim /* 487280304Sjkim * this is used to determine whether the session is being reused in the 488280304Sjkim * appropriate context. It is up to the application to set this, via 489280304Sjkim * SSL_new 490280304Sjkim */ 491280304Sjkim unsigned int sid_ctx_length; 492280304Sjkim unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 493280304Sjkim# ifndef OPENSSL_NO_KRB5 494280304Sjkim unsigned int krb5_client_princ_len; 495280304Sjkim unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; 496280304Sjkim# endif /* OPENSSL_NO_KRB5 */ 497280304Sjkim# ifndef OPENSSL_NO_PSK 498280304Sjkim char *psk_identity_hint; 499280304Sjkim char *psk_identity; 500280304Sjkim# endif 501280304Sjkim /* 502280304Sjkim * Used to indicate that session resumption is not allowed. Applications 503280304Sjkim * can also set this bit for a new session via not_resumable_session_cb 504280304Sjkim * to disable session caching and tickets. 505280304Sjkim */ 506280304Sjkim int not_resumable; 507280304Sjkim /* The cert is the certificate used to establish this connection */ 508280304Sjkim struct sess_cert_st /* SESS_CERT */ *sess_cert; 509280304Sjkim /* 510280304Sjkim * This is the cert for the other end. On clients, it will be the same as 511280304Sjkim * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is 512280304Sjkim * not retained in the external representation of sessions, see 513280304Sjkim * ssl_asn1.c). 514280304Sjkim */ 515280304Sjkim X509 *peer; 516280304Sjkim /* 517280304Sjkim * when app_verify_callback accepts a session where the peer's 518280304Sjkim * certificate is not ok, we must remember the error for session reuse: 519280304Sjkim */ 520280304Sjkim long verify_result; /* only for servers */ 521280304Sjkim int references; 522280304Sjkim long timeout; 523280304Sjkim long time; 524280304Sjkim unsigned int compress_meth; /* Need to lookup the method */ 525280304Sjkim const SSL_CIPHER *cipher; 526280304Sjkim unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used 527280304Sjkim * to load the 'cipher' structure */ 528280304Sjkim STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ 529280304Sjkim CRYPTO_EX_DATA ex_data; /* application specific data */ 530280304Sjkim /* 531280304Sjkim * These are used to make removal of session-ids more efficient and to 532280304Sjkim * implement a maximum cache size. 533280304Sjkim */ 534280304Sjkim struct ssl_session_st *prev, *next; 535280304Sjkim# ifndef OPENSSL_NO_TLSEXT 536280304Sjkim char *tlsext_hostname; 537280304Sjkim# ifndef OPENSSL_NO_EC 538280304Sjkim size_t tlsext_ecpointformatlist_length; 539280304Sjkim unsigned char *tlsext_ecpointformatlist; /* peer's list */ 540280304Sjkim size_t tlsext_ellipticcurvelist_length; 541280304Sjkim unsigned char *tlsext_ellipticcurvelist; /* peer's list */ 542280304Sjkim# endif /* OPENSSL_NO_EC */ 543280304Sjkim /* RFC4507 info */ 544280304Sjkim unsigned char *tlsext_tick; /* Session ticket */ 545280304Sjkim size_t tlsext_ticklen; /* Session ticket length */ 546280304Sjkim long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 547280304Sjkim# endif 548280304Sjkim# ifndef OPENSSL_NO_SRP 549280304Sjkim char *srp_username; 550280304Sjkim# endif 551280304Sjkim}; 55255714Skris 553280304Sjkim# endif 55455714Skris 555280304Sjkim# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 556280304Sjkim# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 557205128Ssimon/* Allow initial connection to servers that don't support RI */ 558280304Sjkim# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L 559280304Sjkim# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 560280304Sjkim# define SSL_OP_TLSEXT_PADDING 0x00000010L 561280304Sjkim# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 562280304Sjkim# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L 563280304Sjkim# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L 564280304Sjkim# define SSL_OP_TLS_D5_BUG 0x00000100L 565280304Sjkim# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L 56655714Skris 567264331Sjkim/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ 568280304Sjkim# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 569267258Sjkim/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ 570280304Sjkim# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 571264331Sjkim 572280304Sjkim/* 573280304Sjkim * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in 574280304Sjkim * OpenSSL 0.9.6d. Usually (depending on the application protocol) the 575280304Sjkim * workaround is not needed. Unfortunately some broken SSL/TLS 576280304Sjkim * implementations cannot handle it at all, which is why we include it in 577280304Sjkim * SSL_OP_ALL. 578280304Sjkim */ 579280304Sjkim/* added in 0.9.6e */ 580280304Sjkim# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L 581100936Snectar 582280304Sjkim/* 583280304Sjkim * SSL_OP_ALL: various bug workarounds that should be rather harmless. This 584280304Sjkim * used to be 0x000FFFFFL before 0.9.7. 585280304Sjkim */ 586280304Sjkim# define SSL_OP_ALL 0x80000BFFL 587100936Snectar 588160814Ssimon/* DTLS options */ 589280304Sjkim# define SSL_OP_NO_QUERY_MTU 0x00001000L 590160814Ssimon/* Turn on Cookie Exchange (on relevant for servers) */ 591280304Sjkim# define SSL_OP_COOKIE_EXCHANGE 0x00002000L 592194206Ssimon/* Don't use RFC4507 ticket extension */ 593280304Sjkim# define SSL_OP_NO_TICKET 0x00004000L 594205128Ssimon/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ 595280304Sjkim# define SSL_OP_CISCO_ANYCONNECT 0x00008000L 596160814Ssimon 597109998Smarkm/* As server, disallow session resumption on renegotiation */ 598280304Sjkim# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L 599238405Sjkim/* Don't use compression even if supported */ 600280304Sjkim# define SSL_OP_NO_COMPRESSION 0x00020000L 601205128Ssimon/* Permit unsafe legacy renegotiation */ 602280304Sjkim# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L 603160814Ssimon/* If set, always create a new key when using tmp_ecdh parameters */ 604280304Sjkim# define SSL_OP_SINGLE_ECDH_USE 0x00080000L 605295016Sjkim/* Does nothing: retained for compatibility */ 606280304Sjkim# define SSL_OP_SINGLE_DH_USE 0x00100000L 607276864Sjkim/* Does nothing: retained for compatibiity */ 608280304Sjkim# define SSL_OP_EPHEMERAL_RSA 0x0 609280304Sjkim/* 610280304Sjkim * Set on servers to choose the cipher according to the server's preferences 611280304Sjkim */ 612280304Sjkim# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L 613280304Sjkim/* 614280304Sjkim * If set, a server will allow a client to issue a SSLv3.0 version number as 615280304Sjkim * latest version supported in the premaster secret, even when TLSv1.0 616109998Smarkm * (version 3.1) was announced in the client hello. Normally this is 617280304Sjkim * forbidden to prevent version rollback attacks. 618280304Sjkim */ 619280304Sjkim# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L 62055714Skris 621280304Sjkim# define SSL_OP_NO_SSLv2 0x01000000L 622280304Sjkim# define SSL_OP_NO_SSLv3 0x02000000L 623280304Sjkim# define SSL_OP_NO_TLSv1 0x04000000L 624280304Sjkim# define SSL_OP_NO_TLSv1_2 0x08000000L 625280304Sjkim# define SSL_OP_NO_TLSv1_1 0x10000000L 626100936Snectar 627280304Sjkim/* 628280304Sjkim * These next two were never actually used for anything since SSLeay zap so 629280304Sjkim * we have some more flags. 630238405Sjkim */ 631280304Sjkim/* 632280304Sjkim * The next flag deliberately changes the ciphertest, this is a check for the 633280304Sjkim * PKCS#1 attack 634280304Sjkim */ 635280304Sjkim# define SSL_OP_PKCS1_CHECK_1 0x0 636280304Sjkim# define SSL_OP_PKCS1_CHECK_2 0x0 637238405Sjkim 638280304Sjkim# define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 639280304Sjkim# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L 640280304Sjkim/* 641280304Sjkim * Make server add server-hello extension from early version of cryptopro 642280304Sjkim * draft, when GOST ciphersuite is negotiated. Required for interoperability 643280304Sjkim * with CryptoPro CSP 3.x 644238405Sjkim */ 645280304Sjkim# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L 64655714Skris 647280304Sjkim/* 648280304Sjkim * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 649280304Sjkim * when just a single record has been written): 650280304Sjkim */ 651280304Sjkim# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L 652280304Sjkim/* 653280304Sjkim * Make it possible to retry SSL_write() with changed buffer location (buffer 654280304Sjkim * contents must stay the same!); this is not the default to avoid the 655280304Sjkim * misconception that non-blocking SSL_write() behaves like non-blocking 656280304Sjkim * write(): 657280304Sjkim */ 658280304Sjkim# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L 659280304Sjkim/* 660280304Sjkim * Never bother the application with retries if the transport is blocking: 661280304Sjkim */ 662280304Sjkim# define SSL_MODE_AUTO_RETRY 0x00000004L 663111147Snectar/* Don't attempt to automatically build certificate chain */ 664280304Sjkim# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L 665280304Sjkim/* 666280304Sjkim * Save RAM by releasing read and write buffers when they're empty. (SSL3 and 667280304Sjkim * TLS only.) "Released" buffers are put onto a free-list in the context or 668280304Sjkim * just freed (depending on the context's setting for freelist_max_len). 669280304Sjkim */ 670280304Sjkim# define SSL_MODE_RELEASE_BUFFERS 0x00000010L 671280304Sjkim/* 672280304Sjkim * Send the current time in the Random fields of the ClientHello and 673264331Sjkim * ServerHello records for compatibility with hypothetical implementations 674264331Sjkim * that require it. 675264331Sjkim */ 676280304Sjkim# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L 677280304Sjkim# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L 678280304Sjkim/* 679280304Sjkim * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications 680280304Sjkim * that reconnect with a downgraded protocol version; see 681280304Sjkim * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your 682280304Sjkim * application attempts a normal handshake. Only use this in explicit 683280304Sjkim * fallback retries, following the guidance in 684280304Sjkim * draft-ietf-tls-downgrade-scsv-00. 685276864Sjkim */ 686280304Sjkim# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L 68755714Skris 688280304Sjkim/* 689280304Sjkim * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they 690280304Sjkim * cannot be used to clear bits. 691280304Sjkim */ 69255714Skris 693280304Sjkim# define SSL_CTX_set_options(ctx,op) \ 694280304Sjkim SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) 695280304Sjkim# define SSL_CTX_clear_options(ctx,op) \ 696280304Sjkim SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) 697280304Sjkim# define SSL_CTX_get_options(ctx) \ 698280304Sjkim SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) 699280304Sjkim# define SSL_set_options(ssl,op) \ 700280304Sjkim SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) 701280304Sjkim# define SSL_clear_options(ssl,op) \ 702280304Sjkim SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) 703280304Sjkim# define SSL_get_options(ssl) \ 704109998Smarkm SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) 70555714Skris 706280304Sjkim# define SSL_CTX_set_mode(ctx,op) \ 707280304Sjkim SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) 708280304Sjkim# define SSL_CTX_clear_mode(ctx,op) \ 709280304Sjkim SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) 710280304Sjkim# define SSL_CTX_get_mode(ctx) \ 711280304Sjkim SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) 712280304Sjkim# define SSL_clear_mode(ssl,op) \ 713280304Sjkim SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) 714280304Sjkim# define SSL_set_mode(ssl,op) \ 715280304Sjkim SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) 716280304Sjkim# define SSL_get_mode(ssl) \ 717109998Smarkm SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) 718280304Sjkim# define SSL_set_mtu(ssl, mtu) \ 719160814Ssimon SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) 720280304Sjkim# define DTLS_set_link_mtu(ssl, mtu) \ 721276864Sjkim SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) 722280304Sjkim# define DTLS_get_link_min_mtu(ssl) \ 723276864Sjkim SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) 72455714Skris 725280304Sjkim# define SSL_get_secure_renegotiation_support(ssl) \ 726280304Sjkim SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) 727109998Smarkm 728280304Sjkim# ifndef OPENSSL_NO_HEARTBEATS 729280304Sjkim# define SSL_heartbeat(ssl) \ 730238405Sjkim SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) 731280304Sjkim# endif 732238405Sjkim 733280304Sjkimvoid SSL_CTX_set_msg_callback(SSL_CTX *ctx, 734280304Sjkim void (*cb) (int write_p, int version, 735280304Sjkim int content_type, const void *buf, 736280304Sjkim size_t len, SSL *ssl, void *arg)); 737280304Sjkimvoid SSL_set_msg_callback(SSL *ssl, 738280304Sjkim void (*cb) (int write_p, int version, 739280304Sjkim int content_type, const void *buf, 740280304Sjkim size_t len, SSL *ssl, void *arg)); 741280304Sjkim# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 742280304Sjkim# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 743109998Smarkm 744280304Sjkim# ifndef OPENSSL_NO_SRP 745109998Smarkm 746280304Sjkim# ifndef OPENSSL_NO_SSL_INTERN 747109998Smarkm 748280304Sjkimtypedef struct srp_ctx_st { 749280304Sjkim /* param for all the callbacks */ 750280304Sjkim void *SRP_cb_arg; 751280304Sjkim /* set client Hello login callback */ 752280304Sjkim int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); 753280304Sjkim /* set SRP N/g param callback for verification */ 754280304Sjkim int (*SRP_verify_param_callback) (SSL *, void *); 755280304Sjkim /* set SRP client passwd callback */ 756280304Sjkim char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); 757280304Sjkim char *login; 758280304Sjkim BIGNUM *N, *g, *s, *B, *A; 759280304Sjkim BIGNUM *a, *b, *v; 760280304Sjkim char *info; 761280304Sjkim int strength; 762280304Sjkim unsigned long srp_Mask; 763280304Sjkim} SRP_CTX; 764238405Sjkim 765280304Sjkim# endif 766238405Sjkim 767238405Sjkim/* see tls_srp.c */ 768238405Sjkimint SSL_SRP_CTX_init(SSL *s); 769238405Sjkimint SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); 770238405Sjkimint SSL_SRP_CTX_free(SSL *ctx); 771238405Sjkimint SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); 772238405Sjkimint SSL_srp_server_param_with_username(SSL *s, int *ad); 773280304Sjkimint SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); 774238405Sjkimint SRP_Calc_A_param(SSL *s); 775280304Sjkimint SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); 776238405Sjkim 777280304Sjkim# endif 778238405Sjkim 779280304Sjkim# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) 780280304Sjkim# define SSL_MAX_CERT_LIST_DEFAULT 1024*30 781280304Sjkim /* 30k max cert list :-) */ 782280304Sjkim# else 783280304Sjkim# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 784280304Sjkim /* 100k max cert list :-) */ 785280304Sjkim# endif 786109998Smarkm 787280304Sjkim# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) 78855714Skris 789280304Sjkim/* 790280304Sjkim * This callback type is used inside SSL_CTX, SSL, and in the functions that 791280304Sjkim * set them. It is used to override the generation of SSL/TLS session IDs in 792280304Sjkim * a server. Return value should be zero on an error, non-zero to proceed. 793280304Sjkim * Also, callbacks should themselves check if the id they generate is unique 794280304Sjkim * otherwise the SSL handshake will fail with an error - callbacks can do 795280304Sjkim * this using the 'ssl' value they're passed by; 796280304Sjkim * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in 797280304Sjkim * is set at the maximum size the session ID can be. In SSLv2 this is 16 798280304Sjkim * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this 799280304Sjkim * length to be less if desired, but under SSLv2 session IDs are supposed to 800280304Sjkim * be fixed at 16 bytes so the id will be padded after the callback returns 801280304Sjkim * in this case. It is also an error for the callback to set the size to 802280304Sjkim * zero. 803280304Sjkim */ 804280304Sjkimtypedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, 805280304Sjkim unsigned int *id_len); 806109998Smarkm 807238405Sjkimtypedef struct ssl_comp_st SSL_COMP; 808238405Sjkim 809280304Sjkim# ifndef OPENSSL_NO_SSL_INTERN 810238405Sjkim 811280304Sjkimstruct ssl_comp_st { 812280304Sjkim int id; 813280304Sjkim const char *name; 814280304Sjkim# ifndef OPENSSL_NO_COMP 815280304Sjkim COMP_METHOD *method; 816280304Sjkim# else 817280304Sjkim char *method; 818280304Sjkim# endif 819280304Sjkim}; 82055714Skris 82155714SkrisDECLARE_STACK_OF(SSL_COMP) 822238405SjkimDECLARE_LHASH_OF(SSL_SESSION); 82355714Skris 824280304Sjkimstruct ssl_ctx_st { 825280304Sjkim const SSL_METHOD *method; 826280304Sjkim STACK_OF(SSL_CIPHER) *cipher_list; 827280304Sjkim /* same as above but sorted for lookup */ 828280304Sjkim STACK_OF(SSL_CIPHER) *cipher_list_by_id; 829280304Sjkim struct x509_store_st /* X509_STORE */ *cert_store; 830280304Sjkim LHASH_OF(SSL_SESSION) *sessions; 831280304Sjkim /* 832280304Sjkim * Most session-ids that will be cached, default is 833280304Sjkim * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. 834280304Sjkim */ 835280304Sjkim unsigned long session_cache_size; 836280304Sjkim struct ssl_session_st *session_cache_head; 837280304Sjkim struct ssl_session_st *session_cache_tail; 838280304Sjkim /* 839280304Sjkim * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, 840280304Sjkim * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which 841280304Sjkim * means only SSL_accept which cache SSL_SESSIONS. 842280304Sjkim */ 843280304Sjkim int session_cache_mode; 844280304Sjkim /* 845280304Sjkim * If timeout is not 0, it is the default timeout value set when 846280304Sjkim * SSL_new() is called. This has been put in to make life easier to set 847280304Sjkim * things up 848280304Sjkim */ 849280304Sjkim long session_timeout; 850280304Sjkim /* 851280304Sjkim * If this callback is not null, it will be called each time a session id 852280304Sjkim * is added to the cache. If this function returns 1, it means that the 853280304Sjkim * callback will do a SSL_SESSION_free() when it has finished using it. 854280304Sjkim * Otherwise, on 0, it means the callback has finished with it. If 855280304Sjkim * remove_session_cb is not null, it will be called when a session-id is 856280304Sjkim * removed from the cache. After the call, OpenSSL will 857280304Sjkim * SSL_SESSION_free() it. 858280304Sjkim */ 859280304Sjkim int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); 860280304Sjkim void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); 861280304Sjkim SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, 862280304Sjkim unsigned char *data, int len, int *copy); 863280304Sjkim struct { 864280304Sjkim int sess_connect; /* SSL new conn - started */ 865280304Sjkim int sess_connect_renegotiate; /* SSL reneg - requested */ 866280304Sjkim int sess_connect_good; /* SSL new conne/reneg - finished */ 867280304Sjkim int sess_accept; /* SSL new accept - started */ 868280304Sjkim int sess_accept_renegotiate; /* SSL reneg - requested */ 869280304Sjkim int sess_accept_good; /* SSL accept/reneg - finished */ 870280304Sjkim int sess_miss; /* session lookup misses */ 871280304Sjkim int sess_timeout; /* reuse attempt on timeouted session */ 872280304Sjkim int sess_cache_full; /* session removed due to full cache */ 873280304Sjkim int sess_hit; /* session reuse actually done */ 874280304Sjkim int sess_cb_hit; /* session-id that was not in the cache was 875280304Sjkim * passed back via the callback. This 876280304Sjkim * indicates that the application is 877280304Sjkim * supplying session-id's from other 878280304Sjkim * processes - spooky :-) */ 879280304Sjkim } stats; 88055714Skris 881280304Sjkim int references; 88255714Skris 883280304Sjkim /* if defined, these override the X509_verify_cert() calls */ 884280304Sjkim int (*app_verify_callback) (X509_STORE_CTX *, void *); 885280304Sjkim void *app_verify_arg; 886280304Sjkim /* 887280304Sjkim * before OpenSSL 0.9.7, 'app_verify_arg' was ignored 888280304Sjkim * ('app_verify_callback' was called with just one argument) 889280304Sjkim */ 89055714Skris 891280304Sjkim /* Default password callback. */ 892280304Sjkim pem_password_cb *default_passwd_callback; 89355714Skris 894280304Sjkim /* Default password callback user data. */ 895280304Sjkim void *default_passwd_callback_userdata; 89655714Skris 897280304Sjkim /* get client cert callback */ 898280304Sjkim int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); 899109998Smarkm 900160814Ssimon /* cookie generate callback */ 901280304Sjkim int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, 902280304Sjkim unsigned int *cookie_len); 903160814Ssimon 904160814Ssimon /* verify cookie callback */ 905280304Sjkim int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, 906280304Sjkim unsigned int cookie_len); 907160814Ssimon 908280304Sjkim CRYPTO_EX_DATA ex_data; 90955714Skris 910280304Sjkim const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ 911280304Sjkim const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ 912280304Sjkim const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ 91355714Skris 914280304Sjkim STACK_OF(X509) *extra_certs; 915280304Sjkim STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ 916109998Smarkm 917280304Sjkim /* Default values used when no per-SSL value is defined follow */ 918109998Smarkm 919280304Sjkim /* used if SSL's info_callback is NULL */ 920280304Sjkim void (*info_callback) (const SSL *ssl, int type, int val); 921109998Smarkm 922280304Sjkim /* what we put in client cert requests */ 923280304Sjkim STACK_OF(X509_NAME) *client_CA; 924109998Smarkm 925280304Sjkim /* 926280304Sjkim * Default values to use in SSL structures follow (these are copied by 927280304Sjkim * SSL_new) 928280304Sjkim */ 929109998Smarkm 930280304Sjkim unsigned long options; 931280304Sjkim unsigned long mode; 932280304Sjkim long max_cert_list; 933109998Smarkm 934280304Sjkim struct cert_st /* CERT */ *cert; 935280304Sjkim int read_ahead; 936109998Smarkm 937280304Sjkim /* callback that allows applications to peek at protocol messages */ 938280304Sjkim void (*msg_callback) (int write_p, int version, int content_type, 939280304Sjkim const void *buf, size_t len, SSL *ssl, void *arg); 940280304Sjkim void *msg_callback_arg; 941109998Smarkm 942280304Sjkim int verify_mode; 943280304Sjkim unsigned int sid_ctx_length; 944280304Sjkim unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 945280304Sjkim /* called 'verify_callback' in the SSL */ 946280304Sjkim int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); 947109998Smarkm 948280304Sjkim /* Default generate session ID callback. */ 949280304Sjkim GEN_SESSION_CB generate_session_id; 950109998Smarkm 951280304Sjkim X509_VERIFY_PARAM *param; 952109998Smarkm 953280304Sjkim# if 0 954280304Sjkim int purpose; /* Purpose setting */ 955280304Sjkim int trust; /* Trust setting */ 956280304Sjkim# endif 957109998Smarkm 958280304Sjkim int quiet_shutdown; 959160814Ssimon 960280304Sjkim /* 961280304Sjkim * Maximum amount of data to send in one fragment. actual record size can 962280304Sjkim * be more than this due to padding and MAC overheads. 963280304Sjkim */ 964280304Sjkim unsigned int max_send_fragment; 965109998Smarkm 966280304Sjkim# ifndef OPENSSL_NO_ENGINE 967280304Sjkim /* 968280304Sjkim * Engine to pass requests for client certs to 969280304Sjkim */ 970280304Sjkim ENGINE *client_cert_engine; 971280304Sjkim# endif 972194206Ssimon 973280304Sjkim# ifndef OPENSSL_NO_TLSEXT 974280304Sjkim /* TLS extensions servername callback */ 975280304Sjkim int (*tlsext_servername_callback) (SSL *, int *, void *); 976280304Sjkim void *tlsext_servername_arg; 977280304Sjkim /* RFC 4507 session ticket keys */ 978280304Sjkim unsigned char tlsext_tick_key_name[16]; 979280304Sjkim unsigned char tlsext_tick_hmac_key[16]; 980280304Sjkim unsigned char tlsext_tick_aes_key[16]; 981280304Sjkim /* Callback to support customisation of ticket key setting */ 982280304Sjkim int (*tlsext_ticket_key_cb) (SSL *ssl, 983280304Sjkim unsigned char *name, unsigned char *iv, 984280304Sjkim EVP_CIPHER_CTX *ectx, 985280304Sjkim HMAC_CTX *hctx, int enc); 986238405Sjkim 987280304Sjkim /* certificate status request info */ 988280304Sjkim /* Callback for status request */ 989280304Sjkim int (*tlsext_status_cb) (SSL *ssl, void *arg); 990280304Sjkim void *tlsext_status_arg; 991194206Ssimon 992280304Sjkim /* draft-rescorla-tls-opaque-prf-input-00.txt information */ 993280304Sjkim int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, 994280304Sjkim size_t len, void *arg); 995280304Sjkim void *tlsext_opaque_prf_input_callback_arg; 996280304Sjkim# endif 997194206Ssimon 998280304Sjkim# ifndef OPENSSL_NO_PSK 999280304Sjkim char *psk_identity_hint; 1000280304Sjkim unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, 1001280304Sjkim char *identity, 1002280304Sjkim unsigned int max_identity_len, 1003280304Sjkim unsigned char *psk, 1004280304Sjkim unsigned int max_psk_len); 1005280304Sjkim unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, 1006280304Sjkim unsigned char *psk, 1007280304Sjkim unsigned int max_psk_len); 1008280304Sjkim# endif 1009246772Sjkim 1010280304Sjkim# ifndef OPENSSL_NO_BUF_FREELISTS 1011280304Sjkim# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 1012280304Sjkim unsigned int freelist_max_len; 1013280304Sjkim struct ssl3_buf_freelist_st *wbuf_freelist; 1014280304Sjkim struct ssl3_buf_freelist_st *rbuf_freelist; 1015280304Sjkim# endif 1016280304Sjkim# ifndef OPENSSL_NO_SRP 1017280304Sjkim SRP_CTX srp_ctx; /* ctx for SRP authentication */ 1018280304Sjkim# endif 1019194206Ssimon 1020280304Sjkim# ifndef OPENSSL_NO_TLSEXT 1021238405Sjkim 1022280304Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 1023280304Sjkim /* Next protocol negotiation information */ 1024280304Sjkim /* (for experimental NPN extension). */ 1025238405Sjkim 1026280304Sjkim /* 1027280304Sjkim * For a server, this contains a callback function by which the set of 1028280304Sjkim * advertised protocols can be provided. 1029280304Sjkim */ 1030280304Sjkim int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, 1031280304Sjkim unsigned int *len, void *arg); 1032280304Sjkim void *next_protos_advertised_cb_arg; 1033280304Sjkim /* 1034280304Sjkim * For a client, this contains a callback function that selects the next 1035280304Sjkim * protocol from the list provided by the server. 1036280304Sjkim */ 1037280304Sjkim int (*next_proto_select_cb) (SSL *s, unsigned char **out, 1038280304Sjkim unsigned char *outlen, 1039280304Sjkim const unsigned char *in, 1040280304Sjkim unsigned int inlen, void *arg); 1041280304Sjkim void *next_proto_select_cb_arg; 1042280304Sjkim# endif 1043280304Sjkim /* SRTP profiles we are willing to do from RFC 5764 */ 1044280304Sjkim STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 1045280304Sjkim# endif 1046280304Sjkim}; 1047246772Sjkim 1048238405Sjkim# endif 104955714Skris 1050280304Sjkim# define SSL_SESS_CACHE_OFF 0x0000 1051280304Sjkim# define SSL_SESS_CACHE_CLIENT 0x0001 1052280304Sjkim# define SSL_SESS_CACHE_SERVER 0x0002 1053280304Sjkim# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) 1054280304Sjkim# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 1055109998Smarkm/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ 1056280304Sjkim# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 1057280304Sjkim# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 1058280304Sjkim# define SSL_SESS_CACHE_NO_INTERNAL \ 1059280304Sjkim (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) 106055714Skris 1061238405SjkimLHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); 1062280304Sjkim# define SSL_CTX_sess_number(ctx) \ 1063280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) 1064280304Sjkim# define SSL_CTX_sess_connect(ctx) \ 1065280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) 1066280304Sjkim# define SSL_CTX_sess_connect_good(ctx) \ 1067280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) 1068280304Sjkim# define SSL_CTX_sess_connect_renegotiate(ctx) \ 1069280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) 1070280304Sjkim# define SSL_CTX_sess_accept(ctx) \ 1071280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) 1072280304Sjkim# define SSL_CTX_sess_accept_renegotiate(ctx) \ 1073280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) 1074280304Sjkim# define SSL_CTX_sess_accept_good(ctx) \ 1075280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) 1076280304Sjkim# define SSL_CTX_sess_hits(ctx) \ 1077280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) 1078280304Sjkim# define SSL_CTX_sess_cb_hits(ctx) \ 1079280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) 1080280304Sjkim# define SSL_CTX_sess_misses(ctx) \ 1081280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) 1082280304Sjkim# define SSL_CTX_sess_timeouts(ctx) \ 1083280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) 1084280304Sjkim# define SSL_CTX_sess_cache_full(ctx) \ 1085280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) 108655714Skris 1087280304Sjkimvoid SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 1088280304Sjkim int (*new_session_cb) (struct ssl_st *ssl, 1089280304Sjkim SSL_SESSION *sess)); 1090280304Sjkimint (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, 1091280304Sjkim SSL_SESSION *sess); 1092280304Sjkimvoid SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 1093280304Sjkim void (*remove_session_cb) (struct ssl_ctx_st 1094280304Sjkim *ctx, 1095280304Sjkim SSL_SESSION 1096280304Sjkim *sess)); 1097280304Sjkimvoid (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, 1098280304Sjkim SSL_SESSION *sess); 1099280304Sjkimvoid SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, 1100280304Sjkim SSL_SESSION *(*get_session_cb) (struct ssl_st 1101280304Sjkim *ssl, 1102280304Sjkim unsigned char 1103280304Sjkim *data, int len, 1104280304Sjkim int *copy)); 1105280304SjkimSSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, 1106280304Sjkim unsigned char *Data, 1107280304Sjkim int len, int *copy); 1108280304Sjkimvoid SSL_CTX_set_info_callback(SSL_CTX *ctx, 1109280304Sjkim void (*cb) (const SSL *ssl, int type, 1110280304Sjkim int val)); 1111280304Sjkimvoid (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, 1112280304Sjkim int val); 1113280304Sjkimvoid SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 1114280304Sjkim int (*client_cert_cb) (SSL *ssl, X509 **x509, 1115280304Sjkim EVP_PKEY **pkey)); 1116280304Sjkimint (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, 1117280304Sjkim EVP_PKEY **pkey); 1118280304Sjkim# ifndef OPENSSL_NO_ENGINE 1119194206Ssimonint SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); 1120280304Sjkim# endif 1121280304Sjkimvoid SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 1122280304Sjkim int (*app_gen_cookie_cb) (SSL *ssl, 1123280304Sjkim unsigned char 1124280304Sjkim *cookie, 1125280304Sjkim unsigned int 1126280304Sjkim *cookie_len)); 1127280304Sjkimvoid SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 1128280304Sjkim int (*app_verify_cookie_cb) (SSL *ssl, 1129280304Sjkim unsigned char 1130280304Sjkim *cookie, 1131280304Sjkim unsigned int 1132280304Sjkim cookie_len)); 1133280304Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 1134238405Sjkimvoid SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, 1135280304Sjkim int (*cb) (SSL *ssl, 1136280304Sjkim const unsigned char 1137280304Sjkim **out, 1138280304Sjkim unsigned int *outlen, 1139280304Sjkim void *arg), void *arg); 1140238405Sjkimvoid SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, 1141280304Sjkim int (*cb) (SSL *ssl, 1142280304Sjkim unsigned char **out, 1143280304Sjkim unsigned char *outlen, 1144280304Sjkim const unsigned char *in, 1145280304Sjkim unsigned int inlen, 1146280304Sjkim void *arg), void *arg); 114755714Skris 1148238405Sjkimint SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1149280304Sjkim const unsigned char *in, unsigned int inlen, 1150280304Sjkim const unsigned char *client, 1151280304Sjkim unsigned int client_len); 1152280304Sjkimvoid SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 1153280304Sjkim unsigned *len); 1154238405Sjkim 1155280304Sjkim# define OPENSSL_NPN_UNSUPPORTED 0 1156280304Sjkim# define OPENSSL_NPN_NEGOTIATED 1 1157280304Sjkim# define OPENSSL_NPN_NO_OVERLAP 2 1158280304Sjkim# endif 1159238405Sjkim 1160280304Sjkim# ifndef OPENSSL_NO_PSK 1161280304Sjkim/* 1162280304Sjkim * the maximum length of the buffer given to callbacks containing the 1163280304Sjkim * resulting identity/psk 1164280304Sjkim */ 1165280304Sjkim# define PSK_MAX_IDENTITY_LEN 128 1166280304Sjkim# define PSK_MAX_PSK_LEN 256 1167280304Sjkimvoid SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 1168280304Sjkim unsigned int (*psk_client_callback) (SSL 1169280304Sjkim *ssl, 1170280304Sjkim const 1171280304Sjkim char 1172280304Sjkim *hint, 1173280304Sjkim char 1174280304Sjkim *identity, 1175280304Sjkim unsigned 1176280304Sjkim int 1177280304Sjkim max_identity_len, 1178280304Sjkim unsigned 1179280304Sjkim char 1180280304Sjkim *psk, 1181280304Sjkim unsigned 1182280304Sjkim int 1183280304Sjkim max_psk_len)); 1184280304Sjkimvoid SSL_set_psk_client_callback(SSL *ssl, 1185280304Sjkim unsigned int (*psk_client_callback) (SSL 1186280304Sjkim *ssl, 1187280304Sjkim const 1188280304Sjkim char 1189280304Sjkim *hint, 1190280304Sjkim char 1191280304Sjkim *identity, 1192280304Sjkim unsigned 1193280304Sjkim int 1194280304Sjkim max_identity_len, 1195280304Sjkim unsigned 1196280304Sjkim char 1197280304Sjkim *psk, 1198280304Sjkim unsigned 1199280304Sjkim int 1200280304Sjkim max_psk_len)); 1201280304Sjkimvoid SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 1202280304Sjkim unsigned int (*psk_server_callback) (SSL 1203280304Sjkim *ssl, 1204280304Sjkim const 1205280304Sjkim char 1206280304Sjkim *identity, 1207280304Sjkim unsigned 1208280304Sjkim char 1209280304Sjkim *psk, 1210280304Sjkim unsigned 1211280304Sjkim int 1212280304Sjkim max_psk_len)); 1213238405Sjkimvoid SSL_set_psk_server_callback(SSL *ssl, 1214280304Sjkim unsigned int (*psk_server_callback) (SSL 1215280304Sjkim *ssl, 1216280304Sjkim const 1217280304Sjkim char 1218280304Sjkim *identity, 1219280304Sjkim unsigned 1220280304Sjkim char 1221280304Sjkim *psk, 1222280304Sjkim unsigned 1223280304Sjkim int 1224280304Sjkim max_psk_len)); 1225238405Sjkimint SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); 1226238405Sjkimint SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); 1227238405Sjkimconst char *SSL_get_psk_identity_hint(const SSL *s); 1228238405Sjkimconst char *SSL_get_psk_identity(const SSL *s); 1229280304Sjkim# endif 1230238405Sjkim 1231280304Sjkim# define SSL_NOTHING 1 1232280304Sjkim# define SSL_WRITING 2 1233280304Sjkim# define SSL_READING 3 1234280304Sjkim# define SSL_X509_LOOKUP 4 123555714Skris 123655714Skris/* These will only be used when doing non-blocking IO */ 1237280304Sjkim# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) 1238280304Sjkim# define SSL_want_read(s) (SSL_want(s) == SSL_READING) 1239280304Sjkim# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) 1240280304Sjkim# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) 124155714Skris 1242280304Sjkim# define SSL_MAC_FLAG_READ_MAC_STREAM 1 1243280304Sjkim# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 1244238405Sjkim 1245280304Sjkim# ifndef OPENSSL_NO_SSL_INTERN 1246238405Sjkim 1247280304Sjkimstruct ssl_st { 1248280304Sjkim /* 1249280304Sjkim * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, 1250280304Sjkim * DTLS1_VERSION) 1251280304Sjkim */ 1252280304Sjkim int version; 1253280304Sjkim /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ 1254280304Sjkim int type; 1255280304Sjkim /* SSLv3 */ 1256280304Sjkim const SSL_METHOD *method; 1257280304Sjkim /* 1258280304Sjkim * There are 2 BIO's even though they are normally both the same. This 1259280304Sjkim * is so data can be read and written to different handlers 1260280304Sjkim */ 1261280304Sjkim# ifndef OPENSSL_NO_BIO 1262280304Sjkim /* used by SSL_read */ 1263280304Sjkim BIO *rbio; 1264280304Sjkim /* used by SSL_write */ 1265280304Sjkim BIO *wbio; 1266280304Sjkim /* used during session-id reuse to concatenate messages */ 1267280304Sjkim BIO *bbio; 1268280304Sjkim# else 1269280304Sjkim /* used by SSL_read */ 1270280304Sjkim char *rbio; 1271280304Sjkim /* used by SSL_write */ 1272280304Sjkim char *wbio; 1273280304Sjkim char *bbio; 1274280304Sjkim# endif 1275280304Sjkim /* 1276280304Sjkim * This holds a variable that indicates what we were doing when a 0 or -1 1277280304Sjkim * is returned. This is needed for non-blocking IO so we know what 1278280304Sjkim * request needs re-doing when in SSL_accept or SSL_connect 1279280304Sjkim */ 1280280304Sjkim int rwstate; 1281280304Sjkim /* true when we are actually in SSL_accept() or SSL_connect() */ 1282280304Sjkim int in_handshake; 1283280304Sjkim int (*handshake_func) (SSL *); 1284280304Sjkim /* 1285280304Sjkim * Imagine that here's a boolean member "init" that is switched as soon 1286280304Sjkim * as SSL_set_{accept/connect}_state is called for the first time, so 1287280304Sjkim * that "state" and "handshake_func" are properly initialized. But as 1288280304Sjkim * handshake_func is == 0 until then, we use this test instead of an 1289280304Sjkim * "init" member. 1290280304Sjkim */ 1291280304Sjkim /* are we the server side? - mostly used by SSL_clear */ 1292280304Sjkim int server; 1293280304Sjkim /* 1294280304Sjkim * Generate a new session or reuse an old one. 1295280304Sjkim * NB: For servers, the 'new' session may actually be a previously 1296280304Sjkim * cached session or even the previous session unless 1297280304Sjkim * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set 1298280304Sjkim */ 1299280304Sjkim int new_session; 1300280304Sjkim /* don't send shutdown packets */ 1301280304Sjkim int quiet_shutdown; 1302280304Sjkim /* we have shut things down, 0x01 sent, 0x02 for received */ 1303280304Sjkim int shutdown; 1304280304Sjkim /* where we are */ 1305280304Sjkim int state; 1306280304Sjkim /* where we are when reading */ 1307280304Sjkim int rstate; 1308280304Sjkim BUF_MEM *init_buf; /* buffer used during init */ 1309280304Sjkim void *init_msg; /* pointer to handshake message body, set by 1310280304Sjkim * ssl3_get_message() */ 1311280304Sjkim int init_num; /* amount read/written */ 1312280304Sjkim int init_off; /* amount read/written */ 1313280304Sjkim /* used internally to point at a raw packet */ 1314280304Sjkim unsigned char *packet; 1315280304Sjkim unsigned int packet_length; 1316280304Sjkim struct ssl2_state_st *s2; /* SSLv2 variables */ 1317280304Sjkim struct ssl3_state_st *s3; /* SSLv3 variables */ 1318280304Sjkim struct dtls1_state_st *d1; /* DTLSv1 variables */ 1319280304Sjkim int read_ahead; /* Read as many input bytes as possible (for 1320280304Sjkim * non-blocking reads) */ 1321280304Sjkim /* callback that allows applications to peek at protocol messages */ 1322280304Sjkim void (*msg_callback) (int write_p, int version, int content_type, 1323280304Sjkim const void *buf, size_t len, SSL *ssl, void *arg); 1324280304Sjkim void *msg_callback_arg; 1325280304Sjkim int hit; /* reusing a previous session */ 1326280304Sjkim X509_VERIFY_PARAM *param; 1327280304Sjkim# if 0 1328280304Sjkim int purpose; /* Purpose setting */ 1329280304Sjkim int trust; /* Trust setting */ 1330280304Sjkim# endif 1331280304Sjkim /* crypto */ 1332280304Sjkim STACK_OF(SSL_CIPHER) *cipher_list; 1333280304Sjkim STACK_OF(SSL_CIPHER) *cipher_list_by_id; 1334280304Sjkim /* 1335280304Sjkim * These are the ones being used, the ones in SSL_SESSION are the ones to 1336280304Sjkim * be 'copied' into these ones 1337280304Sjkim */ 1338280304Sjkim int mac_flags; 1339280304Sjkim EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 1340280304Sjkim EVP_MD_CTX *read_hash; /* used for mac generation */ 1341280304Sjkim# ifndef OPENSSL_NO_COMP 1342280304Sjkim COMP_CTX *expand; /* uncompress */ 1343280304Sjkim# else 1344280304Sjkim char *expand; 1345280304Sjkim# endif 1346280304Sjkim EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 1347280304Sjkim EVP_MD_CTX *write_hash; /* used for mac generation */ 1348280304Sjkim# ifndef OPENSSL_NO_COMP 1349280304Sjkim COMP_CTX *compress; /* compression */ 1350280304Sjkim# else 1351280304Sjkim char *compress; 1352280304Sjkim# endif 1353280304Sjkim /* session info */ 1354280304Sjkim /* client cert? */ 1355280304Sjkim /* This is used to hold the server certificate used */ 1356280304Sjkim struct cert_st /* CERT */ *cert; 1357280304Sjkim /* 1358280304Sjkim * the session_id_context is used to ensure sessions are only reused in 1359280304Sjkim * the appropriate context 1360280304Sjkim */ 1361280304Sjkim unsigned int sid_ctx_length; 1362280304Sjkim unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 1363280304Sjkim /* This can also be in the session once a session is established */ 1364280304Sjkim SSL_SESSION *session; 1365280304Sjkim /* Default generate session ID callback. */ 1366280304Sjkim GEN_SESSION_CB generate_session_id; 1367280304Sjkim /* Used in SSL2 and SSL3 */ 1368280304Sjkim /* 1369280304Sjkim * 0 don't care about verify failure. 1370280304Sjkim * 1 fail if verify fails 1371280304Sjkim */ 1372280304Sjkim int verify_mode; 1373280304Sjkim /* fail if callback returns 0 */ 1374280304Sjkim int (*verify_callback) (int ok, X509_STORE_CTX *ctx); 1375280304Sjkim /* optional informational callback */ 1376280304Sjkim void (*info_callback) (const SSL *ssl, int type, int val); 1377280304Sjkim /* error bytes to be written */ 1378280304Sjkim int error; 1379280304Sjkim /* actual code */ 1380280304Sjkim int error_code; 1381280304Sjkim# ifndef OPENSSL_NO_KRB5 1382280304Sjkim /* Kerberos 5 context */ 1383280304Sjkim KSSL_CTX *kssl_ctx; 1384280304Sjkim# endif /* OPENSSL_NO_KRB5 */ 1385280304Sjkim# ifndef OPENSSL_NO_PSK 1386280304Sjkim unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, 1387280304Sjkim char *identity, 1388280304Sjkim unsigned int max_identity_len, 1389280304Sjkim unsigned char *psk, 1390280304Sjkim unsigned int max_psk_len); 1391280304Sjkim unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, 1392280304Sjkim unsigned char *psk, 1393280304Sjkim unsigned int max_psk_len); 1394280304Sjkim# endif 1395280304Sjkim SSL_CTX *ctx; 1396280304Sjkim /* 1397280304Sjkim * set this flag to 1 and a sleep(1) is put into all SSL_read() and 1398280304Sjkim * SSL_write() calls, good for nbio debuging :-) 1399280304Sjkim */ 1400280304Sjkim int debug; 1401280304Sjkim /* extra application data */ 1402280304Sjkim long verify_result; 1403280304Sjkim CRYPTO_EX_DATA ex_data; 1404280304Sjkim /* for server side, keep the list of CA_dn we can use */ 1405280304Sjkim STACK_OF(X509_NAME) *client_CA; 1406280304Sjkim int references; 1407280304Sjkim /* protocol behaviour */ 1408280304Sjkim unsigned long options; 1409280304Sjkim /* API behaviour */ 1410280304Sjkim unsigned long mode; 1411280304Sjkim long max_cert_list; 1412280304Sjkim int first_packet; 1413280304Sjkim /* what was passed, used for SSLv3/TLS rollback check */ 1414280304Sjkim int client_version; 1415280304Sjkim unsigned int max_send_fragment; 1416280304Sjkim# ifndef OPENSSL_NO_TLSEXT 1417280304Sjkim /* TLS extension debug callback */ 1418280304Sjkim void (*tlsext_debug_cb) (SSL *s, int client_server, int type, 1419280304Sjkim unsigned char *data, int len, void *arg); 1420280304Sjkim void *tlsext_debug_arg; 1421280304Sjkim char *tlsext_hostname; 1422280304Sjkim /*- 1423280304Sjkim * no further mod of servername 1424280304Sjkim * 0 : call the servername extension callback. 1425280304Sjkim * 1 : prepare 2, allow last ack just after in server callback. 1426280304Sjkim * 2 : don't call servername callback, no ack in server hello 1427280304Sjkim */ 1428280304Sjkim int servername_done; 1429280304Sjkim /* certificate status request info */ 1430280304Sjkim /* Status type or -1 if no status type */ 1431280304Sjkim int tlsext_status_type; 1432280304Sjkim /* Expect OCSP CertificateStatus message */ 1433280304Sjkim int tlsext_status_expected; 1434280304Sjkim /* OCSP status request only */ 1435280304Sjkim STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; 1436280304Sjkim X509_EXTENSIONS *tlsext_ocsp_exts; 1437280304Sjkim /* OCSP response received or to be sent */ 1438280304Sjkim unsigned char *tlsext_ocsp_resp; 1439280304Sjkim int tlsext_ocsp_resplen; 1440280304Sjkim /* RFC4507 session ticket expected to be received or sent */ 1441280304Sjkim int tlsext_ticket_expected; 1442280304Sjkim# ifndef OPENSSL_NO_EC 1443280304Sjkim size_t tlsext_ecpointformatlist_length; 1444280304Sjkim /* our list */ 1445280304Sjkim unsigned char *tlsext_ecpointformatlist; 1446280304Sjkim size_t tlsext_ellipticcurvelist_length; 1447280304Sjkim /* our list */ 1448280304Sjkim unsigned char *tlsext_ellipticcurvelist; 1449280304Sjkim# endif /* OPENSSL_NO_EC */ 1450280304Sjkim /* 1451280304Sjkim * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for 1452280304Sjkim * handshakes 1453280304Sjkim */ 1454280304Sjkim void *tlsext_opaque_prf_input; 1455280304Sjkim size_t tlsext_opaque_prf_input_len; 1456280304Sjkim /* TLS Session Ticket extension override */ 1457280304Sjkim TLS_SESSION_TICKET_EXT *tlsext_session_ticket; 1458280304Sjkim /* TLS Session Ticket extension callback */ 1459280304Sjkim tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; 1460280304Sjkim void *tls_session_ticket_ext_cb_arg; 1461280304Sjkim /* TLS pre-shared secret session resumption */ 1462280304Sjkim tls_session_secret_cb_fn tls_session_secret_cb; 1463280304Sjkim void *tls_session_secret_cb_arg; 1464280304Sjkim SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ 1465280304Sjkim# ifndef OPENSSL_NO_NEXTPROTONEG 1466280304Sjkim /* 1467280304Sjkim * Next protocol negotiation. For the client, this is the protocol that 1468280304Sjkim * we sent in NextProtocol and is set when handling ServerHello 1469280304Sjkim * extensions. For a server, this is the client's selected_protocol from 1470280304Sjkim * NextProtocol and is set when handling the NextProtocol message, before 1471280304Sjkim * the Finished message. 1472280304Sjkim */ 1473280304Sjkim unsigned char *next_proto_negotiated; 1474280304Sjkim unsigned char next_proto_negotiated_len; 1475280304Sjkim# endif 1476280304Sjkim# define session_ctx initial_ctx 1477280304Sjkim /* What we'll do */ 1478280304Sjkim STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 1479280304Sjkim /* What's been chosen */ 1480280304Sjkim SRTP_PROTECTION_PROFILE *srtp_profile; 1481280304Sjkim /*- 1482280304Sjkim * Is use of the Heartbeat extension negotiated? 1483280304Sjkim * 0: disabled 1484280304Sjkim * 1: enabled 1485280304Sjkim * 2: enabled, but not allowed to send Requests 1486280304Sjkim */ 1487280304Sjkim unsigned int tlsext_heartbeat; 1488280304Sjkim /* Indicates if a HeartbeatRequest is in flight */ 1489280304Sjkim unsigned int tlsext_hb_pending; 1490280304Sjkim /* HeartbeatRequest sequence number */ 1491280304Sjkim unsigned int tlsext_hb_seq; 1492280304Sjkim# else 1493280304Sjkim# define session_ctx ctx 1494280304Sjkim# endif /* OPENSSL_NO_TLSEXT */ 1495280304Sjkim /*- 1496280304Sjkim * 1 if we are renegotiating. 1497280304Sjkim * 2 if we are a server and are inside a handshake 1498280304Sjkim * (i.e. not just sending a HelloRequest) 1499280304Sjkim */ 1500280304Sjkim int renegotiate; 1501280304Sjkim# ifndef OPENSSL_NO_SRP 1502280304Sjkim /* ctx for SRP authentication */ 1503280304Sjkim SRP_CTX srp_ctx; 1504280304Sjkim# endif 1505280304Sjkim}; 150655714Skris 1507280304Sjkim# endif 150855714Skris 150968651Skris#ifdef __cplusplus 151068651Skris} 151168651Skris#endif 151268651Skris 1513280304Sjkim# include <openssl/ssl2.h> 1514280304Sjkim# include <openssl/ssl3.h> 1515280304Sjkim# include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ 1516280304Sjkim# include <openssl/dtls1.h> /* Datagram TLS */ 1517280304Sjkim# include <openssl/ssl23.h> 1518280304Sjkim# include <openssl/srtp.h> /* Support for the use_srtp extension */ 151955714Skris 152068651Skris#ifdef __cplusplus 152168651Skrisextern "C" { 152268651Skris#endif 152368651Skris 152459191Skris/* compatibility */ 1525280304Sjkim# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) 1526280304Sjkim# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) 1527280304Sjkim# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) 1528280304Sjkim# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) 1529280304Sjkim# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) 1530280304Sjkim# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) 153155714Skris 1532280304Sjkim/* 1533280304Sjkim * The following are the possible values for ssl->state are are used to 1534280304Sjkim * indicate where we are up to in the SSL connection establishment. The 1535280304Sjkim * macros that follow are about the only things you should need to use and 1536280304Sjkim * even then, only when using non-blocking IO. It can also be useful to work 1537280304Sjkim * out where you were when the connection failed 1538280304Sjkim */ 153955714Skris 1540280304Sjkim# define SSL_ST_CONNECT 0x1000 1541280304Sjkim# define SSL_ST_ACCEPT 0x2000 1542280304Sjkim# define SSL_ST_MASK 0x0FFF 1543280304Sjkim# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) 1544280304Sjkim# define SSL_ST_BEFORE 0x4000 1545280304Sjkim# define SSL_ST_OK 0x03 1546280304Sjkim# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) 1547326721Sgordon# define SSL_ST_ERR (0x05|SSL_ST_INIT) 154855714Skris 1549280304Sjkim# define SSL_CB_LOOP 0x01 1550280304Sjkim# define SSL_CB_EXIT 0x02 1551280304Sjkim# define SSL_CB_READ 0x04 1552280304Sjkim# define SSL_CB_WRITE 0x08 1553280304Sjkim# define SSL_CB_ALERT 0x4000/* used in callback */ 1554280304Sjkim# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) 1555280304Sjkim# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) 1556280304Sjkim# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) 1557280304Sjkim# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) 1558280304Sjkim# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) 1559280304Sjkim# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) 1560280304Sjkim# define SSL_CB_HANDSHAKE_START 0x10 1561280304Sjkim# define SSL_CB_HANDSHAKE_DONE 0x20 156255714Skris 156355714Skris/* Is the SSL_connection established? */ 1564280304Sjkim# define SSL_get_state(a) SSL_state(a) 1565280304Sjkim# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) 1566280304Sjkim# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) 1567280304Sjkim# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) 1568280304Sjkim# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) 1569280304Sjkim# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) 157055714Skris 1571280304Sjkim/* 1572280304Sjkim * The following 2 states are kept in ssl->rstate when reads fail, you should 1573280304Sjkim * not need these 1574280304Sjkim */ 1575280304Sjkim# define SSL_ST_READ_HEADER 0xF0 1576280304Sjkim# define SSL_ST_READ_BODY 0xF1 1577280304Sjkim# define SSL_ST_READ_DONE 0xF2 157855714Skris 1579280304Sjkim/*- 1580280304Sjkim * Obtain latest Finished message 158159191Skris * -- that we sent (SSL_get_finished) 158259191Skris * -- that we expected from peer (SSL_get_peer_finished). 1583280304Sjkim * Returns length (0 == no Finished so far), copies up to 'count' bytes. 1584280304Sjkim */ 1585160814Ssimonsize_t SSL_get_finished(const SSL *s, void *buf, size_t count); 1586160814Ssimonsize_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); 158759191Skris 1588280304Sjkim/* 1589280304Sjkim * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are 1590280304Sjkim * 'ored' with SSL_VERIFY_PEER if they are desired 1591280304Sjkim */ 1592280304Sjkim# define SSL_VERIFY_NONE 0x00 1593280304Sjkim# define SSL_VERIFY_PEER 0x01 1594280304Sjkim# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 1595280304Sjkim# define SSL_VERIFY_CLIENT_ONCE 0x04 159655714Skris 1597280304Sjkim# define OpenSSL_add_ssl_algorithms() SSL_library_init() 1598280304Sjkim# define SSLeay_add_ssl_algorithms() SSL_library_init() 159955714Skris 160059191Skris/* this is for backward compatibility */ 1601280304Sjkim# if 0 /* NEW_SSLEAY */ 1602280304Sjkim# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) 1603280304Sjkim# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) 1604280304Sjkim# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) 1605280304Sjkim# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) 1606280304Sjkim# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) 1607280304Sjkim# endif 160859191Skris/* More backward compatibility */ 1609280304Sjkim# define SSL_get_cipher(s) \ 1610280304Sjkim SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 1611280304Sjkim# define SSL_get_cipher_bits(s,np) \ 1612280304Sjkim SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) 1613280304Sjkim# define SSL_get_cipher_version(s) \ 1614280304Sjkim SSL_CIPHER_get_version(SSL_get_current_cipher(s)) 1615280304Sjkim# define SSL_get_cipher_name(s) \ 1616280304Sjkim SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 1617280304Sjkim# define SSL_get_time(a) SSL_SESSION_get_time(a) 1618280304Sjkim# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) 1619280304Sjkim# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) 1620280304Sjkim# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) 162155714Skris 1622280304Sjkim# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) 1623280304Sjkim# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) 162455714Skris 1625238405SjkimDECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 1626280304Sjkim# define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value 1627280304Sjkim * from SSL_AD_... */ 162855714Skris/* These alert types are for SSLv3 and TLSv1 */ 1629280304Sjkim# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY 1630280304Sjkim/* fatal */ 1631280304Sjkim# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE 1632280304Sjkim/* fatal */ 1633280304Sjkim# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC 1634280304Sjkim# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED 1635280304Sjkim# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW 1636280304Sjkim/* fatal */ 1637280304Sjkim# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE 1638280304Sjkim/* fatal */ 1639280304Sjkim# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE 1640280304Sjkim/* Not for TLS */ 1641280304Sjkim# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE 1642280304Sjkim# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE 1643280304Sjkim# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE 1644280304Sjkim# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED 1645280304Sjkim# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED 1646280304Sjkim# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN 1647280304Sjkim/* fatal */ 1648280304Sjkim# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER 1649280304Sjkim/* fatal */ 1650280304Sjkim# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA 1651280304Sjkim/* fatal */ 1652280304Sjkim# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED 1653280304Sjkim/* fatal */ 1654280304Sjkim# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR 1655280304Sjkim# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR 1656280304Sjkim/* fatal */ 1657280304Sjkim# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION 1658280304Sjkim/* fatal */ 1659280304Sjkim# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION 1660280304Sjkim/* fatal */ 1661280304Sjkim# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY 1662280304Sjkim/* fatal */ 1663280304Sjkim# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR 1664280304Sjkim# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED 1665280304Sjkim# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION 1666280304Sjkim# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION 1667280304Sjkim# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE 1668280304Sjkim# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME 1669280304Sjkim# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 1670280304Sjkim# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 1671280304Sjkim/* fatal */ 1672280304Sjkim# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY 1673280304Sjkim/* fatal */ 1674280304Sjkim# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK 1675280304Sjkim# define SSL_ERROR_NONE 0 1676280304Sjkim# define SSL_ERROR_SSL 1 1677280304Sjkim# define SSL_ERROR_WANT_READ 2 1678280304Sjkim# define SSL_ERROR_WANT_WRITE 3 1679280304Sjkim# define SSL_ERROR_WANT_X509_LOOKUP 4 1680280304Sjkim# define SSL_ERROR_SYSCALL 5/* look at error stack/return 1681280304Sjkim * value/errno */ 1682280304Sjkim# define SSL_ERROR_ZERO_RETURN 6 1683280304Sjkim# define SSL_ERROR_WANT_CONNECT 7 1684280304Sjkim# define SSL_ERROR_WANT_ACCEPT 8 1685280304Sjkim# define SSL_CTRL_NEED_TMP_RSA 1 1686280304Sjkim# define SSL_CTRL_SET_TMP_RSA 2 1687280304Sjkim# define SSL_CTRL_SET_TMP_DH 3 1688280304Sjkim# define SSL_CTRL_SET_TMP_ECDH 4 1689280304Sjkim# define SSL_CTRL_SET_TMP_RSA_CB 5 1690280304Sjkim# define SSL_CTRL_SET_TMP_DH_CB 6 1691280304Sjkim# define SSL_CTRL_SET_TMP_ECDH_CB 7 1692280304Sjkim# define SSL_CTRL_GET_SESSION_REUSED 8 1693280304Sjkim# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 1694280304Sjkim# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 1695280304Sjkim# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 1696280304Sjkim# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 1697280304Sjkim# define SSL_CTRL_GET_FLAGS 13 1698280304Sjkim# define SSL_CTRL_EXTRA_CHAIN_CERT 14 1699280304Sjkim# define SSL_CTRL_SET_MSG_CALLBACK 15 1700280304Sjkim# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 1701160814Ssimon/* only applies to datagram connections */ 1702280304Sjkim# define SSL_CTRL_SET_MTU 17 170355714Skris/* Stats */ 1704280304Sjkim# define SSL_CTRL_SESS_NUMBER 20 1705280304Sjkim# define SSL_CTRL_SESS_CONNECT 21 1706280304Sjkim# define SSL_CTRL_SESS_CONNECT_GOOD 22 1707280304Sjkim# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 1708280304Sjkim# define SSL_CTRL_SESS_ACCEPT 24 1709280304Sjkim# define SSL_CTRL_SESS_ACCEPT_GOOD 25 1710280304Sjkim# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 1711280304Sjkim# define SSL_CTRL_SESS_HIT 27 1712280304Sjkim# define SSL_CTRL_SESS_CB_HIT 28 1713280304Sjkim# define SSL_CTRL_SESS_MISSES 29 1714280304Sjkim# define SSL_CTRL_SESS_TIMEOUTS 30 1715280304Sjkim# define SSL_CTRL_SESS_CACHE_FULL 31 1716280304Sjkim# define SSL_CTRL_OPTIONS 32 1717280304Sjkim# define SSL_CTRL_MODE 33 1718280304Sjkim# define SSL_CTRL_GET_READ_AHEAD 40 1719280304Sjkim# define SSL_CTRL_SET_READ_AHEAD 41 1720280304Sjkim# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 1721280304Sjkim# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 1722280304Sjkim# define SSL_CTRL_SET_SESS_CACHE_MODE 44 1723280304Sjkim# define SSL_CTRL_GET_SESS_CACHE_MODE 45 1724280304Sjkim# define SSL_CTRL_GET_MAX_CERT_LIST 50 1725280304Sjkim# define SSL_CTRL_SET_MAX_CERT_LIST 51 1726280304Sjkim# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 1727194206Ssimon/* see tls1.h for macros based on these */ 1728280304Sjkim# ifndef OPENSSL_NO_TLSEXT 1729280304Sjkim# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 1730280304Sjkim# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 1731280304Sjkim# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 1732280304Sjkim# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 1733280304Sjkim# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 1734280304Sjkim# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 1735280304Sjkim# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 1736280304Sjkim# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 1737280304Sjkim# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 1738280304Sjkim# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 1739280304Sjkim# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 1740280304Sjkim# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 1741280304Sjkim# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 1742280304Sjkim# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 1743280304Sjkim# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 1744280304Sjkim# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 1745280304Sjkim# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 1746280304Sjkim# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 1747280304Sjkim# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 1748280304Sjkim# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 1749280304Sjkim# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 1750280304Sjkim# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 1751280304Sjkim# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 1752280304Sjkim# define SSL_CTRL_SET_SRP_ARG 78 1753280304Sjkim# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 1754280304Sjkim# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 1755280304Sjkim# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 1756280304Sjkim# ifndef OPENSSL_NO_HEARTBEATS 1757280304Sjkim# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 1758280304Sjkim# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 1759280304Sjkim# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 1760280304Sjkim# endif 1761280304Sjkim# endif 1762280304Sjkim# define DTLS_CTRL_GET_TIMEOUT 73 1763280304Sjkim# define DTLS_CTRL_HANDLE_TIMEOUT 74 1764280304Sjkim# define DTLS_CTRL_LISTEN 75 1765280304Sjkim# define SSL_CTRL_GET_RI_SUPPORT 76 1766280304Sjkim# define SSL_CTRL_CLEAR_OPTIONS 77 1767280304Sjkim# define SSL_CTRL_CLEAR_MODE 78 1768280304Sjkim# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 1769280304Sjkim# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 1770280304Sjkim# define SSL_CTRL_CHECK_PROTO_VERSION 119 1771280304Sjkim# define DTLS_CTRL_SET_LINK_MTU 120 1772280304Sjkim# define DTLS_CTRL_GET_LINK_MIN_MTU 121 1773280304Sjkim# define DTLSv1_get_timeout(ssl, arg) \ 1774280304Sjkim SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) 1775280304Sjkim# define DTLSv1_handle_timeout(ssl) \ 1776280304Sjkim SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) 1777280304Sjkim# define DTLSv1_listen(ssl, peer) \ 1778280304Sjkim SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) 1779280304Sjkim# define SSL_session_reused(ssl) \ 1780280304Sjkim SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) 1781280304Sjkim# define SSL_num_renegotiations(ssl) \ 1782280304Sjkim SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) 1783280304Sjkim# define SSL_clear_num_renegotiations(ssl) \ 1784280304Sjkim SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) 1785280304Sjkim# define SSL_total_renegotiations(ssl) \ 1786280304Sjkim SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) 1787280304Sjkim# define SSL_CTX_need_tmp_RSA(ctx) \ 1788280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) 1789280304Sjkim# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ 1790280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) 1791280304Sjkim# define SSL_CTX_set_tmp_dh(ctx,dh) \ 1792280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) 1793280304Sjkim# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ 1794280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 1795280304Sjkim# define SSL_need_tmp_RSA(ssl) \ 1796280304Sjkim SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) 1797280304Sjkim# define SSL_set_tmp_rsa(ssl,rsa) \ 1798280304Sjkim SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) 1799280304Sjkim# define SSL_set_tmp_dh(ssl,dh) \ 1800280304Sjkim SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) 1801280304Sjkim# define SSL_set_tmp_ecdh(ssl,ecdh) \ 1802280304Sjkim SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 1803280304Sjkim# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ 1804280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) 1805280304Sjkim# define SSL_CTX_get_extra_chain_certs(ctx,px509) \ 1806280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) 1807280304Sjkim# define SSL_CTX_clear_extra_chain_certs(ctx) \ 1808280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) 1809280304Sjkim# ifndef OPENSSL_NO_BIO 181055714SkrisBIO_METHOD *BIO_f_ssl(void); 1811280304SjkimBIO *BIO_new_ssl(SSL_CTX *ctx, int client); 181255714SkrisBIO *BIO_new_ssl_connect(SSL_CTX *ctx); 181355714SkrisBIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); 1814280304Sjkimint BIO_ssl_copy_session_id(BIO *to, BIO *from); 181555714Skrisvoid BIO_ssl_shutdown(BIO *ssl_bio); 181655714Skris 1817280304Sjkim# endif 181855714Skris 1819280304Sjkimint SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); 1820238405SjkimSSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); 1821280304Sjkimvoid SSL_CTX_free(SSL_CTX *); 1822280304Sjkimlong SSL_CTX_set_timeout(SSL_CTX *ctx, long t); 1823160814Ssimonlong SSL_CTX_get_timeout(const SSL_CTX *ctx); 1824160814SsimonX509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); 1825280304Sjkimvoid SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); 1826160814Ssimonint SSL_want(const SSL *s); 1827280304Sjkimint SSL_clear(SSL *s); 182855714Skris 1829280304Sjkimvoid SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); 183055714Skris 1831238405Sjkimconst SSL_CIPHER *SSL_get_current_cipher(const SSL *s); 1832280304Sjkimint SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); 1833280304Sjkimchar *SSL_CIPHER_get_version(const SSL_CIPHER *c); 1834280304Sjkimconst char *SSL_CIPHER_get_name(const SSL_CIPHER *c); 1835280304Sjkimunsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); 183655714Skris 1837280304Sjkimint SSL_get_fd(const SSL *s); 1838280304Sjkimint SSL_get_rfd(const SSL *s); 1839280304Sjkimint SSL_get_wfd(const SSL *s); 1840280304Sjkimconst char *SSL_get_cipher_list(const SSL *s, int n); 1841280304Sjkimchar *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); 1842280304Sjkimint SSL_get_read_ahead(const SSL *s); 1843280304Sjkimint SSL_pending(const SSL *s); 1844280304Sjkim# ifndef OPENSSL_NO_SOCK 1845280304Sjkimint SSL_set_fd(SSL *s, int fd); 1846280304Sjkimint SSL_set_rfd(SSL *s, int fd); 1847280304Sjkimint SSL_set_wfd(SSL *s, int fd); 1848280304Sjkim# endif 1849280304Sjkim# ifndef OPENSSL_NO_BIO 1850280304Sjkimvoid SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); 1851280304SjkimBIO *SSL_get_rbio(const SSL *s); 1852280304SjkimBIO *SSL_get_wbio(const SSL *s); 1853280304Sjkim# endif 1854280304Sjkimint SSL_set_cipher_list(SSL *s, const char *str); 1855280304Sjkimvoid SSL_set_read_ahead(SSL *s, int yes); 1856280304Sjkimint SSL_get_verify_mode(const SSL *s); 1857280304Sjkimint SSL_get_verify_depth(const SSL *s); 1858280304Sjkimint (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); 1859280304Sjkimvoid SSL_set_verify(SSL *s, int mode, 1860280304Sjkim int (*callback) (int ok, X509_STORE_CTX *ctx)); 1861280304Sjkimvoid SSL_set_verify_depth(SSL *s, int depth); 1862280304Sjkim# ifndef OPENSSL_NO_RSA 1863280304Sjkimint SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); 1864280304Sjkim# endif 1865280304Sjkimint SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); 1866280304Sjkimint SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); 1867280304Sjkimint SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, 1868280304Sjkim long len); 1869280304Sjkimint SSL_use_certificate(SSL *ssl, X509 *x); 1870280304Sjkimint SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); 187155714Skris 1872280304Sjkim# ifndef OPENSSL_NO_STDIO 1873280304Sjkimint SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); 1874280304Sjkimint SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); 1875280304Sjkimint SSL_use_certificate_file(SSL *ssl, const char *file, int type); 1876280304Sjkimint SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); 1877280304Sjkimint SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); 1878280304Sjkimint SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); 1879280304Sjkim/* PEM type */ 1880280304Sjkimint SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); 188155714SkrisSTACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 1882280304Sjkimint SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 1883280304Sjkim const char *file); 1884280304Sjkim# ifndef OPENSSL_SYS_VMS 1885280304Sjkim/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ 1886280304Sjkim# ifndef OPENSSL_SYS_MACINTOSH_CLASSIC 1887280304Sjkimint SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 1888280304Sjkim const char *dir); 1889280304Sjkim# endif 1890280304Sjkim# endif 189155714Skris 1892280304Sjkim# endif 1893109998Smarkm 1894280304Sjkimvoid SSL_load_error_strings(void); 1895109998Smarkmconst char *SSL_state_string(const SSL *s); 1896109998Smarkmconst char *SSL_rstate_string(const SSL *s); 1897109998Smarkmconst char *SSL_state_string_long(const SSL *s); 1898109998Smarkmconst char *SSL_rstate_string_long(const SSL *s); 1899280304Sjkimlong SSL_SESSION_get_time(const SSL_SESSION *s); 1900280304Sjkimlong SSL_SESSION_set_time(SSL_SESSION *s, long t); 1901280304Sjkimlong SSL_SESSION_get_timeout(const SSL_SESSION *s); 1902280304Sjkimlong SSL_SESSION_set_timeout(SSL_SESSION *s, long t); 1903280304Sjkimvoid SSL_copy_session_id(SSL *to, const SSL *from); 1904238405SjkimX509 *SSL_SESSION_get0_peer(SSL_SESSION *s); 1905280304Sjkimint SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, 1906280304Sjkim unsigned int sid_ctx_len); 190755714Skris 190855714SkrisSSL_SESSION *SSL_SESSION_new(void); 1909238405Sjkimconst unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, 1910280304Sjkim unsigned int *len); 1911238405Sjkimunsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); 1912280304Sjkim# ifndef OPENSSL_NO_FP_API 1913280304Sjkimint SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); 1914280304Sjkim# endif 1915280304Sjkim# ifndef OPENSSL_NO_BIO 1916280304Sjkimint SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); 1917280304Sjkim# endif 1918280304Sjkimvoid SSL_SESSION_free(SSL_SESSION *ses); 1919280304Sjkimint i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); 1920280304Sjkimint SSL_set_session(SSL *to, SSL_SESSION *session); 1921280304Sjkimint SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); 1922280304Sjkimint SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); 1923280304Sjkimint SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); 1924280304Sjkimint SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); 1925280304Sjkimint SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 1926280304Sjkim unsigned int id_len); 1927280304SjkimSSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 1928280304Sjkim long length); 192955714Skris 1930280304Sjkim# ifdef HEADER_X509_H 1931280304SjkimX509 *SSL_get_peer_certificate(const SSL *s); 1932280304Sjkim# endif 193355714Skris 1934160814SsimonSTACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); 193555714Skris 1936160814Ssimonint SSL_CTX_get_verify_mode(const SSL_CTX *ctx); 1937160814Ssimonint SSL_CTX_get_verify_depth(const SSL_CTX *ctx); 1938280304Sjkimint (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, 1939280304Sjkim X509_STORE_CTX *); 1940280304Sjkimvoid SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 1941280304Sjkim int (*callback) (int, X509_STORE_CTX *)); 1942280304Sjkimvoid SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); 1943280304Sjkimvoid SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 1944280304Sjkim int (*cb) (X509_STORE_CTX *, void *), 1945280304Sjkim void *arg); 1946280304Sjkim# ifndef OPENSSL_NO_RSA 194755714Skrisint SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 1948280304Sjkim# endif 1949280304Sjkimint SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, 1950280304Sjkim long len); 195155714Skrisint SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 1952280304Sjkimint SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, 1953280304Sjkim const unsigned char *d, long len); 195455714Skrisint SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 1955280304Sjkimint SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, 1956280304Sjkim const unsigned char *d); 195755714Skris 195855714Skrisvoid SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); 195955714Skrisvoid SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); 196055714Skris 1961160814Ssimonint SSL_CTX_check_private_key(const SSL_CTX *ctx); 1962160814Ssimonint SSL_check_private_key(const SSL *ctx); 196355714Skris 1964280304Sjkimint SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 1965280304Sjkim unsigned int sid_ctx_len); 196655714Skris 1967280304SjkimSSL *SSL_new(SSL_CTX *ctx); 1968280304Sjkimint SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 1969280304Sjkim unsigned int sid_ctx_len); 197059191Skris 197159191Skrisint SSL_CTX_set_purpose(SSL_CTX *s, int purpose); 197259191Skrisint SSL_set_purpose(SSL *s, int purpose); 197359191Skrisint SSL_CTX_set_trust(SSL_CTX *s, int trust); 197459191Skrisint SSL_set_trust(SSL *s, int trust); 197559191Skris 1976238405Sjkimint SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); 1977238405Sjkimint SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 1978238405Sjkim 1979280304Sjkim# ifndef OPENSSL_NO_SRP 1980280304Sjkimint SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); 1981280304Sjkimint SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); 1982238405Sjkimint SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); 1983238405Sjkimint SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, 1984280304Sjkim char *(*cb) (SSL *, void *)); 1985238405Sjkimint SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, 1986280304Sjkim int (*cb) (SSL *, void *)); 1987238405Sjkimint SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, 1988280304Sjkim int (*cb) (SSL *, int *, void *)); 1989238405Sjkimint SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); 1990238405Sjkim 1991238405Sjkimint SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, 1992280304Sjkim BIGNUM *sa, BIGNUM *v, char *info); 1993238405Sjkimint SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, 1994280304Sjkim const char *grp); 1995238405Sjkim 1996238405SjkimBIGNUM *SSL_get_srp_g(SSL *s); 1997238405SjkimBIGNUM *SSL_get_srp_N(SSL *s); 1998238405Sjkim 1999238405Sjkimchar *SSL_get_srp_username(SSL *s); 2000238405Sjkimchar *SSL_get_srp_userinfo(SSL *s); 2001280304Sjkim# endif 2002238405Sjkim 2003280304Sjkimvoid SSL_free(SSL *ssl); 2004280304Sjkimint SSL_accept(SSL *ssl); 2005280304Sjkimint SSL_connect(SSL *ssl); 2006280304Sjkimint SSL_read(SSL *ssl, void *buf, int num); 2007280304Sjkimint SSL_peek(SSL *ssl, void *buf, int num); 2008280304Sjkimint SSL_write(SSL *ssl, const void *buf, int num); 2009280304Sjkimlong SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); 2010280304Sjkimlong SSL_callback_ctrl(SSL *, int, void (*)(void)); 2011280304Sjkimlong SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); 2012280304Sjkimlong SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); 201355714Skris 2014280304Sjkimint SSL_get_error(const SSL *s, int ret_code); 2015160814Ssimonconst char *SSL_get_version(const SSL *s); 201655714Skris 201755714Skris/* This sets the 'default' SSL version that SSL_new() will create */ 2018238405Sjkimint SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); 201955714Skris 2020298999Sjkim# ifndef OPENSSL_NO_SSL2_METHOD 2021280304Sjkimconst SSL_METHOD *SSLv2_method(void); /* SSLv2 */ 2022280304Sjkimconst SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ 2023280304Sjkimconst SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ 2024280304Sjkim# endif 202555714Skris 2026280304Sjkim# ifndef OPENSSL_NO_SSL3_METHOD 2027280304Sjkimconst SSL_METHOD *SSLv3_method(void); /* SSLv3 */ 2028280304Sjkimconst SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ 2029280304Sjkimconst SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ 2030280304Sjkim# endif 203155714Skris 2032280304Sjkimconst SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS 2033280304Sjkim * version */ 2034280304Sjkimconst SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available 2035280304Sjkim * SSL/TLS version */ 2036280304Sjkimconst SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available 2037280304Sjkim * SSL/TLS version */ 203855714Skris 2039280304Sjkimconst SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ 2040280304Sjkimconst SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ 2041280304Sjkimconst SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ 204255714Skris 2043280304Sjkimconst SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ 2044280304Sjkimconst SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ 2045280304Sjkimconst SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ 204655714Skris 2047280304Sjkimconst SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ 2048280304Sjkimconst SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ 2049280304Sjkimconst SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ 2050238405Sjkim 2051280304Sjkimconst SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ 2052280304Sjkimconst SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ 2053280304Sjkimconst SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ 2054238405Sjkim 2055160814SsimonSTACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); 2056160814Ssimon 205755714Skrisint SSL_do_handshake(SSL *s); 205855714Skrisint SSL_renegotiate(SSL *s); 2059238405Sjkimint SSL_renegotiate_abbreviated(SSL *s); 2060109998Smarkmint SSL_renegotiate_pending(SSL *s); 206155714Skrisint SSL_shutdown(SSL *s); 206255714Skris 2063238405Sjkimconst SSL_METHOD *SSL_get_ssl_method(SSL *s); 2064238405Sjkimint SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); 2065109998Smarkmconst char *SSL_alert_type_string_long(int value); 2066109998Smarkmconst char *SSL_alert_type_string(int value); 2067109998Smarkmconst char *SSL_alert_desc_string_long(int value); 2068109998Smarkmconst char *SSL_alert_desc_string(int value); 206955714Skris 2070127128Snectarvoid SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); 2071127128Snectarvoid SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); 2072160814SsimonSTACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); 2073160814SsimonSTACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); 2074280304Sjkimint SSL_add_client_CA(SSL *ssl, X509 *x); 2075280304Sjkimint SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); 207655714Skris 207755714Skrisvoid SSL_set_connect_state(SSL *s); 207855714Skrisvoid SSL_set_accept_state(SSL *s); 207955714Skris 2080160814Ssimonlong SSL_get_default_timeout(const SSL *s); 208155714Skris 2082280304Sjkimint SSL_library_init(void); 208355714Skris 2084280304Sjkimchar *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); 208555714SkrisSTACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); 208655714Skris 208755714SkrisSSL *SSL_dup(SSL *ssl); 208855714Skris 2089160814SsimonX509 *SSL_get_certificate(const SSL *ssl); 2090280304Sjkim/* 2091280304Sjkim * EVP_PKEY 2092280304Sjkim */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); 209355714Skris 2094280304Sjkimvoid SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); 2095160814Ssimonint SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); 2096280304Sjkimvoid SSL_set_quiet_shutdown(SSL *ssl, int mode); 2097160814Ssimonint SSL_get_quiet_shutdown(const SSL *ssl); 2098280304Sjkimvoid SSL_set_shutdown(SSL *ssl, int mode); 2099160814Ssimonint SSL_get_shutdown(const SSL *ssl); 2100160814Ssimonint SSL_version(const SSL *ssl); 210155714Skrisint SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); 210255714Skrisint SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 2103280304Sjkim const char *CApath); 2104280304Sjkim# define SSL_get0_session SSL_get_session/* just peek at pointer */ 2105160814SsimonSSL_SESSION *SSL_get_session(const SSL *ssl); 210659191SkrisSSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ 2107160814SsimonSSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); 2108280304SjkimSSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); 2109109998Smarkmvoid SSL_set_info_callback(SSL *ssl, 2110280304Sjkim void (*cb) (const SSL *ssl, int type, int val)); 2111280304Sjkimvoid (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, 2112280304Sjkim int val); 2113160814Ssimonint SSL_state(const SSL *ssl); 2114238405Sjkimvoid SSL_set_state(SSL *ssl, int state); 211555714Skris 2116280304Sjkimvoid SSL_set_verify_result(SSL *ssl, long v); 2117160814Ssimonlong SSL_get_verify_result(const SSL *ssl); 211855714Skris 2119280304Sjkimint SSL_set_ex_data(SSL *ssl, int idx, void *data); 2120280304Sjkimvoid *SSL_get_ex_data(const SSL *ssl, int idx); 212159191Skrisint SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 2122280304Sjkim CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 212355714Skris 2124280304Sjkimint SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); 2125280304Sjkimvoid *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); 2126280304Sjkimint SSL_SESSION_get_ex_new_index(long argl, void *argp, 2127280304Sjkim CRYPTO_EX_new *new_func, 2128280304Sjkim CRYPTO_EX_dup *dup_func, 2129280304Sjkim CRYPTO_EX_free *free_func); 213055714Skris 2131280304Sjkimint SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); 2132280304Sjkimvoid *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); 213359191Skrisint SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 2134280304Sjkim CRYPTO_EX_dup *dup_func, 2135280304Sjkim CRYPTO_EX_free *free_func); 213655714Skris 2137280304Sjkimint SSL_get_ex_data_X509_STORE_CTX_idx(void); 213855714Skris 2139280304Sjkim# define SSL_CTX_sess_set_cache_size(ctx,t) \ 2140280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) 2141280304Sjkim# define SSL_CTX_sess_get_cache_size(ctx) \ 2142280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) 2143280304Sjkim# define SSL_CTX_set_session_cache_mode(ctx,m) \ 2144280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) 2145280304Sjkim# define SSL_CTX_get_session_cache_mode(ctx) \ 2146280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) 214755714Skris 2148280304Sjkim# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) 2149280304Sjkim# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) 2150280304Sjkim# define SSL_CTX_get_read_ahead(ctx) \ 2151280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) 2152280304Sjkim# define SSL_CTX_set_read_ahead(ctx,m) \ 2153280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) 2154280304Sjkim# define SSL_CTX_get_max_cert_list(ctx) \ 2155280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 2156280304Sjkim# define SSL_CTX_set_max_cert_list(ctx,m) \ 2157280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 2158280304Sjkim# define SSL_get_max_cert_list(ssl) \ 2159280304Sjkim SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 2160280304Sjkim# define SSL_set_max_cert_list(ssl,m) \ 2161280304Sjkim SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 216255714Skris 2163280304Sjkim# define SSL_CTX_set_max_send_fragment(ctx,m) \ 2164280304Sjkim SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 2165280304Sjkim# define SSL_set_max_send_fragment(ssl,m) \ 2166280304Sjkim SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 2167238405Sjkim 216855714Skris /* NB: the keylength is only applicable when is_export is true */ 2169280304Sjkim# ifndef OPENSSL_NO_RSA 217055714Skrisvoid SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, 2171280304Sjkim RSA *(*cb) (SSL *ssl, int is_export, 2172280304Sjkim int keylength)); 217355714Skris 217455714Skrisvoid SSL_set_tmp_rsa_callback(SSL *ssl, 2175280304Sjkim RSA *(*cb) (SSL *ssl, int is_export, 2176280304Sjkim int keylength)); 2177280304Sjkim# endif 2178280304Sjkim# ifndef OPENSSL_NO_DH 217955714Skrisvoid SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 2180280304Sjkim DH *(*dh) (SSL *ssl, int is_export, 2181280304Sjkim int keylength)); 218255714Skrisvoid SSL_set_tmp_dh_callback(SSL *ssl, 2183280304Sjkim DH *(*dh) (SSL *ssl, int is_export, 2184280304Sjkim int keylength)); 2185280304Sjkim# endif 2186280304Sjkim# ifndef OPENSSL_NO_ECDH 2187160814Ssimonvoid SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, 2188280304Sjkim EC_KEY *(*ecdh) (SSL *ssl, int is_export, 2189280304Sjkim int keylength)); 2190160814Ssimonvoid SSL_set_tmp_ecdh_callback(SSL *ssl, 2191280304Sjkim EC_KEY *(*ecdh) (SSL *ssl, int is_export, 2192280304Sjkim int keylength)); 2193280304Sjkim# endif 219455714Skris 2195280304Sjkim# ifndef OPENSSL_NO_COMP 2196160814Ssimonconst COMP_METHOD *SSL_get_current_compression(SSL *s); 2197160814Ssimonconst COMP_METHOD *SSL_get_current_expansion(SSL *s); 2198160814Ssimonconst char *SSL_COMP_get_name(const COMP_METHOD *comp); 2199160814SsimonSTACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 2200280304Sjkimint SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); 2201280304Sjkim# else 2202160814Ssimonconst void *SSL_get_current_compression(SSL *s); 2203160814Ssimonconst void *SSL_get_current_expansion(SSL *s); 2204160814Ssimonconst char *SSL_COMP_get_name(const void *comp); 2205160814Ssimonvoid *SSL_COMP_get_compression_methods(void); 2206280304Sjkimint SSL_COMP_add_compression_method(int id, void *cm); 2207280304Sjkim# endif 220855714Skris 2209238405Sjkim/* TLS extensions functions */ 2210238405Sjkimint SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); 2211238405Sjkim 2212238405Sjkimint SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 2213280304Sjkim void *arg); 2214238405Sjkim 2215238405Sjkim/* Pre-shared secret session resumption functions */ 2216280304Sjkimint SSL_set_session_secret_cb(SSL *s, 2217280304Sjkim tls_session_secret_cb_fn tls_session_secret_cb, 2218280304Sjkim void *arg); 2219238405Sjkim 2220238405Sjkimvoid SSL_set_debug(SSL *s, int debug); 2221238405Sjkimint SSL_cache_hit(SSL *s); 2222238405Sjkim 2223280304Sjkim# ifndef OPENSSL_NO_UNIT_TEST 2224269686Sjkimconst struct openssl_ssl_test_functions *SSL_test_functions(void); 2225280304Sjkim# endif 2226269686Sjkim 222755714Skris/* BEGIN ERROR CODES */ 2228280304Sjkim/* 2229280304Sjkim * The following lines are auto generated by the script mkerr.pl. Any changes 223055714Skris * made after this point may be overwritten when the script is next run. 223155714Skris */ 223276866Skrisvoid ERR_load_SSL_strings(void); 223355714Skris 223455714Skris/* Error codes for the SSL functions. */ 223555714Skris 223655714Skris/* Function codes. */ 2237280304Sjkim# define SSL_F_CLIENT_CERTIFICATE 100 2238280304Sjkim# define SSL_F_CLIENT_FINISHED 167 2239280304Sjkim# define SSL_F_CLIENT_HELLO 101 2240280304Sjkim# define SSL_F_CLIENT_MASTER_KEY 102 2241280304Sjkim# define SSL_F_D2I_SSL_SESSION 103 2242280304Sjkim# define SSL_F_DO_DTLS1_WRITE 245 2243280304Sjkim# define SSL_F_DO_SSL3_WRITE 104 2244280304Sjkim# define SSL_F_DTLS1_ACCEPT 246 2245280304Sjkim# define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 2246280304Sjkim# define SSL_F_DTLS1_BUFFER_RECORD 247 2247280304Sjkim# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 2248280304Sjkim# define SSL_F_DTLS1_CLIENT_HELLO 248 2249280304Sjkim# define SSL_F_DTLS1_CONNECT 249 2250280304Sjkim# define SSL_F_DTLS1_ENC 250 2251280304Sjkim# define SSL_F_DTLS1_GET_HELLO_VERIFY 251 2252280304Sjkim# define SSL_F_DTLS1_GET_MESSAGE 252 2253280304Sjkim# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 2254280304Sjkim# define SSL_F_DTLS1_GET_RECORD 254 2255280304Sjkim# define SSL_F_DTLS1_HANDLE_TIMEOUT 297 2256280304Sjkim# define SSL_F_DTLS1_HEARTBEAT 305 2257280304Sjkim# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 2258280304Sjkim# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 2259306196Sjkim# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 2260280304Sjkim# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 2261280304Sjkim# define SSL_F_DTLS1_PROCESS_RECORD 257 2262280304Sjkim# define SSL_F_DTLS1_READ_BYTES 258 2263280304Sjkim# define SSL_F_DTLS1_READ_FAILED 259 2264280304Sjkim# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 2265280304Sjkim# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 2266280304Sjkim# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 2267280304Sjkim# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 2268280304Sjkim# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 2269280304Sjkim# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 2270280304Sjkim# define SSL_F_DTLS1_SEND_SERVER_HELLO 266 2271280304Sjkim# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 2272280304Sjkim# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 2273280304Sjkim# define SSL_F_GET_CLIENT_FINISHED 105 2274280304Sjkim# define SSL_F_GET_CLIENT_HELLO 106 2275280304Sjkim# define SSL_F_GET_CLIENT_MASTER_KEY 107 2276280304Sjkim# define SSL_F_GET_SERVER_FINISHED 108 2277280304Sjkim# define SSL_F_GET_SERVER_HELLO 109 2278280304Sjkim# define SSL_F_GET_SERVER_VERIFY 110 2279280304Sjkim# define SSL_F_I2D_SSL_SESSION 111 2280280304Sjkim# define SSL_F_READ_N 112 2281280304Sjkim# define SSL_F_REQUEST_CERTIFICATE 113 2282280304Sjkim# define SSL_F_SERVER_FINISH 239 2283280304Sjkim# define SSL_F_SERVER_HELLO 114 2284280304Sjkim# define SSL_F_SERVER_VERIFY 240 2285280304Sjkim# define SSL_F_SSL23_ACCEPT 115 2286280304Sjkim# define SSL_F_SSL23_CLIENT_HELLO 116 2287280304Sjkim# define SSL_F_SSL23_CONNECT 117 2288280304Sjkim# define SSL_F_SSL23_GET_CLIENT_HELLO 118 2289280304Sjkim# define SSL_F_SSL23_GET_SERVER_HELLO 119 2290280304Sjkim# define SSL_F_SSL23_PEEK 237 2291280304Sjkim# define SSL_F_SSL23_READ 120 2292280304Sjkim# define SSL_F_SSL23_WRITE 121 2293280304Sjkim# define SSL_F_SSL2_ACCEPT 122 2294280304Sjkim# define SSL_F_SSL2_CONNECT 123 2295280304Sjkim# define SSL_F_SSL2_ENC_INIT 124 2296280304Sjkim# define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 2297280304Sjkim# define SSL_F_SSL2_PEEK 234 2298280304Sjkim# define SSL_F_SSL2_READ 125 2299280304Sjkim# define SSL_F_SSL2_READ_INTERNAL 236 2300280304Sjkim# define SSL_F_SSL2_SET_CERTIFICATE 126 2301280304Sjkim# define SSL_F_SSL2_WRITE 127 2302280304Sjkim# define SSL_F_SSL3_ACCEPT 128 2303280304Sjkim# define SSL_F_SSL3_ADD_CERT_TO_BUF 296 2304280304Sjkim# define SSL_F_SSL3_CALLBACK_CTRL 233 2305280304Sjkim# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 2306280304Sjkim# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 2307280304Sjkim# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 2308284285Sjkim# define SSL_F_SSL3_CHECK_FINISHED 339 2309280304Sjkim# define SSL_F_SSL3_CLIENT_HELLO 131 2310280304Sjkim# define SSL_F_SSL3_CONNECT 132 2311280304Sjkim# define SSL_F_SSL3_CTRL 213 2312280304Sjkim# define SSL_F_SSL3_CTX_CTRL 133 2313280304Sjkim# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 2314280304Sjkim# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 2315280304Sjkim# define SSL_F_SSL3_ENC 134 2316280304Sjkim# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 2317291721Sjkim# define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 2318280304Sjkim# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 2319280304Sjkim# define SSL_F_SSL3_GET_CERT_STATUS 289 2320280304Sjkim# define SSL_F_SSL3_GET_CERT_VERIFY 136 2321280304Sjkim# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 2322280304Sjkim# define SSL_F_SSL3_GET_CLIENT_HELLO 138 2323280304Sjkim# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 2324280304Sjkim# define SSL_F_SSL3_GET_FINISHED 140 2325280304Sjkim# define SSL_F_SSL3_GET_KEY_EXCHANGE 141 2326280304Sjkim# define SSL_F_SSL3_GET_MESSAGE 142 2327280304Sjkim# define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 2328280304Sjkim# define SSL_F_SSL3_GET_NEXT_PROTO 306 2329280304Sjkim# define SSL_F_SSL3_GET_RECORD 143 2330280304Sjkim# define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 2331280304Sjkim# define SSL_F_SSL3_GET_SERVER_DONE 145 2332280304Sjkim# define SSL_F_SSL3_GET_SERVER_HELLO 146 2333280304Sjkim# define SSL_F_SSL3_HANDSHAKE_MAC 285 2334280304Sjkim# define SSL_F_SSL3_NEW_SESSION_TICKET 287 2335280304Sjkim# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 2336280304Sjkim# define SSL_F_SSL3_PEEK 235 2337280304Sjkim# define SSL_F_SSL3_READ_BYTES 148 2338280304Sjkim# define SSL_F_SSL3_READ_N 149 2339280304Sjkim# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 2340280304Sjkim# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 2341280304Sjkim# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 2342280304Sjkim# define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 2343280304Sjkim# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 2344280304Sjkim# define SSL_F_SSL3_SEND_SERVER_HELLO 242 2345280304Sjkim# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 2346280304Sjkim# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 2347280304Sjkim# define SSL_F_SSL3_SETUP_READ_BUFFER 156 2348280304Sjkim# define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 2349280304Sjkim# define SSL_F_SSL3_WRITE_BYTES 158 2350280304Sjkim# define SSL_F_SSL3_WRITE_PENDING 159 2351280304Sjkim# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 2352280304Sjkim# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 2353280304Sjkim# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 2354280304Sjkim# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 2355280304Sjkim# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 2356280304Sjkim# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 2357280304Sjkim# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 2358280304Sjkim# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 2359280304Sjkim# define SSL_F_SSL_BAD_METHOD 160 2360280304Sjkim# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 2361280304Sjkim# define SSL_F_SSL_CERT_DUP 221 2362280304Sjkim# define SSL_F_SSL_CERT_INST 222 2363280304Sjkim# define SSL_F_SSL_CERT_INSTANTIATE 214 2364280304Sjkim# define SSL_F_SSL_CERT_NEW 162 2365280304Sjkim# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 2366280304Sjkim# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 2367280304Sjkim# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 2368280304Sjkim# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 2369280304Sjkim# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 2370280304Sjkim# define SSL_F_SSL_CLEAR 164 2371280304Sjkim# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 2372280304Sjkim# define SSL_F_SSL_CREATE_CIPHER_LIST 166 2373280304Sjkim# define SSL_F_SSL_CTRL 232 2374280304Sjkim# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 2375280304Sjkim# define SSL_F_SSL_CTX_MAKE_PROFILES 309 2376280304Sjkim# define SSL_F_SSL_CTX_NEW 169 2377280304Sjkim# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 2378280304Sjkim# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 2379280304Sjkim# define SSL_F_SSL_CTX_SET_PURPOSE 226 2380280304Sjkim# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 2381280304Sjkim# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 2382280304Sjkim# define SSL_F_SSL_CTX_SET_TRUST 229 2383280304Sjkim# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 2384280304Sjkim# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 2385280304Sjkim# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 2386280304Sjkim# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 2387280304Sjkim# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 2388280304Sjkim# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 2389280304Sjkim# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 2390280304Sjkim# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 2391280304Sjkim# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 2392280304Sjkim# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 2393280304Sjkim# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 2394280304Sjkim# define SSL_F_SSL_DO_HANDSHAKE 180 2395280304Sjkim# define SSL_F_SSL_GET_NEW_SESSION 181 2396280304Sjkim# define SSL_F_SSL_GET_PREV_SESSION 217 2397280304Sjkim# define SSL_F_SSL_GET_SERVER_SEND_CERT 182 2398280304Sjkim# define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 2399280304Sjkim# define SSL_F_SSL_GET_SIGN_PKEY 183 2400280304Sjkim# define SSL_F_SSL_INIT_WBIO_BUFFER 184 2401280304Sjkim# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 2402280304Sjkim# define SSL_F_SSL_NEW 186 2403280304Sjkim# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 2404280304Sjkim# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 2405280304Sjkim# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 2406280304Sjkim# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 2407280304Sjkim# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 2408280304Sjkim# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 2409280304Sjkim# define SSL_F_SSL_PEEK 270 2410280304Sjkim# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 2411280304Sjkim# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 2412280304Sjkim# define SSL_F_SSL_READ 223 2413280304Sjkim# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 2414280304Sjkim# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 2415284285Sjkim# define SSL_F_SSL_SESSION_DUP 348 2416280304Sjkim# define SSL_F_SSL_SESSION_NEW 189 2417280304Sjkim# define SSL_F_SSL_SESSION_PRINT_FP 190 2418280304Sjkim# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 2419280304Sjkim# define SSL_F_SSL_SESS_CERT_NEW 225 2420280304Sjkim# define SSL_F_SSL_SET_CERT 191 2421280304Sjkim# define SSL_F_SSL_SET_CIPHER_LIST 271 2422280304Sjkim# define SSL_F_SSL_SET_FD 192 2423280304Sjkim# define SSL_F_SSL_SET_PKEY 193 2424280304Sjkim# define SSL_F_SSL_SET_PURPOSE 227 2425280304Sjkim# define SSL_F_SSL_SET_RFD 194 2426280304Sjkim# define SSL_F_SSL_SET_SESSION 195 2427280304Sjkim# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 2428280304Sjkim# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 2429280304Sjkim# define SSL_F_SSL_SET_TRUST 228 2430280304Sjkim# define SSL_F_SSL_SET_WFD 196 2431280304Sjkim# define SSL_F_SSL_SHUTDOWN 224 2432280304Sjkim# define SSL_F_SSL_SRP_CTX_INIT 313 2433280304Sjkim# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 2434280304Sjkim# define SSL_F_SSL_UNDEFINED_FUNCTION 197 2435280304Sjkim# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 2436280304Sjkim# define SSL_F_SSL_USE_CERTIFICATE 198 2437280304Sjkim# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 2438280304Sjkim# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 2439280304Sjkim# define SSL_F_SSL_USE_PRIVATEKEY 201 2440280304Sjkim# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 2441280304Sjkim# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 2442280304Sjkim# define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 2443280304Sjkim# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 2444280304Sjkim# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 2445280304Sjkim# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 2446280304Sjkim# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 2447280304Sjkim# define SSL_F_SSL_WRITE 208 2448280304Sjkim# define SSL_F_TLS1_CERT_VERIFY_MAC 286 2449280304Sjkim# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 2450280304Sjkim# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 2451280304Sjkim# define SSL_F_TLS1_ENC 210 2452280304Sjkim# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 2453280304Sjkim# define SSL_F_TLS1_HEARTBEAT 315 2454280304Sjkim# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 2455280304Sjkim# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 2456280304Sjkim# define SSL_F_TLS1_PRF 284 2457280304Sjkim# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 2458280304Sjkim# define SSL_F_WRITE_PENDING 212 245955714Skris 246055714Skris/* Reason codes. */ 2461280304Sjkim# define SSL_R_APP_DATA_IN_HANDSHAKE 100 2462280304Sjkim# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 2463280304Sjkim# define SSL_R_BAD_ALERT_RECORD 101 2464280304Sjkim# define SSL_R_BAD_AUTHENTICATION_TYPE 102 2465280304Sjkim# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 2466280304Sjkim# define SSL_R_BAD_CHECKSUM 104 2467280304Sjkim# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 2468280304Sjkim# define SSL_R_BAD_DECOMPRESSION 107 2469280304Sjkim# define SSL_R_BAD_DH_G_LENGTH 108 2470291721Sjkim# define SSL_R_BAD_DH_G_VALUE 375 2471280304Sjkim# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 2472291721Sjkim# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 2473280304Sjkim# define SSL_R_BAD_DH_P_LENGTH 110 2474291721Sjkim# define SSL_R_BAD_DH_P_VALUE 395 2475280304Sjkim# define SSL_R_BAD_DIGEST_LENGTH 111 2476280304Sjkim# define SSL_R_BAD_DSA_SIGNATURE 112 2477280304Sjkim# define SSL_R_BAD_ECC_CERT 304 2478280304Sjkim# define SSL_R_BAD_ECDSA_SIGNATURE 305 2479280304Sjkim# define SSL_R_BAD_ECPOINT 306 2480280304Sjkim# define SSL_R_BAD_HANDSHAKE_LENGTH 332 2481280304Sjkim# define SSL_R_BAD_HELLO_REQUEST 105 2482280304Sjkim# define SSL_R_BAD_LENGTH 271 2483280304Sjkim# define SSL_R_BAD_MAC_DECODE 113 2484280304Sjkim# define SSL_R_BAD_MAC_LENGTH 333 2485280304Sjkim# define SSL_R_BAD_MESSAGE_TYPE 114 2486280304Sjkim# define SSL_R_BAD_PACKET_LENGTH 115 2487280304Sjkim# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 2488280304Sjkim# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 2489280304Sjkim# define SSL_R_BAD_RESPONSE_ARGUMENT 117 2490280304Sjkim# define SSL_R_BAD_RSA_DECRYPT 118 2491280304Sjkim# define SSL_R_BAD_RSA_ENCRYPT 119 2492280304Sjkim# define SSL_R_BAD_RSA_E_LENGTH 120 2493280304Sjkim# define SSL_R_BAD_RSA_MODULUS_LENGTH 121 2494280304Sjkim# define SSL_R_BAD_RSA_SIGNATURE 122 2495280304Sjkim# define SSL_R_BAD_SIGNATURE 123 2496280304Sjkim# define SSL_R_BAD_SRP_A_LENGTH 347 2497280304Sjkim# define SSL_R_BAD_SRP_B_LENGTH 348 2498280304Sjkim# define SSL_R_BAD_SRP_G_LENGTH 349 2499280304Sjkim# define SSL_R_BAD_SRP_N_LENGTH 350 2500280304Sjkim# define SSL_R_BAD_SRP_PARAMETERS 371 2501280304Sjkim# define SSL_R_BAD_SRP_S_LENGTH 351 2502280304Sjkim# define SSL_R_BAD_SRTP_MKI_VALUE 352 2503280304Sjkim# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 2504280304Sjkim# define SSL_R_BAD_SSL_FILETYPE 124 2505280304Sjkim# define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 2506280304Sjkim# define SSL_R_BAD_STATE 126 2507280304Sjkim# define SSL_R_BAD_WRITE_RETRY 127 2508280304Sjkim# define SSL_R_BIO_NOT_SET 128 2509280304Sjkim# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 2510280304Sjkim# define SSL_R_BN_LIB 130 2511280304Sjkim# define SSL_R_CA_DN_LENGTH_MISMATCH 131 2512280304Sjkim# define SSL_R_CA_DN_TOO_LONG 132 2513280304Sjkim# define SSL_R_CCS_RECEIVED_EARLY 133 2514280304Sjkim# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 2515280304Sjkim# define SSL_R_CERT_LENGTH_MISMATCH 135 2516280304Sjkim# define SSL_R_CHALLENGE_IS_DIFFERENT 136 2517280304Sjkim# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 2518280304Sjkim# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 2519280304Sjkim# define SSL_R_CIPHER_TABLE_SRC_ERROR 139 2520280304Sjkim# define SSL_R_CLIENTHELLO_TLSEXT 226 2521280304Sjkim# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 2522280304Sjkim# define SSL_R_COMPRESSION_DISABLED 343 2523280304Sjkim# define SSL_R_COMPRESSION_FAILURE 141 2524280304Sjkim# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 2525280304Sjkim# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 2526280304Sjkim# define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 2527280304Sjkim# define SSL_R_CONNECTION_TYPE_NOT_SET 144 2528280304Sjkim# define SSL_R_COOKIE_MISMATCH 308 2529280304Sjkim# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 2530280304Sjkim# define SSL_R_DATA_LENGTH_TOO_LONG 146 2531280304Sjkim# define SSL_R_DECRYPTION_FAILED 147 2532280304Sjkim# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 2533284285Sjkim# define SSL_R_DH_KEY_TOO_SMALL 372 2534280304Sjkim# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 2535280304Sjkim# define SSL_R_DIGEST_CHECK_FAILED 149 2536280304Sjkim# define SSL_R_DTLS_MESSAGE_TOO_BIG 334 2537280304Sjkim# define SSL_R_DUPLICATE_COMPRESSION_ID 309 2538280304Sjkim# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 2539280304Sjkim# define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 2540280304Sjkim# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 2541280304Sjkim# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 2542280304Sjkim# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 2543280304Sjkim# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 2544280304Sjkim# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 2545280304Sjkim# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 2546280304Sjkim# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 2547280304Sjkim# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 2548280304Sjkim# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 2549280304Sjkim# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 2550280304Sjkim# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 2551280304Sjkim# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 2552280304Sjkim# define SSL_R_HTTPS_PROXY_REQUEST 155 2553280304Sjkim# define SSL_R_HTTP_REQUEST 156 2554280304Sjkim# define SSL_R_ILLEGAL_PADDING 283 2555280304Sjkim# define SSL_R_INAPPROPRIATE_FALLBACK 373 2556280304Sjkim# define SSL_R_INCONSISTENT_COMPRESSION 340 2557280304Sjkim# define SSL_R_INVALID_CHALLENGE_LENGTH 158 2558280304Sjkim# define SSL_R_INVALID_COMMAND 280 2559280304Sjkim# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 2560280304Sjkim# define SSL_R_INVALID_PURPOSE 278 2561280304Sjkim# define SSL_R_INVALID_SRP_USERNAME 357 2562280304Sjkim# define SSL_R_INVALID_STATUS_RESPONSE 328 2563280304Sjkim# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 2564280304Sjkim# define SSL_R_INVALID_TRUST 279 2565280304Sjkim# define SSL_R_KEY_ARG_TOO_LONG 284 2566280304Sjkim# define SSL_R_KRB5 285 2567280304Sjkim# define SSL_R_KRB5_C_CC_PRINC 286 2568280304Sjkim# define SSL_R_KRB5_C_GET_CRED 287 2569280304Sjkim# define SSL_R_KRB5_C_INIT 288 2570280304Sjkim# define SSL_R_KRB5_C_MK_REQ 289 2571280304Sjkim# define SSL_R_KRB5_S_BAD_TICKET 290 2572280304Sjkim# define SSL_R_KRB5_S_INIT 291 2573280304Sjkim# define SSL_R_KRB5_S_RD_REQ 292 2574280304Sjkim# define SSL_R_KRB5_S_TKT_EXPIRED 293 2575280304Sjkim# define SSL_R_KRB5_S_TKT_NYV 294 2576280304Sjkim# define SSL_R_KRB5_S_TKT_SKEW 295 2577280304Sjkim# define SSL_R_LENGTH_MISMATCH 159 2578280304Sjkim# define SSL_R_LENGTH_TOO_SHORT 160 2579280304Sjkim# define SSL_R_LIBRARY_BUG 274 2580280304Sjkim# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 2581280304Sjkim# define SSL_R_MESSAGE_TOO_LONG 296 2582280304Sjkim# define SSL_R_MISSING_DH_DSA_CERT 162 2583280304Sjkim# define SSL_R_MISSING_DH_KEY 163 2584280304Sjkim# define SSL_R_MISSING_DH_RSA_CERT 164 2585280304Sjkim# define SSL_R_MISSING_DSA_SIGNING_CERT 165 2586280304Sjkim# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 2587280304Sjkim# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 2588280304Sjkim# define SSL_R_MISSING_RSA_CERTIFICATE 168 2589280304Sjkim# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 2590280304Sjkim# define SSL_R_MISSING_RSA_SIGNING_CERT 170 2591280304Sjkim# define SSL_R_MISSING_SRP_PARAM 358 2592280304Sjkim# define SSL_R_MISSING_TMP_DH_KEY 171 2593280304Sjkim# define SSL_R_MISSING_TMP_ECDH_KEY 311 2594280304Sjkim# define SSL_R_MISSING_TMP_RSA_KEY 172 2595280304Sjkim# define SSL_R_MISSING_TMP_RSA_PKEY 173 2596280304Sjkim# define SSL_R_MISSING_VERIFY_MESSAGE 174 2597280304Sjkim# define SSL_R_MULTIPLE_SGC_RESTARTS 346 2598280304Sjkim# define SSL_R_NON_SSLV2_INITIAL_PACKET 175 2599280304Sjkim# define SSL_R_NO_CERTIFICATES_RETURNED 176 2600280304Sjkim# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 2601280304Sjkim# define SSL_R_NO_CERTIFICATE_RETURNED 178 2602280304Sjkim# define SSL_R_NO_CERTIFICATE_SET 179 2603280304Sjkim# define SSL_R_NO_CERTIFICATE_SPECIFIED 180 2604280304Sjkim# define SSL_R_NO_CIPHERS_AVAILABLE 181 2605280304Sjkim# define SSL_R_NO_CIPHERS_PASSED 182 2606280304Sjkim# define SSL_R_NO_CIPHERS_SPECIFIED 183 2607280304Sjkim# define SSL_R_NO_CIPHER_LIST 184 2608280304Sjkim# define SSL_R_NO_CIPHER_MATCH 185 2609280304Sjkim# define SSL_R_NO_CLIENT_CERT_METHOD 331 2610280304Sjkim# define SSL_R_NO_CLIENT_CERT_RECEIVED 186 2611280304Sjkim# define SSL_R_NO_COMPRESSION_SPECIFIED 187 2612280304Sjkim# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 2613280304Sjkim# define SSL_R_NO_METHOD_SPECIFIED 188 2614280304Sjkim# define SSL_R_NO_PRIVATEKEY 189 2615280304Sjkim# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 2616280304Sjkim# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 2617280304Sjkim# define SSL_R_NO_PUBLICKEY 192 2618280304Sjkim# define SSL_R_NO_RENEGOTIATION 339 2619280304Sjkim# define SSL_R_NO_REQUIRED_DIGEST 324 2620280304Sjkim# define SSL_R_NO_SHARED_CIPHER 193 2621280304Sjkim# define SSL_R_NO_SRTP_PROFILES 359 2622280304Sjkim# define SSL_R_NO_VERIFY_CALLBACK 194 2623280304Sjkim# define SSL_R_NULL_SSL_CTX 195 2624280304Sjkim# define SSL_R_NULL_SSL_METHOD_PASSED 196 2625280304Sjkim# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 2626280304Sjkim# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 2627280304Sjkim# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 2628280304Sjkim# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 2629280304Sjkim# define SSL_R_PACKET_LENGTH_TOO_LONG 198 2630280304Sjkim# define SSL_R_PARSE_TLSEXT 227 2631280304Sjkim# define SSL_R_PATH_TOO_LONG 270 2632280304Sjkim# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 2633280304Sjkim# define SSL_R_PEER_ERROR 200 2634280304Sjkim# define SSL_R_PEER_ERROR_CERTIFICATE 201 2635280304Sjkim# define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 2636280304Sjkim# define SSL_R_PEER_ERROR_NO_CIPHER 203 2637280304Sjkim# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 2638280304Sjkim# define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 2639280304Sjkim# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 2640280304Sjkim# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 2641280304Sjkim# define SSL_R_PSK_IDENTITY_NOT_FOUND 223 2642280304Sjkim# define SSL_R_PSK_NO_CLIENT_CB 224 2643280304Sjkim# define SSL_R_PSK_NO_SERVER_CB 225 2644280304Sjkim# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 2645280304Sjkim# define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 2646280304Sjkim# define SSL_R_PUBLIC_KEY_NOT_RSA 210 2647280304Sjkim# define SSL_R_READ_BIO_NOT_SET 211 2648280304Sjkim# define SSL_R_READ_TIMEOUT_EXPIRED 312 2649280304Sjkim# define SSL_R_READ_WRONG_PACKET_TYPE 212 2650280304Sjkim# define SSL_R_RECORD_LENGTH_MISMATCH 213 2651280304Sjkim# define SSL_R_RECORD_TOO_LARGE 214 2652280304Sjkim# define SSL_R_RECORD_TOO_SMALL 298 2653280304Sjkim# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 2654280304Sjkim# define SSL_R_RENEGOTIATION_ENCODING_ERR 336 2655280304Sjkim# define SSL_R_RENEGOTIATION_MISMATCH 337 2656280304Sjkim# define SSL_R_REQUIRED_CIPHER_MISSING 215 2657280304Sjkim# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 2658280304Sjkim# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 2659280304Sjkim# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 2660280304Sjkim# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 2661280304Sjkim# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 2662280304Sjkim# define SSL_R_SERVERHELLO_TLSEXT 275 2663280304Sjkim# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 2664280304Sjkim# define SSL_R_SHORT_READ 219 2665280304Sjkim# define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 2666280304Sjkim# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 2667280304Sjkim# define SSL_R_SRP_A_CALC 361 2668280304Sjkim# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 2669280304Sjkim# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 2670280304Sjkim# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 2671280304Sjkim# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 2672280304Sjkim# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 2673280304Sjkim# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 2674280304Sjkim# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 2675280304Sjkim# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 2676280304Sjkim# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 2677280304Sjkim# define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 2678280304Sjkim# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 2679280304Sjkim# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 2680280304Sjkim# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 2681280304Sjkim# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 2682280304Sjkim# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 2683280304Sjkim# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 2684280304Sjkim# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 2685280304Sjkim# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 2686280304Sjkim# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 2687280304Sjkim# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 2688280304Sjkim# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 2689280304Sjkim# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 2690280304Sjkim# define SSL_R_SSL_HANDSHAKE_FAILURE 229 2691280304Sjkim# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 2692280304Sjkim# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 2693280304Sjkim# define SSL_R_SSL_SESSION_ID_CONFLICT 302 2694280304Sjkim# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 2695280304Sjkim# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 2696280304Sjkim# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 2697280304Sjkim# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 2698280304Sjkim# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 2699280304Sjkim# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 2700280304Sjkim# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 2701280304Sjkim# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 2702280304Sjkim# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 2703280304Sjkim# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 2704280304Sjkim# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 2705280304Sjkim# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 2706280304Sjkim# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 2707280304Sjkim# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 2708280304Sjkim# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 2709280304Sjkim# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 2710280304Sjkim# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 2711280304Sjkim# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 2712280304Sjkim# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 2713280304Sjkim# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 2714280304Sjkim# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 2715280304Sjkim# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 2716280304Sjkim# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 2717280304Sjkim# define SSL_R_TLS_HEARTBEAT_PENDING 366 2718280304Sjkim# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 2719280304Sjkim# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 2720308200Sdelphij# define SSL_R_TOO_MANY_WARN_ALERTS 409 2721280304Sjkim# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 2722280304Sjkim# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 2723280304Sjkim# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 2724280304Sjkim# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 2725280304Sjkim# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 2726280304Sjkim# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 2727280304Sjkim# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 2728280304Sjkim# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 2729280304Sjkim# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 2730280304Sjkim# define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 2731280304Sjkim# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 2732280304Sjkim# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 2733280304Sjkim# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 2734280304Sjkim# define SSL_R_UNEXPECTED_MESSAGE 244 2735280304Sjkim# define SSL_R_UNEXPECTED_RECORD 245 2736280304Sjkim# define SSL_R_UNINITIALIZED 276 2737280304Sjkim# define SSL_R_UNKNOWN_ALERT_TYPE 246 2738280304Sjkim# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 2739280304Sjkim# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 2740280304Sjkim# define SSL_R_UNKNOWN_CIPHER_TYPE 249 2741280304Sjkim# define SSL_R_UNKNOWN_DIGEST 368 2742280304Sjkim# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 2743280304Sjkim# define SSL_R_UNKNOWN_PKEY_TYPE 251 2744280304Sjkim# define SSL_R_UNKNOWN_PROTOCOL 252 2745280304Sjkim# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 2746280304Sjkim# define SSL_R_UNKNOWN_SSL_VERSION 254 2747280304Sjkim# define SSL_R_UNKNOWN_STATE 255 2748280304Sjkim# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 2749280304Sjkim# define SSL_R_UNSUPPORTED_CIPHER 256 2750280304Sjkim# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 2751280304Sjkim# define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 2752280304Sjkim# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 2753280304Sjkim# define SSL_R_UNSUPPORTED_PROTOCOL 258 2754280304Sjkim# define SSL_R_UNSUPPORTED_SSL_VERSION 259 2755280304Sjkim# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 2756280304Sjkim# define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 2757280304Sjkim# define SSL_R_WRITE_BIO_NOT_SET 260 2758280304Sjkim# define SSL_R_WRONG_CIPHER_RETURNED 261 2759280304Sjkim# define SSL_R_WRONG_MESSAGE_TYPE 262 2760280304Sjkim# define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 2761280304Sjkim# define SSL_R_WRONG_SIGNATURE_LENGTH 264 2762280304Sjkim# define SSL_R_WRONG_SIGNATURE_SIZE 265 2763280304Sjkim# define SSL_R_WRONG_SIGNATURE_TYPE 370 2764280304Sjkim# define SSL_R_WRONG_SSL_VERSION 266 2765280304Sjkim# define SSL_R_WRONG_VERSION_NUMBER 267 2766280304Sjkim# define SSL_R_X509_LIB 268 2767280304Sjkim# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 276855714Skris 276955714Skris#ifdef __cplusplus 277055714Skris} 277155714Skris#endif 277255714Skris#endif 2773