ssl.h 102.3 KB
Newer Older
1
/* ssl/ssl.h */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
58
/* ====================================================================
59
 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
B
Bodo Möller 已提交
111 112 113 114 115
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 * ECC cipher suite support in OpenSSL originally developed by 
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */
142 143 144 145

#ifndef HEADER_SSL_H 
#define HEADER_SSL_H 

146
#include <openssl/e_os2.h>
147

148
#ifndef OPENSSL_NO_COMP
149 150
#include <openssl/comp.h>
#endif
151
#ifndef OPENSSL_NO_BIO
152 153
#include <openssl/bio.h>
#endif
154
#ifndef OPENSSL_NO_DEPRECATED
155
#ifndef OPENSSL_NO_X509
156 157
#include <openssl/x509.h>
#endif
158 159 160 161 162
#include <openssl/crypto.h>
#include <openssl/lhash.h>
#include <openssl/buffer.h>
#endif
#include <openssl/pem.h>
D
Dr. Stephen Henson 已提交
163
#include <openssl/hmac.h>
164

165
#include <openssl/kssl.h>
166
#include <openssl/safestack.h>
167
#include <openssl/symhacks.h>
168

169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190
#ifdef  __cplusplus
extern "C" {
#endif

/* SSLeay version number for ASN.1 encoding of the session information */
/* Version 0 - initial version
 * Version 1 - added the optional peer certificate
 */
#define SSL_SESSION_ASN1_VERSION 0x0001

/* text strings for the ciphers */
#define SSL_TXT_NULL_WITH_MD5		SSL2_TXT_NULL_WITH_MD5			
#define SSL_TXT_RC4_128_WITH_MD5	SSL2_TXT_RC4_128_WITH_MD5		
#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	
#define SSL_TXT_RC2_128_CBC_WITH_MD5	SSL2_TXT_RC2_128_CBC_WITH_MD5		
#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	
#define SSL_TXT_IDEA_128_CBC_WITH_MD5	SSL2_TXT_IDEA_128_CBC_WITH_MD5		
#define SSL_TXT_DES_64_CBC_WITH_MD5	SSL2_TXT_DES_64_CBC_WITH_MD5		
#define SSL_TXT_DES_64_CBC_WITH_SHA	SSL2_TXT_DES_64_CBC_WITH_SHA		
#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	
#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	

191 192
/*    VRS Additional Kerberos5 entries
 */
193 194 195 196 197
#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
R
Typo  
Richard Levitte 已提交
198
#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
199
#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
R
Typo  
Richard Levitte 已提交
200
#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
201 202 203 204 205 206 207 208

#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
#define SSL_TXT_KRB5_RC4_40_SHA	      SSL3_TXT_KRB5_RC4_40_SHA
#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
#define SSL_TXT_KRB5_RC4_40_MD5	      SSL3_TXT_KRB5_RC4_40_MD5

209 210 211 212 213 214
#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
215
#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
216

217
#define SSL_MAX_SSL_SESSION_ID_LENGTH		32
B
Ben Laurie 已提交
218
#define SSL_MAX_SID_CTX_LENGTH			32
219 220 221 222 223

#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES	(512/8)
#define SSL_MAX_KEY_ARG_LENGTH			8
#define SSL_MAX_MASTER_KEY_LENGTH		48

224

225
/* These are used to specify which ciphers to use and not to use */
226 227 228

#define SSL_TXT_EXP40		"EXPORT40"
#define SSL_TXT_EXP56		"EXPORT56"
229 230 231
#define SSL_TXT_LOW		"LOW"
#define SSL_TXT_MEDIUM		"MEDIUM"
#define SSL_TXT_HIGH		"HIGH"
232
#define SSL_TXT_FIPS		"FIPS"
233

234 235 236 237
#define SSL_TXT_kFZA		"kFZA" /* unused! */
#define	SSL_TXT_aFZA		"aFZA" /* unused! */
#define SSL_TXT_eFZA		"eFZA" /* unused! */
#define SSL_TXT_FZA		"FZA"  /* unused! */
238 239 240 241 242 243

#define	SSL_TXT_aNULL		"aNULL"
#define	SSL_TXT_eNULL		"eNULL"
#define	SSL_TXT_NULL		"NULL"

#define SSL_TXT_kRSA		"kRSA"
244 245 246
#define SSL_TXT_kDHr		"kDHr" 
#define SSL_TXT_kDHd		"kDHd"
#define SSL_TXT_kDH 		"kDH"
247
#define SSL_TXT_kEDH		"kEDH"
248 249 250 251 252 253
#define SSL_TXT_kKRB5     	"kKRB5"
#define SSL_TXT_kECDHr		"kECDHr"
#define SSL_TXT_kECDHe		"kECDHe"
#define SSL_TXT_kECDH		"kECDH"
#define SSL_TXT_kEECDH		"kEECDH"
#define SSL_TXT_kPSK            "kPSK"
254
#define SSL_TXT_kGOST		"kGOST"
B
Ben Laurie 已提交
255
#define SSL_TXT_kSRP		"kSRP"
256

257 258
#define	SSL_TXT_aRSA		"aRSA"
#define	SSL_TXT_aDSS		"aDSS"
259
#define	SSL_TXT_aDH		"aDH"
260 261 262 263
#define	SSL_TXT_aECDH		"aECDH"
#define SSL_TXT_aKRB5     	"aKRB5"
#define SSL_TXT_aECDSA		"aECDSA"
#define SSL_TXT_aPSK            "aPSK"
264 265 266
#define SSL_TXT_aGOST94	"aGOST94"
#define SSL_TXT_aGOST01 "aGOST01"
#define SSL_TXT_aGOST  "aGOST"
267

268 269
#define	SSL_TXT_DSS		"DSS"
#define SSL_TXT_DH		"DH"
270
#define SSL_TXT_EDH		"EDH" /* same as "kEDH:-ADH" */
271 272
#define SSL_TXT_ADH		"ADH"
#define SSL_TXT_RSA		"RSA"
273 274 275 276
#define SSL_TXT_ECDH		"ECDH"
#define SSL_TXT_EECDH		"EECDH" /* same as "kEECDH:-AECDH" */
#define SSL_TXT_AECDH		"AECDH"
#define SSL_TXT_ECDSA		"ECDSA"
277 278
#define SSL_TXT_KRB5      	"KRB5"
#define SSL_TXT_PSK             "PSK"
B
Ben Laurie 已提交
279
#define SSL_TXT_SRP		"SRP"
280

281 282 283 284 285
#define SSL_TXT_DES		"DES"
#define SSL_TXT_3DES		"3DES"
#define SSL_TXT_RC4		"RC4"
#define SSL_TXT_RC2		"RC2"
#define SSL_TXT_IDEA		"IDEA"
B
Bodo Möller 已提交
286
#define SSL_TXT_SEED		"SEED"
287 288
#define SSL_TXT_AES128		"AES128"
#define SSL_TXT_AES256		"AES256"
289
#define SSL_TXT_AES		"AES"
290
#define SSL_TXT_AES_GCM		"AESGCM"
291 292
#define SSL_TXT_CAMELLIA128	"CAMELLIA128"
#define SSL_TXT_CAMELLIA256	"CAMELLIA256"
293
#define SSL_TXT_CAMELLIA	"CAMELLIA"
294

295 296
#define SSL_TXT_MD5		"MD5"
#define SSL_TXT_SHA1		"SHA1"
297
#define SSL_TXT_SHA		"SHA" /* same as "SHA1" */
298 299
#define SSL_TXT_GOST94		"GOST94" 
#define SSL_TXT_GOST89MAC		"GOST89MAC" 
300
#define SSL_TXT_SHA256		"SHA256"
301
#define SSL_TXT_SHA384		"SHA384"
302

303 304
#define SSL_TXT_SSLV2		"SSLv2"
#define SSL_TXT_SSLV3		"SSLv3"
305
#define SSL_TXT_TLSV1		"TLSv1"
306
#define SSL_TXT_TLSV1_1		"TLSv1.1"
307
#define SSL_TXT_TLSV1_2		"TLSv1.2"
308 309 310

#define SSL_TXT_EXP		"EXP"
#define SSL_TXT_EXPORT		"EXPORT"
311 312

#define SSL_TXT_ALL		"ALL"
313

314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330
/*
 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
 * ciphers normally not being used.
 * Example: "RC4" will activate all ciphers using RC4 including ciphers
 * without authentication, which would normally disabled by DEFAULT (due
 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
 * will make sure that it is also disabled in the specific selection.
 * COMPLEMENTOF* identifiers are portable between version, as adjustments
 * to the default cipher setup will also be included here.
 *
 * COMPLEMENTOFDEFAULT does not experience the same special treatment that
 * DEFAULT gets, as only selection is being done and no sorting as needed
 * for DEFAULT.
 */
#define SSL_TXT_CMPALL		"COMPLEMENTOFALL"
#define SSL_TXT_CMPDEF		"COMPLEMENTOFDEFAULT"

331 332 333
/* The following cipher list is used by default.
 * It also is substituted when an application-defined cipher list string
 * starts with 'DEFAULT'. */
D
Typo.  
Dr. Stephen Henson 已提交
334
#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2"
D
Dr. Stephen Henson 已提交
335
/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
336 337 338 339 340
 * starts with a reasonable order, and all we have to do for DEFAULT is
 * throwing out anonymous and unencrypted ciphersuites!
 * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
 * some of them.)
 */
341

342
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
343 344 345
#define SSL_SENT_SHUTDOWN	1
#define SSL_RECEIVED_SHUTDOWN	2

346 347 348 349 350 351 352 353
#ifdef __cplusplus
}
#endif

#ifdef  __cplusplus
extern "C" {
#endif

354 355
#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
#define OPENSSL_NO_SSL2
356 357
#endif

358 359 360
#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM

361 362 363
/* This is needed to stop compilers complaining about the
 * 'struct ssl_st *' function parameters used to prototype callbacks
 * in SSL_CTX. */
364
typedef struct ssl_st *ssl_crock_st;
D
Dr. Stephen Henson 已提交
365
typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
366 367 368
typedef struct ssl_method_st SSL_METHOD;
typedef struct ssl_cipher_st SSL_CIPHER;
typedef struct ssl_session_st SSL_SESSION;
369
typedef struct tls_sigalgs_st TLS_SIGALGS;
370 371 372

DECLARE_STACK_OF(SSL_CIPHER)

B
Ben Laurie 已提交
373 374 375 376 377 378 379 380 381
/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
typedef struct srtp_protection_profile_st
       {
       const char *name;
       unsigned long id;
       } SRTP_PROTECTION_PROFILE;

DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)

382 383 384 385 386
typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);


#ifndef OPENSSL_NO_SSL_INTERN
387 388

/* used to hold info on the particular ciphers used */
389
struct ssl_cipher_st
390 391
	{
	int valid;
B
Ben Laurie 已提交
392
	const char *name;		/* text name */
393
	unsigned long id;		/* id, 4 bytes, first is version */
394 395 396 397 398 399 400 401

	/* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
	unsigned long algorithm_mkey;	/* key exchange algorithm */
	unsigned long algorithm_auth;	/* server authentication */
	unsigned long algorithm_enc;	/* symmetric encryption */
	unsigned long algorithm_mac;	/* symmetric authentication */
	unsigned long algorithm_ssl;	/* (major) protocol version */

402
	unsigned long algo_strength;	/* strength and export flags */
403
	unsigned long algorithm2;	/* Extra flags */
404 405
	int strength_bits;		/* Number of bits really used */
	int alg_bits;			/* Number of bits for algorithm */
406
	};
B
Ben Laurie 已提交
407

D
Dr. Stephen Henson 已提交
408

409
/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
410
struct ssl_method_st
411 412
	{
	int version;
B
Ben Laurie 已提交
413 414 415 416 417
	int (*ssl_new)(SSL *s);
	void (*ssl_clear)(SSL *s);
	void (*ssl_free)(SSL *s);
	int (*ssl_accept)(SSL *s);
	int (*ssl_connect)(SSL *s);
B
Ben Laurie 已提交
418
	int (*ssl_read)(SSL *s,void *buf,int len);
419
	int (*ssl_peek)(SSL *s,void *buf,int len);
B
Ben Laurie 已提交
420
	int (*ssl_write)(SSL *s,const void *buf,int len);
B
Ben Laurie 已提交
421 422 423
	int (*ssl_shutdown)(SSL *s);
	int (*ssl_renegotiate)(SSL *s);
	int (*ssl_renegotiate_check)(SSL *s);
B
Ben Laurie 已提交
424 425 426 427 428 429
	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
		max, int *ok);
	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
		int peek);
	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
	int (*ssl_dispatch_alert)(SSL *s);
430 431
	long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
432
	const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
B
Ben Laurie 已提交
433
	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
B
Ben Laurie 已提交
434
	int (*ssl_pending)(const SSL *s);
B
Ben Laurie 已提交
435
	int (*num_ciphers)(void);
436
	const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
437
	const struct ssl_method_st *(*get_ssl_method)(int version);
B
Ben Laurie 已提交
438
	long (*get_timeout)(void);
439
	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
440 441 442
	int (*ssl_version)(void);
	long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
	long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
443
	};
444 445 446 447 448

/* Lets make this into an ASN.1 type structure as follows
 * SSL_SESSION_ID ::= SEQUENCE {
 *	version 		INTEGER,	-- structure version number
 *	SSLversion 		INTEGER,	-- SSL version number
N
Nils Larsch 已提交
449 450 451 452 453
 *	Cipher 			OCTET STRING,	-- the 3 byte cipher ID
 *	Session_ID 		OCTET STRING,	-- the Session ID
 *	Master_key 		OCTET STRING,	-- the master key
 *	KRB5_principal		OCTET STRING	-- optional Kerberos principal
 *	Key_Arg [ 0 ] IMPLICIT	OCTET STRING,	-- the optional Key argument
454 455 456
 *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time
 *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds
 *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate
N
Nils Larsch 已提交
457
 *	Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
458
 *	Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
N
Nils Larsch 已提交
459
 *	HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension 
B
Bodo Möller 已提交
460 461 462 463 464 465
 *	PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
 *	PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
 *	Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
 *	Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
 *	Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
 *	SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
466 467 468 469
 *	}
 * Look in ssl/ssl_asn1.c for more details
 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
 */
470
struct ssl_session_st
471 472 473 474 475 476 477 478 479 480 481 482
	{
	int ssl_version;	/* what ssl version session info is
				 * being kept in here? */

	/* only really used in SSLv2 */
	unsigned int key_arg_length;
	unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
	int master_key_length;
	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
	/* session_id - valid? */
	unsigned int session_id_length;
	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
B
Ben Laurie 已提交
483 484 485 486 487
	/* this is used to determine whether the session is being reused in
	 * the appropriate context. It is up to the application to set this,
	 * via SSL_new */
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
488

489 490 491 492
#ifndef OPENSSL_NO_KRB5
        unsigned int krb5_client_princ_len;
        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
#endif /* OPENSSL_NO_KRB5 */
493 494 495 496
#ifndef OPENSSL_NO_PSK
	char *psk_identity_hint;
	char *psk_identity;
#endif
497 498 499
	/* Used to indicate that session resumption is not allowed.
	 * Applications can also set this bit for a new session via
	 * not_resumable_session_cb to disable session caching and tickets. */
500 501 502
	int not_resumable;

	/* The cert is the certificate used to establish this connection */
503
	struct sess_cert_st /* SESS_CERT */ *sess_cert;
504

505
	/* This is the cert for the other end.
506
	 * On clients, it will be the same as sess_cert->peer_key->x509
507 508
	 * (the latter is not enough as sess_cert is not retained
	 * in the external representation of sessions, see ssl_asn1.c). */
509
	X509 *peer;
510 511 512
	/* when app_verify_callback accepts a session where the peer's certificate
	 * is not ok, we must remember the error for session reuse: */
	long verify_result; /* only for servers */
513 514 515 516 517

	int references;
	long timeout;
	long time;

518
	unsigned int compress_meth;	/* Need to lookup the method */
519

520
	const SSL_CIPHER *cipher;
521 522 523 524
	unsigned long cipher_id;	/* when ASN.1 loaded, this
					 * needs to be used to load
					 * the 'cipher' structure */

B
Ben Laurie 已提交
525
	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
526

527 528 529 530 531
	CRYPTO_EX_DATA ex_data; /* application specific data */

	/* These are used to make removal of session-ids more
	 * efficient and to implement a maximum cache size. */
	struct ssl_session_st *prev,*next;
532 533
#ifndef OPENSSL_NO_TLSEXT
	char *tlsext_hostname;
534
#ifndef OPENSSL_NO_EC
B
Bodo Möller 已提交
535 536
	size_t tlsext_ecpointformatlist_length;
	unsigned char *tlsext_ecpointformatlist; /* peer's list */
537 538
	size_t tlsext_ellipticcurvelist_length;
	unsigned char *tlsext_ellipticcurvelist; /* peer's list */
539
#endif /* OPENSSL_NO_EC */
540 541 542 543
	/* RFC4507 info */
	unsigned char *tlsext_tick;	/* Session ticket */
	size_t	tlsext_ticklen;		/* Session ticket length */	
	long tlsext_tick_lifetime_hint;	/* Session lifetime hint in seconds */
B
Ben Laurie 已提交
544 545 546
#endif
#ifndef OPENSSL_NO_SRP
	char *srp_username;
547
#endif
548
	};
549

550
#endif
551

552 553
#define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
554 555
/* Allow initial connection to servers that don't support RI */
#define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
556 557 558
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
B
Bodo Möller 已提交
559
#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
560
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
561
#define SSL_OP_TLS_D5_BUG				0x00000100L
562
#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
563
#define SSL_OP_NO_TLSv1_1				0x00000400L
564

565 566 567 568 569 570 571 572 573
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
 * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
 * the workaround is not needed.  Unfortunately some broken SSL/TLS
 * implementations cannot handle it at all, which is why we include
 * it in SSL_OP_ALL. */
#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */

/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
 *             This used to be 0x000FFFFFL before 0.9.7. */
574
#define SSL_OP_ALL					0x80000BFFL
575

B
Ben Laurie 已提交
576 577 578 579
/* DTLS options */
#define SSL_OP_NO_QUERY_MTU                 0x00001000L
/* Turn on Cookie Exchange (on relevant for servers) */
#define SSL_OP_COOKIE_EXCHANGE              0x00002000L
580 581
/* Don't use RFC4507 ticket extension */
#define SSL_OP_NO_TICKET	            0x00004000L
582 583
/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
#define SSL_OP_CISCO_ANYCONNECT		    0x00008000L
B
Ben Laurie 已提交
584

585 586
/* As server, disallow session resumption on renegotiation */
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
587 588
/* Don't use compression even if supported */
#define SSL_OP_NO_COMPRESSION				0x00020000L
589 590
/* Permit unsafe legacy renegotiation */
#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00040000L
B
Bodo Möller 已提交
591 592
/* If set, always create a new key when using tmp_ecdh parameters */
#define SSL_OP_SINGLE_ECDH_USE				0x00080000L
B
Bodo Möller 已提交
593
/* If set, always create a new key when using tmp_dh parameters */
594
#define SSL_OP_SINGLE_DH_USE				0x00100000L
595 596
/* Set to always use the tmp_rsa key when doing RSA operations,
 * even when this violates protocol specs */
597
#define SSL_OP_EPHEMERAL_RSA				0x00200000L
598 599 600
/* Set on servers to choose the cipher according to the server's
 * preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L
601 602 603 604 605
/* If set, a server will allow a client to issue a SSLv3.0 version number
 * as latest version supported in the premaster secret, even when TLSv1.0
 * (version 3.1) was announced in the client hello. Normally this is
 * forbidden to prevent version rollback attacks. */
#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L
606 607 608 609

#define SSL_OP_NO_SSLv2					0x01000000L
#define SSL_OP_NO_SSLv3					0x02000000L
#define SSL_OP_NO_TLSv1					0x04000000L
610
#define SSL_OP_NO_TLSv1_2				0x08000000L
611

612 613 614
/* These next two were never actually used for anything since SSLeay
 * zap so we have some more flags.
 */
B
Bodo Möller 已提交
615
/* The next flag deliberately changes the ciphertest, this is a check
616
 * for the PKCS#1 attack */
617 618 619
#define SSL_OP_PKCS1_CHECK_1				0x0
#define SSL_OP_PKCS1_CHECK_2				0x0

620
#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
L
Lutz Jänicke 已提交
621
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
622 623 624 625 626
/* Make server add server-hello extension from early version of
 * cryptopro draft, when GOST ciphersuite is negotiated. 
 * Required for interoperability with CryptoPro CSP 3.x 
 */
#define SSL_OP_CRYPTOPRO_TLSEXT_BUG			0x80000000L
627 628 629 630 631 632 633 634 635

/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
 * when just a single record has been written): */
#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
/* Make it possible to retry SSL_write() with changed buffer location
 * (buffer contents must stay the same!); this is not the default to avoid
 * the misconception that non-blocking SSL_write() behaves like
 * non-blocking write(): */
#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
636 637 638
/* Never bother the application with retries if the transport
 * is blocking: */
#define SSL_MODE_AUTO_RETRY 0x00000004L
639 640
/* Don't attempt to automatically build certificate chain */
#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
B
Ben Laurie 已提交
641 642 643 644
/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
 * TLS only.)  "Released" buffers are put onto a free-list in the context
 * or just freed (depending on the context's setting for freelist_max_len). */
#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
645

646 647 648
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
 * they cannot be used to clear bits. */

649
#define SSL_CTX_set_options(ctx,op) \
650
	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
651 652
#define SSL_CTX_clear_options(ctx,op) \
	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
653
#define SSL_CTX_get_options(ctx) \
654
	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
655
#define SSL_set_options(ssl,op) \
656
	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
657 658
#define SSL_clear_options(ssl,op) \
	SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
659
#define SSL_get_options(ssl) \
660
        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
661

662
#define SSL_CTX_set_mode(ctx,op) \
663
	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
664 665
#define SSL_CTX_clear_mode(ctx,op) \
	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
666
#define SSL_CTX_get_mode(ctx) \
667
	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
668 669
#define SSL_clear_mode(ssl,op) \
	SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
670
#define SSL_set_mode(ssl,op) \
671
	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
672
#define SSL_get_mode(ssl) \
673
        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
B
Ben Laurie 已提交
674 675
#define SSL_set_mtu(ssl, mtu) \
        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
676

677 678
#define SSL_get_secure_renegotiation_support(ssl) \
	SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
679

D
Dr. Stephen Henson 已提交
680 681 682 683 684
#ifndef OPENSSL_NO_HEARTBEATS
#define SSL_heartbeat(ssl) \
        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
#endif

685 686 687 688 689
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

B
Ben Laurie 已提交
690
#ifndef OPENSSL_NO_SRP
691

692 693
#ifndef OPENSSL_NO_SSL_INTERN

B
Ben Laurie 已提交
694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713
typedef struct srp_ctx_st
	{
	/* param for all the callbacks */
	void *SRP_cb_arg;
	/* set client Hello login callback */
	int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
	/* set SRP N/g param callback for verification */
	int (*SRP_verify_param_callback)(SSL *, void *);
	/* set SRP client passwd callback */
	char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);

	char *login;
	BIGNUM *N,*g,*s,*B,*A;
	BIGNUM *a,*b,*v;
	char *info;
	int strength;

	unsigned long srp_Mask;
	} SRP_CTX;

714 715
#endif

B
Ben Laurie 已提交
716 717 718 719 720 721 722 723 724 725 726
/* see tls_srp.c */
int SSL_SRP_CTX_init(SSL *s);
int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
int SSL_SRP_CTX_free(SSL *ctx);
int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
int SSL_srp_server_param_with_username(SSL *s, int *ad);
int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
int SRP_Calc_A_param(SSL *s);
int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);

#endif
727

728 729 730 731 732 733
#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
#else
#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
#endif

734 735
#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)

736 737 738 739 740 741
/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
 * them. It is used to override the generation of SSL/TLS session IDs in a
 * server. Return value should be zero on an error, non-zero to proceed. Also,
 * callbacks should themselves check if the id they generate is unique otherwise
 * the SSL handshake will fail with an error - callbacks can do this using the
 * 'ssl' value they're passed by;
742
 *      SSL_has_matching_session_id(ssl, id, *id_len)
743 744 745 746 747 748 749 750 751
 * The length value passed in is set at the maximum size the session ID can be.
 * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
 * can alter this length to be less if desired, but under SSLv2 session IDs are
 * supposed to be fixed at 16 bytes so the id will be padded after the callback
 * returns in this case. It is also an error for the callback to set the size to
 * zero. */
typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
				unsigned int *id_len);

752 753 754 755 756
typedef struct ssl_comp_st SSL_COMP;

#ifndef OPENSSL_NO_SSL_INTERN

struct ssl_comp_st
R
Richard Levitte 已提交
757 758
	{
	int id;
759
	const char *name;
760
#ifndef OPENSSL_NO_COMP
R
Richard Levitte 已提交
761
	COMP_METHOD *method;
762
#else
R
Richard Levitte 已提交
763
	char *method;
764
#endif
765
	};
766

B
Ben Laurie 已提交
767
DECLARE_STACK_OF(SSL_COMP)
B
Ben Laurie 已提交
768
DECLARE_LHASH_OF(SSL_SESSION);
B
Ben Laurie 已提交
769

B
Ben Laurie 已提交
770
struct ssl_ctx_st
771
	{
772
	const SSL_METHOD *method;
773

B
Ben Laurie 已提交
774
	STACK_OF(SSL_CIPHER) *cipher_list;
775
	/* same as above but sorted for lookup */
B
Ben Laurie 已提交
776
	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
777 778

	struct x509_store_st /* X509_STORE */ *cert_store;
B
Ben Laurie 已提交
779
	LHASH_OF(SSL_SESSION) *sessions;
780
	/* Most session-ids that will be cached, default is
B
Bodo Möller 已提交
781
	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
782 783 784
	unsigned long session_cache_size;
	struct ssl_session_st *session_cache_head;
	struct ssl_session_st *session_cache_tail;
785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803

	/* This can have one of 2 values, ored together,
	 * SSL_SESS_CACHE_CLIENT,
	 * SSL_SESS_CACHE_SERVER,
	 * Default is SSL_SESSION_CACHE_SERVER, which means only
	 * SSL_accept which cache SSL_SESSIONS. */
	int session_cache_mode;

	/* If timeout is not 0, it is the default timeout value set
	 * when SSL_new() is called.  This has been put in to make
	 * life easier to set things up */
	long session_timeout;

	/* If this callback is not null, it will be called each
	 * time a session id is added to the cache.  If this function
	 * returns 1, it means that the callback will do a
	 * SSL_SESSION_free() when it has finished using it.  Otherwise,
	 * on 0, it means the callback has finished with it.
	 * If remove_session_cb is not null, it will be called when
R
Richard Levitte 已提交
804 805
	 * a session-id is removed from the cache.  After the call,
	 * OpenSSL will SSL_SESSION_free() it. */
806 807 808 809
	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
		unsigned char *data,int len,int *copy);
810

811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829
	struct
		{
		int sess_connect;	/* SSL new conn - started */
		int sess_connect_renegotiate;/* SSL reneg - requested */
		int sess_connect_good;	/* SSL new conne/reneg - finished */
		int sess_accept;	/* SSL new accept - started */
		int sess_accept_renegotiate;/* SSL reneg - requested */
		int sess_accept_good;	/* SSL accept/reneg - finished */
		int sess_miss;		/* session lookup misses  */
		int sess_timeout;	/* reuse attempt on timeouted session */
		int sess_cache_full;	/* session removed due to full cache */
		int sess_hit;		/* session reuse actually done */
		int sess_cb_hit;	/* session-id that was not
					 * in the cache was
					 * passed back via the callback.  This
					 * indicates that the application is
					 * supplying session-id's from other
					 * processes - spooky :-) */
		} stats;
830 831 832 833

	int references;

	/* if defined, these override the X509_verify_cert() calls */
834 835 836 837
	int (*app_verify_callback)(X509_STORE_CTX *, void *);
	void *app_verify_arg;
	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
	 * ('app_verify_callback' was called with just one argument) */
838

839
	/* Default password callback. */
840
	pem_password_cb *default_passwd_callback;
841

842
	/* Default password callback user data. */
843
	void *default_passwd_callback_userdata;
844

845
	/* get client cert callback */
B
Ben Laurie 已提交
846
	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
847

B
Ben Laurie 已提交
848 849 850 851 852 853 854 855
    /* cookie generate callback */
    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
        unsigned int *cookie_len);

    /* verify cookie callback */
    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
        unsigned int cookie_len);

856 857
	CRYPTO_EX_DATA ex_data;

B
Ben Laurie 已提交
858 859 860
	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
861

B
Ben Laurie 已提交
862
	STACK_OF(X509) *extra_certs;
863 864 865 866 867
	STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */


	/* Default values used when no per-SSL value is defined follow */

B
Ben Laurie 已提交
868
	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
869 870 871 872 873 874 875 876 877 878 879 880 881 882 883

	/* what we put in client cert requests */
	STACK_OF(X509_NAME) *client_CA;


	/* Default values to use in SSL structures follow (these are copied by SSL_new) */

	unsigned long options;
	unsigned long mode;
	long max_cert_list;

	struct cert_st /* CERT */ *cert;
	int read_ahead;

	/* callback that allows applications to peek at protocol messages */
884
	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
885 886 887 888 889 890 891 892 893 894
	void *msg_callback_arg;

	int verify_mode;
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */

	/* Default generate session ID callback. */
	GEN_SESSION_CB generate_session_id;

895 896 897
	X509_VERIFY_PARAM *param;

#if 0
898 899
	int purpose;		/* Purpose setting */
	int trust;		/* Trust setting */
900
#endif
901 902

	int quiet_shutdown;
903 904 905 906 907

	/* Maximum amount of data to send in one fragment.
	 * actual record size can be more than this due to
	 * padding and MAC overheads.
	 */
D
Dr. Stephen Henson 已提交
908
	unsigned int max_send_fragment;
909

910 911 912 913 914 915
#ifndef OPENSSL_ENGINE
	/* Engine to pass requests for client certs to
	 */
	ENGINE *client_cert_engine;
#endif

916
#ifndef OPENSSL_NO_TLSEXT
917
	/* TLS extensions servername callback */
918 919
	int (*tlsext_servername_callback)(SSL*, int *, void *);
	void *tlsext_servername_arg;
920 921 922 923
	/* RFC 4507 session ticket keys */
	unsigned char tlsext_tick_key_name[16];
	unsigned char tlsext_tick_hmac_key[16];
	unsigned char tlsext_tick_aes_key[16];
D
Dr. Stephen Henson 已提交
924 925 926 927 928
	/* Callback to support customisation of ticket key setting */
	int (*tlsext_ticket_key_cb)(SSL *ssl,
					unsigned char *name, unsigned char *iv,
					EVP_CIPHER_CTX *ectx,
 					HMAC_CTX *hctx, int enc);
929

930 931 932 933 934
	/* certificate status request info */
	/* Callback for status request */
	int (*tlsext_status_cb)(SSL *ssl, void *arg);
	void *tlsext_status_arg;

935 936 937
	/* draft-rescorla-tls-opaque-prf-input-00.txt information */
	int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
	void *tlsext_opaque_prf_input_callback_arg;
938
#endif
939

940 941 942 943 944 945 946
#ifndef OPENSSL_NO_PSK
	char *psk_identity_hint;
	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
		unsigned int max_identity_len, unsigned char *psk,
		unsigned int max_psk_len);
	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
		unsigned char *psk, unsigned int max_psk_len);
947
#endif
B
Ben Laurie 已提交
948

949
#ifndef OPENSSL_NO_BUF_FREELISTS
B
Ben Laurie 已提交
950 951 952 953
#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
	unsigned int freelist_max_len;
	struct ssl3_buf_freelist_st *wbuf_freelist;
	struct ssl3_buf_freelist_st *rbuf_freelist;
B
Ben Laurie 已提交
954 955 956
#endif
#ifndef OPENSSL_NO_SRP
	SRP_CTX srp_ctx; /* ctx for SRP authentication */
B
Ben Laurie 已提交
957
#endif
B
Ben Laurie 已提交
958 959

#ifndef OPENSSL_NO_TLSEXT
D
Dr. Stephen Henson 已提交
960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978

# ifndef OPENSSL_NO_NEXTPROTONEG
	/* Next protocol negotiation information */
	/* (for experimental NPN extension). */

	/* For a server, this contains a callback function by which the set of
	 * advertised protocols can be provided. */
	int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
			                 unsigned int *len, void *arg);
	void *next_protos_advertised_cb_arg;
	/* For a client, this contains a callback function that selects the
	 * next protocol from the list provided by the server. */
	int (*next_proto_select_cb)(SSL *s, unsigned char **out,
				    unsigned char *outlen,
				    const unsigned char *in,
				    unsigned int inlen,
				    void *arg);
	void *next_proto_select_cb_arg;
# endif
B
Ben Laurie 已提交
979 980 981
        /* SRTP profiles we are willing to do from RFC 5764 */
        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
#endif
D
Dr. Stephen Henson 已提交
982 983 984
	/* Callback for disabling session caching and ticket support
	 * on a session basis, depending on the chosen cipher. */
	int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure);
B
Ben Laurie 已提交
985
	};
986

987 988
#endif

989 990 991
#define SSL_SESS_CACHE_OFF			0x0000
#define SSL_SESS_CACHE_CLIENT			0x0001
#define SSL_SESS_CACHE_SERVER			0x0002
992
#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
993
#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
994
/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
995
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
996 997 998
#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
#define SSL_SESS_CACHE_NO_INTERNAL \
	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
999

B
Ben Laurie 已提交
1000
LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024
#define SSL_CTX_sess_number(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
#define SSL_CTX_sess_connect(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
#define SSL_CTX_sess_connect_good(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
#define SSL_CTX_sess_connect_renegotiate(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
#define SSL_CTX_sess_accept(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
#define SSL_CTX_sess_accept_renegotiate(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
#define SSL_CTX_sess_accept_good(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
#define SSL_CTX_sess_hits(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
#define SSL_CTX_sess_cb_hits(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
#define SSL_CTX_sess_misses(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
#define SSL_CTX_sess_timeouts(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
#define SSL_CTX_sess_cache_full(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
1025

N
Nils Larsch 已提交
1026 1027 1028 1029 1030 1031 1032 1033 1034 1035
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
1036
#ifndef OPENSSL_NO_ENGINE
1037
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
1038
#endif
N
Nils Larsch 已提交
1039 1040
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
B
Ben Laurie 已提交
1041
#ifndef OPENSSL_NO_NEXTPROTONEG
B
Ben Laurie 已提交
1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
					   int (*cb) (SSL *ssl,
						      const unsigned char **out,
						      unsigned int *outlen,
						      void *arg), void *arg);
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
				      int (*cb) (SSL *ssl, unsigned char **out,
						 unsigned char *outlen,
						 const unsigned char *in,
						 unsigned int inlen, void *arg),
				      void *arg);

int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
			  const unsigned char *in, unsigned int inlen,
			  const unsigned char *client, unsigned int client_len);
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
				    unsigned *len);

#define OPENSSL_NPN_UNSUPPORTED	0
#define OPENSSL_NPN_NEGOTIATED	1
#define OPENSSL_NPN_NO_OVERLAP	2

#endif
1065

1066 1067 1068 1069
#ifndef OPENSSL_NO_PSK
/* the maximum length of the buffer given to callbacks containing the
 * resulting identity/psk */
#define PSK_MAX_IDENTITY_LEN 128
1070
#define PSK_MAX_PSK_LEN 256
N
Nils Larsch 已提交
1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084
void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 
	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
		char *identity, unsigned int max_identity_len, unsigned char *psk,
		unsigned int max_psk_len));
void SSL_set_psk_client_callback(SSL *ssl, 
	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
		char *identity, unsigned int max_identity_len, unsigned char *psk,
		unsigned int max_psk_len));
void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 
	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
		unsigned char *psk, unsigned int max_psk_len));
void SSL_set_psk_server_callback(SSL *ssl,
	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
		unsigned char *psk, unsigned int max_psk_len));
1085 1086 1087 1088 1089 1090
int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
const char *SSL_get_psk_identity_hint(const SSL *s);
const char *SSL_get_psk_identity(const SSL *s);
#endif

1091 1092 1093 1094 1095 1096
#define SSL_NOTHING	1
#define SSL_WRITING	2
#define SSL_READING	3
#define SSL_X509_LOOKUP	4

/* These will only be used when doing non-blocking IO */
1097 1098 1099 1100
#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)
#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)
#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)
1101

1102 1103 1104
#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2

1105 1106
#ifndef OPENSSL_NO_SSL_INTERN

B
Ben Laurie 已提交
1107
struct ssl_st
1108
	{
1109
	/* protocol version
B
Ben Laurie 已提交
1110
	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
1111
	 */
1112 1113 1114
	int version;
	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */

1115
	const SSL_METHOD *method; /* SSLv3 */
1116 1117 1118 1119 1120

	/* There are 2 BIO's even though they are normally both the
	 * same.  This is so data can be read and written to different
	 * handlers */

1121
#ifndef OPENSSL_NO_BIO
1122 1123
	BIO *rbio; /* used by SSL_read */
	BIO *wbio; /* used by SSL_write */
1124
	BIO *bbio; /* used during session-id reuse to concatenate
1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138
		    * messages */
#else
	char *rbio; /* used by SSL_read */
	char *wbio; /* used by SSL_write */
	char *bbio;
#endif
	/* This holds a variable that indicates what we were doing
	 * when a 0 or -1 is returned.  This is needed for
	 * non-blocking IO so we know what request needs re-doing when
	 * in SSL_accept or SSL_connect */
	int rwstate;

	/* true when we are actually in SSL_accept() or SSL_connect() */
	int in_handshake;
1139
	int (*handshake_func)(SSL *);
1140

B
Bodo Möller 已提交
1141 1142 1143 1144 1145 1146
	/* Imagine that here's a boolean member "init" that is
	 * switched as soon as SSL_set_{accept/connect}_state
	 * is called for the first time, so that "state" and
	 * "handshake_func" are properly initialized.  But as
	 * handshake_func is == 0 until then, we use this
	 * test instead of an "init" member.
1147 1148
	 */

1149
	int server;	/* are we the server side? - mostly used by SSL_clear*/
1150

D
Dr. Stephen Henson 已提交
1151
	int new_session;/* Generate a new session or reuse an old one.
B
Bodo Möller 已提交
1152 1153 1154
	                 * NB: For servers, the 'new' session may actually be a previously
	                 * cached session or even the previous session unless
	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
1155 1156 1157 1158 1159 1160 1161
	int quiet_shutdown;/* don't send shutdown packets */
	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
			 * for received */
	int state;	/* where we are */
	int rstate;	/* where we are when reading */

	BUF_MEM *init_buf;	/* buffer used during init */
1162
	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */
1163 1164 1165 1166 1167 1168 1169
	int init_num;		/* amount read/written */
	int init_off;		/* amount read/written */

	/* used internally to point at a raw packet */
	unsigned char *packet;
	unsigned int packet_length;

1170 1171
	struct ssl2_state_st *s2; /* SSLv2 variables */
	struct ssl3_state_st *s3; /* SSLv3 variables */
B
Ben Laurie 已提交
1172
	struct dtls1_state_st *d1; /* DTLSv1 variables */
1173

1174 1175
	int read_ahead;		/* Read as many input bytes as possible
	               	 	 * (for non-blocking reads) */
1176 1177

	/* callback that allows applications to peek at protocol messages */
1178
	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
1179 1180
	void *msg_callback_arg;

1181 1182
	int hit;		/* reusing a previous session */

1183 1184 1185
	X509_VERIFY_PARAM *param;

#if 0
1186 1187
	int purpose;		/* Purpose setting */
	int trust;		/* Trust setting */
1188
#endif
1189

1190
	/* crypto */
B
Ben Laurie 已提交
1191 1192
	STACK_OF(SSL_CIPHER) *cipher_list;
	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1193

1194
	/* These are the ones being used, the ones in SSL_SESSION are
1195
	 * the ones to be 'copied' into these ones */
1196
	int mac_flags; 
1197
	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
1198
	EVP_MD_CTX *read_hash;		/* used for mac generation */
1199
#ifndef OPENSSL_NO_COMP
1200 1201 1202 1203
	COMP_CTX *expand;			/* uncompress */
#else
	char *expand;
#endif
1204 1205

	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
1206
	EVP_MD_CTX *write_hash;		/* used for mac generation */
1207
#ifndef OPENSSL_NO_COMP
1208 1209 1210 1211
	COMP_CTX *compress;			/* compression */
#else
	char *compress;	
#endif
1212 1213 1214 1215 1216 1217 1218

	/* session info */

	/* client cert? */
	/* This is used to hold the server certificate used */
	struct cert_st /* CERT */ *cert;

B
Ben Laurie 已提交
1219 1220 1221 1222 1223
	/* the session_id_context is used to ensure sessions are only reused
	 * in the appropriate context */
	unsigned int sid_ctx_length;
	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];

1224 1225 1226
	/* This can also be in the session once a session is established */
	SSL_SESSION *session;

1227 1228 1229
	/* Default generate session ID callback. */
	GEN_SESSION_CB generate_session_id;

1230 1231 1232
	/* Used in SSL2 and SSL3 */
	int verify_mode;	/* 0 don't care about verify failure.
				 * 1 fail if verify fails */
B
Ben Laurie 已提交
1233
	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
1234

B
Ben Laurie 已提交
1235
	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
1236 1237 1238 1239

	int error;		/* error bytes to be written */
	int error_code;		/* actual code */

1240
#ifndef OPENSSL_NO_KRB5
1241
	KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
1242
#endif	/* OPENSSL_NO_KRB5 */
1243

1244 1245 1246 1247 1248 1249 1250 1251
#ifndef OPENSSL_NO_PSK
	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
		unsigned int max_identity_len, unsigned char *psk,
		unsigned int max_psk_len);
	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
		unsigned char *psk, unsigned int max_psk_len);
#endif

1252 1253 1254 1255 1256 1257
	SSL_CTX *ctx;
	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
	 * and SSL_write() calls, good for nbio debuging :-) */
	int debug;	

	/* extra application data */
1258 1259
	long verify_result;
	CRYPTO_EX_DATA ex_data;
1260 1261

	/* for server side, keep the list of CA_dn we can use */
B
Ben Laurie 已提交
1262
	STACK_OF(X509_NAME) *client_CA;
1263

1264
	int references;
1265 1266
	unsigned long options; /* protocol behaviour */
	unsigned long mode; /* API behaviour */
1267
	long max_cert_list;
1268
	int first_packet;
1269
	int client_version;	/* what was passed, used for
U
Ulf Möller 已提交
1270
				 * SSLv3/TLS rollback check */
D
Dr. Stephen Henson 已提交
1271
	unsigned int max_send_fragment;
1272
#ifndef OPENSSL_NO_TLSEXT
1273 1274 1275 1276 1277
	/* TLS extension debug callback */
	void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
					unsigned char *data, int len,
					void *arg);
	void *tlsext_debug_arg;
1278
	char *tlsext_hostname;
1279 1280 1281 1282 1283
	int servername_done;   /* no further mod of servername 
	                          0 : call the servername extension callback.
	                          1 : prepare 2, allow last ack just after in server callback.
	                          2 : don't call servername callback, no ack in server hello
	                       */
1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295
	/* certificate status request info */
	/* Status type or -1 if no status type */
	int tlsext_status_type;
	/* Expect OCSP CertificateStatus message */
	int tlsext_status_expected;
	/* OCSP status request only */
	STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
	X509_EXTENSIONS *tlsext_ocsp_exts;
	/* OCSP response received or to be sent */
	unsigned char *tlsext_ocsp_resp;
	int tlsext_ocsp_resplen;

1296 1297
	/* RFC4507 session ticket expected to be received or sent */
	int tlsext_ticket_expected;
1298
#ifndef OPENSSL_NO_EC
B
Bodo Möller 已提交
1299 1300
	size_t tlsext_ecpointformatlist_length;
	unsigned char *tlsext_ecpointformatlist; /* our list */
1301 1302
	size_t tlsext_ellipticcurvelist_length;
	unsigned char *tlsext_ellipticcurvelist; /* our list */
1303
#endif /* OPENSSL_NO_EC */
1304 1305 1306 1307 1308

	/* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
	void *tlsext_opaque_prf_input;
	size_t tlsext_opaque_prf_input_len;

D
Dr. Stephen Henson 已提交
1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319
	/* TLS Session Ticket extension override */
	TLS_SESSION_TICKET_EXT *tlsext_session_ticket;

	/* TLS Session Ticket extension callback */
	tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
	void *tls_session_ticket_ext_cb_arg;

	/* TLS pre-shared secret session resumption */
	tls_session_secret_cb_fn tls_session_secret_cb;
	void *tls_session_secret_cb_arg;

1320
	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
B
Ben Laurie 已提交
1321

B
Ben Laurie 已提交
1322
#ifndef OPENSSL_NO_NEXTPROTONEG
B
Ben Laurie 已提交
1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333
	/* Next protocol negotiation. For the client, this is the protocol that
	 * we sent in NextProtocol and is set when handling ServerHello
	 * extensions.
	 *
	 * For a server, this is the client's selected_protocol from
	 * NextProtocol and is set when handling the NextProtocol message,
	 * before the Finished message. */
	unsigned char *next_proto_negotiated;
	unsigned char next_proto_negotiated_len;
#endif

B
Bodo Möller 已提交
1334
#define session_ctx initial_ctx
B
Ben Laurie 已提交
1335

D
Dr. Stephen Henson 已提交
1336 1337 1338 1339 1340 1341 1342 1343 1344 1345
	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
	SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */

	unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
	                                   0: disabled
	                                   1: enabled
	                                   2: enabled, but not allowed to send Requests
	                                 */
	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
	unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
B
Bodo Möller 已提交
1346 1347
#else
#define session_ctx ctx
1348
#endif /* OPENSSL_NO_TLSEXT */
D
Dr. Stephen Henson 已提交
1349

D
Dr. Stephen Henson 已提交
1350 1351 1352 1353 1354 1355 1356
	int renegotiate;/* 1 if we are renegotiating.
	                 * 2 if we are a server and are inside a handshake
	                 * (i.e. not just sending a HelloRequest) */
#ifndef OPENSSL_NO_SRP
	SRP_CTX srp_ctx; /* ctx for SRP authentication */
#endif

D
Dr. Stephen Henson 已提交
1357 1358 1359
	/* Callback for disabling session caching and ticket support
	 * on a session basis, depending on the chosen cipher. */
	int (*not_resumable_session_cb)(SSL *ssl, int is_forward_secure);
B
Ben Laurie 已提交
1360
	};
1361

1362 1363
#endif

1364 1365 1366 1367
#ifdef __cplusplus
}
#endif

1368 1369 1370
#include <openssl/ssl2.h>
#include <openssl/ssl3.h>
#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
B
Ben Laurie 已提交
1371
#include <openssl/dtls1.h> /* Datagram TLS */
1372
#include <openssl/ssl23.h>
B
Ben Laurie 已提交
1373
#include <openssl/srtp.h>  /* Support for the use_srtp extension */
1374

1375 1376 1377 1378
#ifdef  __cplusplus
extern "C" {
#endif

U
Ulf Möller 已提交
1379
/* compatibility */
1380 1381 1382 1383 1384 1385
#define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))
#define SSL_get_app_data(s)		(SSL_get_ex_data(s,0))
#define SSL_SESSION_set_app_data(s,a)	(SSL_SESSION_set_ex_data(s,0,(char *)a))
#define SSL_SESSION_get_app_data(s)	(SSL_SESSION_get_ex_data(s,0))
#define SSL_CTX_get_app_data(ctx)	(SSL_CTX_get_ex_data(ctx,0))
#define SSL_CTX_set_app_data(ctx,arg)	(SSL_CTX_set_ex_data(ctx,0,(char *)arg))
1386 1387

/* The following are the possible values for ssl->state are are
U
Ulf Möller 已提交
1388
 * used to indicate where we are up to in the SSL connection establishment.
1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416
 * The macros that follow are about the only things you should need to use
 * and even then, only when using non-blocking IO.
 * It can also be useful to work out where you were when the connection
 * failed */

#define SSL_ST_CONNECT			0x1000
#define SSL_ST_ACCEPT			0x2000
#define SSL_ST_MASK			0x0FFF
#define SSL_ST_INIT			(SSL_ST_CONNECT|SSL_ST_ACCEPT)
#define SSL_ST_BEFORE			0x4000
#define SSL_ST_OK			0x03
#define SSL_ST_RENEGOTIATE		(0x04|SSL_ST_INIT)

#define SSL_CB_LOOP			0x01
#define SSL_CB_EXIT			0x02
#define SSL_CB_READ			0x04
#define SSL_CB_WRITE			0x08
#define SSL_CB_ALERT			0x4000 /* used in callback */
#define SSL_CB_READ_ALERT		(SSL_CB_ALERT|SSL_CB_READ)
#define SSL_CB_WRITE_ALERT		(SSL_CB_ALERT|SSL_CB_WRITE)
#define SSL_CB_ACCEPT_LOOP		(SSL_ST_ACCEPT|SSL_CB_LOOP)
#define SSL_CB_ACCEPT_EXIT		(SSL_ST_ACCEPT|SSL_CB_EXIT)
#define SSL_CB_CONNECT_LOOP		(SSL_ST_CONNECT|SSL_CB_LOOP)
#define SSL_CB_CONNECT_EXIT		(SSL_ST_CONNECT|SSL_CB_EXIT)
#define SSL_CB_HANDSHAKE_START		0x10
#define SSL_CB_HANDSHAKE_DONE		0x20

/* Is the SSL_connection established? */
1417 1418 1419 1420 1421 1422
#define SSL_get_state(a)		SSL_state(a)
#define SSL_is_init_finished(a)		(SSL_state(a) == SSL_ST_OK)
#define SSL_in_init(a)			(SSL_state(a)&SSL_ST_INIT)
#define SSL_in_before(a)		(SSL_state(a)&SSL_ST_BEFORE)
#define SSL_in_connect_init(a)		(SSL_state(a)&SSL_ST_CONNECT)
#define SSL_in_accept_init(a)		(SSL_state(a)&SSL_ST_ACCEPT)
1423 1424 1425 1426 1427 1428 1429

/* The following 2 states are kept in ssl->rstate when reads fail,
 * you should not need these */
#define SSL_ST_READ_HEADER			0xF0
#define SSL_ST_READ_BODY			0xF1
#define SSL_ST_READ_DONE			0xF2

1430 1431 1432 1433
/* Obtain latest Finished message
 *   -- that we sent (SSL_get_finished)
 *   -- that we expected from peer (SSL_get_peer_finished).
 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
B
Ben Laurie 已提交
1434 1435
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1436

1437 1438 1439 1440 1441 1442 1443
/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
 * are 'ored' with SSL_VERIFY_PEER if they are desired */
#define SSL_VERIFY_NONE			0x00
#define SSL_VERIFY_PEER			0x01
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02
#define SSL_VERIFY_CLIENT_ONCE		0x04

1444
#define OpenSSL_add_ssl_algorithms()	SSL_library_init()
1445 1446
#define SSLeay_add_ssl_algorithms()	SSL_library_init()

U
Ulf Möller 已提交
1447
/* this is for backward compatibility */
1448 1449 1450 1451 1452 1453 1454
#if 0 /* NEW_SSLEAY */
#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
#define SSL_set_pref_cipher(c,n)	SSL_set_cipher_list(c,n)
#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
#define SSL_remove_session(a,b)		SSL_CTX_remove_session((a),(b))
#define SSL_flush_sessions(a,b)		SSL_CTX_flush_sessions((a),(b))
#endif
U
Ulf Möller 已提交
1455
/* More backward compatibility */
1456 1457 1458 1459 1460 1461 1462 1463
#define SSL_get_cipher(s) \
		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
#define SSL_get_cipher_bits(s,np) \
		SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
#define SSL_get_cipher_version(s) \
		SSL_CIPHER_get_version(SSL_get_current_cipher(s))
#define SSL_get_cipher_name(s) \
		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
1464 1465 1466 1467
#define SSL_get_time(a)		SSL_SESSION_get_time(a)
#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))
#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))
1468

1469 1470
#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
D
Dr. Stephen Henson 已提交
1471 1472

DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1473

B
Bodo Möller 已提交
1474
#define SSL_AD_REASON_OFFSET		1000 /* offset to get SSL_R_... value from SSL_AD_... */
1475

1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494
/* These alert types are for SSLv3 and TLSv1 */
#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */
#define SSL_AD_DECRYPTION_FAILED	TLS1_AD_DECRYPTION_FAILED
#define SSL_AD_RECORD_OVERFLOW		TLS1_AD_RECORD_OVERFLOW
#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
#define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE/* fatal */
#define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE /* Not for TLS */
#define SSL_AD_BAD_CERTIFICATE		SSL3_AD_BAD_CERTIFICATE
#define SSL_AD_UNSUPPORTED_CERTIFICATE	SSL3_AD_UNSUPPORTED_CERTIFICATE
#define SSL_AD_CERTIFICATE_REVOKED	SSL3_AD_CERTIFICATE_REVOKED
#define SSL_AD_CERTIFICATE_EXPIRED	SSL3_AD_CERTIFICATE_EXPIRED
#define SSL_AD_CERTIFICATE_UNKNOWN	SSL3_AD_CERTIFICATE_UNKNOWN
#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA	/* fatal */
#define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */
#define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */
#define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR
U
Ulf Möller 已提交
1495
#define SSL_AD_EXPORT_RESTRICTION	TLS1_AD_EXPORT_RESTRICTION/* fatal */
1496 1497 1498
#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */
#define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
#define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */
U
Ulf Möller 已提交
1499
#define SSL_AD_USER_CANCELLED		TLS1_AD_USER_CANCELLED
1500
#define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION
1501 1502
#define SSL_AD_UNSUPPORTED_EXTENSION	TLS1_AD_UNSUPPORTED_EXTENSION
#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1503
#define SSL_AD_UNRECOGNIZED_NAME	TLS1_AD_UNRECOGNIZED_NAME
1504 1505
#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1506
#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
1507

1508 1509 1510 1511 1512
#define SSL_ERROR_NONE			0
#define SSL_ERROR_SSL			1
#define SSL_ERROR_WANT_READ		2
#define SSL_ERROR_WANT_WRITE		3
#define SSL_ERROR_WANT_X509_LOOKUP	4
B
Bodo Möller 已提交
1513
#define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */
1514 1515
#define SSL_ERROR_ZERO_RETURN		6
#define SSL_ERROR_WANT_CONNECT		7
1516
#define SSL_ERROR_WANT_ACCEPT		8
1517

1518 1519 1520
#define SSL_CTRL_NEED_TMP_RSA			1
#define SSL_CTRL_SET_TMP_RSA			2
#define SSL_CTRL_SET_TMP_DH			3
B
Bodo Möller 已提交
1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535
#define SSL_CTRL_SET_TMP_ECDH			4
#define SSL_CTRL_SET_TMP_RSA_CB			5
#define SSL_CTRL_SET_TMP_DH_CB			6
#define SSL_CTRL_SET_TMP_ECDH_CB		7

#define SSL_CTRL_GET_SESSION_REUSED		8
#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	9
#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		10
#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	11
#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	12
#define SSL_CTRL_GET_FLAGS			13
#define SSL_CTRL_EXTRA_CHAIN_CERT		14

#define SSL_CTRL_SET_MSG_CALLBACK               15
#define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
1536

B
Ben Laurie 已提交
1537 1538
/* only applies to datagram connections */
#define SSL_CTRL_SET_MTU                17
1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552
/* Stats */
#define SSL_CTRL_SESS_NUMBER			20
#define SSL_CTRL_SESS_CONNECT			21
#define SSL_CTRL_SESS_CONNECT_GOOD		22
#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE	23
#define SSL_CTRL_SESS_ACCEPT			24
#define SSL_CTRL_SESS_ACCEPT_GOOD		25
#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE	26
#define SSL_CTRL_SESS_HIT			27
#define SSL_CTRL_SESS_CB_HIT			28
#define SSL_CTRL_SESS_MISSES			29
#define SSL_CTRL_SESS_TIMEOUTS			30
#define SSL_CTRL_SESS_CACHE_FULL		31
#define SSL_CTRL_OPTIONS			32
1553
#define SSL_CTRL_MODE				33
1554 1555 1556 1557 1558 1559 1560

#define SSL_CTRL_GET_READ_AHEAD			40
#define SSL_CTRL_SET_READ_AHEAD			41
#define SSL_CTRL_SET_SESS_CACHE_SIZE		42
#define SSL_CTRL_GET_SESS_CACHE_SIZE		43
#define SSL_CTRL_SET_SESS_CACHE_MODE		44
#define SSL_CTRL_GET_SESS_CACHE_MODE		45
1561

1562 1563 1564
#define SSL_CTRL_GET_MAX_CERT_LIST		50
#define SSL_CTRL_SET_MAX_CERT_LIST		51

1565 1566
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT		52

B
Bodo Möller 已提交
1567
/* see tls1.h for macros based on these */
1568
#ifndef OPENSSL_NO_TLSEXT
1569 1570 1571
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB	53
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG	54
#define SSL_CTRL_SET_TLSEXT_HOSTNAME		55
1572 1573
#define SSL_CTRL_SET_TLSEXT_DEBUG_CB		56
#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG		57
1574 1575
#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS		58
#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS		59
1576 1577 1578
#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT	60
#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB	61
#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
1579 1580 1581 1582 1583 1584 1585 1586 1587
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB	63
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG	64
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE	65
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS	66
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS	67
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS	68
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS	69
#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP	70
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP	71
D
Dr. Stephen Henson 已提交
1588 1589

#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB	72
B
Ben Laurie 已提交
1590 1591 1592 1593

#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB	75
#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB		76
#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB		77
D
Dr. Stephen Henson 已提交
1594 1595 1596 1597 1598

#define SSL_CTRL_SET_SRP_ARG		78
#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME		79
#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH		80
#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD		81
D
Dr. Stephen Henson 已提交
1599 1600 1601 1602 1603
#ifndef OPENSSL_NO_HEARTBEATS
#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT				85
#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING		86
#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS	87
#endif
1604
#endif
1605

D
Dr. Stephen Henson 已提交
1606 1607
#define DTLS_CTRL_GET_TIMEOUT		73
#define DTLS_CTRL_HANDLE_TIMEOUT	74
D
Dr. Stephen Henson 已提交
1608
#define DTLS_CTRL_LISTEN			75
D
Dr. Stephen Henson 已提交
1609

1610 1611 1612
#define SSL_CTRL_GET_RI_SUPPORT			76
#define SSL_CTRL_CLEAR_OPTIONS			77
#define SSL_CTRL_CLEAR_MODE			78
1613
#define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB	79
1614

1615 1616 1617
#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83

1618 1619 1620
#define SSL_CTRL_CHAIN				88
#define SSL_CTRL_CHAIN_CERT			89

1621 1622
#define SSL_CTRL_GET_CURVELIST			90

D
Dr. Stephen Henson 已提交
1623 1624 1625 1626
#define DTLSv1_get_timeout(ssl, arg) \
	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
	SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
D
Dr. Stephen Henson 已提交
1627 1628
#define DTLSv1_listen(ssl, peer) \
	SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
D
Dr. Stephen Henson 已提交
1629

1630 1631 1632 1633 1634 1635 1636 1637
#define SSL_session_reused(ssl) \
	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
#define SSL_num_renegotiations(ssl) \
	SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
#define SSL_clear_num_renegotiations(ssl) \
	SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
#define SSL_total_renegotiations(ssl) \
	SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
1638 1639 1640 1641 1642 1643 1644

#define SSL_CTX_need_tmp_RSA(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
#define SSL_CTX_set_tmp_dh(ctx,dh) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
B
Bodo Möller 已提交
1645 1646
#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1647

1648 1649 1650 1651 1652 1653
#define SSL_need_tmp_RSA(ssl) \
	SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
#define SSL_set_tmp_rsa(ssl,rsa) \
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
#define SSL_set_tmp_dh(ssl,dh) \
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
B
Bodo Möller 已提交
1654 1655
#define SSL_set_tmp_ecdh(ssl,ecdh) \
	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
1656

1657 1658
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
D
typo  
Dr. Stephen Henson 已提交
1659 1660 1661 1662
#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
#define SSL_CTX_clear_extra_chain_certs(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
1663

1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680
#define SSL_CTX_set0_chain(ctx,sk) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
#define SSL_CTX_set1_chain(ctx,sk) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
#define SSL_CTX_add0_chain_cert(ctx,x509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
#define SSL_CTX_add1_chain_cert(ctx,x509) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)

#define SSL_set0_chain(ctx,sk) \
	SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk)
#define SSL_set1_chain(ctx,sk) \
	SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk)
#define SSL_add0_chain_cert(ctx,x509) \
	SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509)
#define SSL_add1_chain_cert(ctx,x509) \
	SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509)
1681 1682 1683
#define SSL_get1_curvelist(ctx, s) \
	SSL_ctrl(ctx,SSL_CTRL_GET_CURVELIST,0,(char *)s)

1684

1685
#ifndef OPENSSL_NO_BIO
1686 1687
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
1688 1689
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
1690 1691 1692 1693 1694
int BIO_ssl_copy_session_id(BIO *to,BIO *from);
void BIO_ssl_shutdown(BIO *ssl_bio);

#endif

1695
int	SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
1696
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1697
void	SSL_CTX_free(SSL_CTX *);
1698
long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
B
Ben Laurie 已提交
1699 1700
long SSL_CTX_get_timeout(const SSL_CTX *ctx);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1701
void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
B
Ben Laurie 已提交
1702
int SSL_want(const SSL *s);
1703 1704
int	SSL_clear(SSL *s);

1705 1706
void	SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);

1707
const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
B
Ben Laurie 已提交
1708 1709 1710
int	SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
char *	SSL_CIPHER_get_version(const SSL_CIPHER *c);
const char *	SSL_CIPHER_get_name(const SSL_CIPHER *c);
1711
unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
B
Ben Laurie 已提交
1712 1713 1714 1715 1716 1717 1718 1719

int	SSL_get_fd(const SSL *s);
int	SSL_get_rfd(const SSL *s);
int	SSL_get_wfd(const SSL *s);
const char  * SSL_get_cipher_list(const SSL *s,int n);
char *	SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
int	SSL_get_read_ahead(const SSL * s);
int	SSL_pending(const SSL *s);
1720
#ifndef OPENSSL_NO_SOCK
1721 1722 1723 1724
int	SSL_set_fd(SSL *s, int fd);
int	SSL_set_rfd(SSL *s, int fd);
int	SSL_set_wfd(SSL *s, int fd);
#endif
1725
#ifndef OPENSSL_NO_BIO
1726
void	SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
B
Ben Laurie 已提交
1727 1728
BIO *	SSL_get_rbio(const SSL *s);
BIO *	SSL_get_wbio(const SSL *s);
1729
#endif
1730
int	SSL_set_cipher_list(SSL *s, const char *str);
1731
void	SSL_set_read_ahead(SSL *s, int yes);
B
Ben Laurie 已提交
1732 1733 1734
int	SSL_get_verify_mode(const SSL *s);
int	SSL_get_verify_depth(const SSL *s);
int	(*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
B
Ben Laurie 已提交
1735 1736
void	SSL_set_verify(SSL *s, int mode,
		       int (*callback)(int ok,X509_STORE_CTX *ctx));
1737
void	SSL_set_verify_depth(SSL *s, int depth);
1738
#ifndef OPENSSL_NO_RSA
1739
int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1740
#endif
1741 1742
int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
1743
int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
1744
int	SSL_use_certificate(SSL *ssl, X509 *x);
1745
int	SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1746

1747
#ifndef OPENSSL_NO_STDIO
1748 1749 1750 1751 1752 1753
int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1754
int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
B
Ben Laurie 已提交
1755
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
B
Ben Laurie 已提交
1756
int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
B
Ben Laurie 已提交
1757
					    const char *file);
1758
#ifndef OPENSSL_SYS_VMS
1759
#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
B
Ben Laurie 已提交
1760
int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
B
Ben Laurie 已提交
1761
					   const char *dir);
1762
#endif
1763 1764 1765
#endif

#endif
1766

1767
void	SSL_load_error_strings(void );
B
Ben Laurie 已提交
1768 1769 1770 1771
const char *SSL_state_string(const SSL *s);
const char *SSL_rstate_string(const SSL *s);
const char *SSL_state_string_long(const SSL *s);
const char *SSL_rstate_string_long(const SSL *s);
B
Ben Laurie 已提交
1772
long	SSL_SESSION_get_time(const SSL_SESSION *s);
1773
long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
B
Ben Laurie 已提交
1774
long	SSL_SESSION_get_timeout(const SSL_SESSION *s);
1775
long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
B
Ben Laurie 已提交
1776
void	SSL_copy_session_id(SSL *to,const SSL *from);
1777 1778 1779
X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
			       unsigned int sid_ctx_len);
1780 1781

SSL_SESSION *SSL_SESSION_new(void);
B
Ben Laurie 已提交
1782 1783
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
					unsigned int *len);
1784
unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
1785
#ifndef OPENSSL_NO_FP_API
B
Ben Laurie 已提交
1786
int	SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
1787
#endif
1788
#ifndef OPENSSL_NO_BIO
B
Ben Laurie 已提交
1789
int	SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
1790 1791 1792 1793 1794 1795
#endif
void	SSL_SESSION_free(SSL_SESSION *ses);
int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
int	SSL_set_session(SSL *to, SSL_SESSION *session);
int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
1796 1797
int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
1798
int	SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1799
					unsigned int id_len);
1800
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
1801
			     long length);
1802 1803

#ifdef HEADER_X509_H
B
Ben Laurie 已提交
1804
X509 *	SSL_get_peer_certificate(const SSL *s);
1805 1806
#endif

B
Ben Laurie 已提交
1807
STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1808

B
Ben Laurie 已提交
1809 1810 1811
int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
B
Ben Laurie 已提交
1812 1813
void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
			int (*callback)(int, X509_STORE_CTX *));
1814
void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
1815
void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
1816
#ifndef OPENSSL_NO_RSA
1817
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
1818
#endif
1819
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
1820 1821
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
1822
	const unsigned char *d, long len);
1823
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
1824
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
1825

1826 1827
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1828

B
Ben Laurie 已提交
1829 1830
int SSL_CTX_check_private_key(const SSL_CTX *ctx);
int SSL_check_private_key(const SSL *ctx);
1831

1832 1833 1834
int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
				       unsigned int sid_ctx_len);

1835
SSL *	SSL_new(SSL_CTX *ctx);
B
Ben Laurie 已提交
1836 1837
int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
				   unsigned int sid_ctx_len);
1838 1839 1840 1841 1842 1843

int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
int SSL_set_purpose(SSL *s, int purpose);
int SSL_CTX_set_trust(SSL_CTX *s, int trust);
int SSL_set_trust(SSL *s, int trust);

D
Dr. Stephen Henson 已提交
1844 1845 1846
int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);

B
Ben Laurie 已提交
1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870
#ifndef OPENSSL_NO_SRP
int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
					char *(*cb)(SSL *,void *));
int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
					  int (*cb)(SSL *,void *));
int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
				      int (*cb)(SSL *,int *,void *));
int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);

int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
			     BIGNUM *sa, BIGNUM *v, char *info);
int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
				const char *grp);

BIGNUM *SSL_get_srp_g(SSL *s);
BIGNUM *SSL_get_srp_N(SSL *s);

char *SSL_get_srp_username(SSL *s);
char *SSL_get_srp_userinfo(SSL *s);
#endif

1871 1872 1873
void	SSL_free(SSL *ssl);
int 	SSL_accept(SSL *ssl);
int 	SSL_connect(SSL *ssl);
1874 1875 1876
int 	SSL_read(SSL *ssl,void *buf,int num);
int 	SSL_peek(SSL *ssl,void *buf,int num);
int 	SSL_write(SSL *ssl,const void *buf,int num);
1877
long	SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
1878
long	SSL_callback_ctrl(SSL *, int, void (*)(void));
1879
long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
1880
long	SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
1881

B
Ben Laurie 已提交
1882 1883
int	SSL_get_error(const SSL *s,int ret_code);
const char *SSL_get_version(const SSL *s);
1884 1885

/* This sets the 'default' SSL version that SSL_new() will create */
1886
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1887

D
Dr. Stephen Henson 已提交
1888
#ifndef OPENSSL_NO_SSL2
1889 1890 1891
const SSL_METHOD *SSLv2_method(void);		/* SSLv2 */
const SSL_METHOD *SSLv2_server_method(void);	/* SSLv2 */
const SSL_METHOD *SSLv2_client_method(void);	/* SSLv2 */
D
Dr. Stephen Henson 已提交
1892
#endif
1893

1894 1895 1896
const SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void);	/* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void);	/* SSLv3 */
1897

1898 1899 1900
const SSL_METHOD *SSLv23_method(void);	/* SSLv3 but can rollback to v2 */
const SSL_METHOD *SSLv23_server_method(void);	/* SSLv3 but can rollback to v2 */
const SSL_METHOD *SSLv23_client_method(void);	/* SSLv3 but can rollback to v2 */
1901

1902 1903 1904
const SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */
const SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */
1905

1906 1907 1908 1909
const SSL_METHOD *TLSv1_1_method(void);		/* TLSv1.1 */
const SSL_METHOD *TLSv1_1_server_method(void);	/* TLSv1.1 */
const SSL_METHOD *TLSv1_1_client_method(void);	/* TLSv1.1 */

1910 1911 1912 1913 1914
const SSL_METHOD *TLSv1_2_method(void);		/* TLSv1.2 */
const SSL_METHOD *TLSv1_2_server_method(void);	/* TLSv1.2 */
const SSL_METHOD *TLSv1_2_client_method(void);	/* TLSv1.2 */


1915 1916 1917
const SSL_METHOD *DTLSv1_method(void);		/* DTLSv1.0 */
const SSL_METHOD *DTLSv1_server_method(void);	/* DTLSv1.0 */
const SSL_METHOD *DTLSv1_client_method(void);	/* DTLSv1.0 */
B
Ben Laurie 已提交
1918

B
Ben Laurie 已提交
1919
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1920 1921 1922

int SSL_do_handshake(SSL *s);
int SSL_renegotiate(SSL *s);
D
Dr. Stephen Henson 已提交
1923
int SSL_renegotiate_abbreviated(SSL *s);
1924
int SSL_renegotiate_pending(SSL *s);
1925 1926
int SSL_shutdown(SSL *s);

1927 1928
const SSL_METHOD *SSL_get_ssl_method(SSL *s);
int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
L
Lutz Jänicke 已提交
1929 1930 1931 1932
const char *SSL_alert_type_string_long(int value);
const char *SSL_alert_type_string(int value);
const char *SSL_alert_desc_string_long(int value);
const char *SSL_alert_desc_string(int value);
1933

1934 1935
void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
B
Ben Laurie 已提交
1936 1937
STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
1938 1939 1940 1941 1942 1943
int SSL_add_client_CA(SSL *ssl,X509 *x);
int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);

void SSL_set_connect_state(SSL *s);
void SSL_set_accept_state(SSL *s);

B
Ben Laurie 已提交
1944
long SSL_get_default_timeout(const SSL *s);
1945

1946
int SSL_library_init(void );
1947

D
Dr. Stephen Henson 已提交
1948
char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
B
Ben Laurie 已提交
1949
STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1950 1951 1952

SSL *SSL_dup(SSL *ssl);

B
Ben Laurie 已提交
1953
X509 *SSL_get_certificate(const SSL *ssl);
1954 1955
/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);

1956
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
B
Ben Laurie 已提交
1957
int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
1958
void SSL_set_quiet_shutdown(SSL *ssl,int mode);
B
Ben Laurie 已提交
1959
int SSL_get_quiet_shutdown(const SSL *ssl);
1960
void SSL_set_shutdown(SSL *ssl,int mode);
B
Ben Laurie 已提交
1961 1962
int SSL_get_shutdown(const SSL *ssl);
int SSL_version(const SSL *ssl);
1963
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1964 1965
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
	const char *CApath);
1966
#define SSL_get0_session SSL_get_session /* just peek at pointer */
B
Ben Laurie 已提交
1967
SSL_SESSION *SSL_get_session(const SSL *ssl);
1968
SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
B
Ben Laurie 已提交
1969
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1970
SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
B
Ben Laurie 已提交
1971 1972
void SSL_set_info_callback(SSL *ssl,
			   void (*cb)(const SSL *ssl,int type,int val));
B
Ben Laurie 已提交
1973 1974
void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
int SSL_state(const SSL *ssl);
1975
void SSL_set_state(SSL *ssl, int state);
1976 1977

void SSL_set_verify_result(SSL *ssl,long v);
B
Ben Laurie 已提交
1978
long SSL_get_verify_result(const SSL *ssl);
1979

1980
int SSL_set_ex_data(SSL *ssl,int idx,void *data);
B
Ben Laurie 已提交
1981
void *SSL_get_ex_data(const SSL *ssl,int idx);
D
 
Dr. Stephen Henson 已提交
1982 1983
int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1984

1985
int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
B
Ben Laurie 已提交
1986
void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
D
 
Dr. Stephen Henson 已提交
1987 1988
int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1989

1990
int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
B
Ben Laurie 已提交
1991
void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
D
 
Dr. Stephen Henson 已提交
1992 1993
int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1994

1995 1996
int SSL_get_ex_data_X509_STORE_CTX_idx(void );

1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
#define SSL_CTX_sess_set_cache_size(ctx,t) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
#define SSL_CTX_sess_get_cache_size(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
#define SSL_CTX_set_session_cache_mode(ctx,m) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
#define SSL_CTX_get_session_cache_mode(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)

#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
#define SSL_CTX_get_read_ahead(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
#define SSL_CTX_set_read_ahead(ctx,m) \
B
Bodo Möller 已提交
2011
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
2012 2013 2014 2015 2016 2017 2018 2019
#define SSL_CTX_get_max_cert_list(ctx) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
#define SSL_CTX_set_max_cert_list(ctx,m) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
#define SSL_get_max_cert_list(ssl) \
	SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
#define SSL_set_max_cert_list(ssl,m) \
	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
2020

2021 2022 2023 2024 2025
#define SSL_CTX_set_max_send_fragment(ctx,m) \
	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
#define SSL_set_max_send_fragment(ssl,m) \
	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)

U
Ulf Möller 已提交
2026
     /* NB: the keylength is only applicable when is_export is true */
2027
#ifndef OPENSSL_NO_RSA
2028
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
U
Ulf Möller 已提交
2029
				  RSA *(*cb)(SSL *ssl,int is_export,
2030
					     int keylength));
2031

2032
void SSL_set_tmp_rsa_callback(SSL *ssl,
U
Ulf Möller 已提交
2033
				  RSA *(*cb)(SSL *ssl,int is_export,
2034
					     int keylength));
2035
#endif
2036
#ifndef OPENSSL_NO_DH
2037
void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
U
Ulf Möller 已提交
2038 2039
				 DH *(*dh)(SSL *ssl,int is_export,
					   int keylength));
2040
void SSL_set_tmp_dh_callback(SSL *ssl,
U
Ulf Möller 已提交
2041 2042
				 DH *(*dh)(SSL *ssl,int is_export,
					   int keylength));
2043
#endif
B
Bodo Möller 已提交
2044 2045 2046 2047 2048 2049 2050 2051
#ifndef OPENSSL_NO_ECDH
void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
					   int keylength));
void SSL_set_tmp_ecdh_callback(SSL *ssl,
				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
					   int keylength));
#endif
2052

2053
#ifndef OPENSSL_NO_COMP
2054 2055 2056
const COMP_METHOD *SSL_get_current_compression(SSL *s);
const COMP_METHOD *SSL_get_current_expansion(SSL *s);
const char *SSL_COMP_get_name(const COMP_METHOD *comp);
2057
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
2058 2059
int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
#else
2060 2061 2062
const void *SSL_get_current_compression(SSL *s);
const void *SSL_get_current_expansion(SSL *s);
const char *SSL_COMP_get_name(const void *comp);
2063
void *SSL_COMP_get_compression_methods(void);
2064
int SSL_COMP_add_compression_method(int id,void *cm);
2065 2066
#endif

D
Dr. Stephen Henson 已提交
2067 2068 2069 2070 2071 2072 2073 2074 2075
/* TLS extensions functions */
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);

int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
				  void *arg);

/* Pre-shared secret session resumption functions */
int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);

2076 2077 2078 2079 2080 2081
void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
	int (*cb)(SSL *ssl, int is_forward_secure));

void SSL_set_not_resumable_session_callback(SSL *ssl,
	int (*cb)(SSL *ssl, int is_forward_secure));

2082 2083
void SSL_set_debug(SSL *s, int debug);
int SSL_cache_hit(SSL *s);
D
Dr. Stephen Henson 已提交
2084

2085
/* BEGIN ERROR CODES */
2086 2087 2088
/* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
 */
B
Bodo Möller 已提交
2089
void ERR_load_SSL_strings(void);
2090

2091 2092 2093 2094
/* Error codes for the SSL functions. */

/* Function codes. */
#define SSL_F_CLIENT_CERTIFICATE			 100
2095
#define SSL_F_CLIENT_FINISHED				 167
2096 2097 2098
#define SSL_F_CLIENT_HELLO				 101
#define SSL_F_CLIENT_MASTER_KEY				 102
#define SSL_F_D2I_SSL_SESSION				 103
2099
#define SSL_F_DO_DTLS1_WRITE				 245
2100
#define SSL_F_DO_SSL3_WRITE				 104
2101
#define SSL_F_DTLS1_ACCEPT				 246
D
Dr. Stephen Henson 已提交
2102
#define SSL_F_DTLS1_ADD_CERT_TO_BUF			 295
2103 2104 2105 2106 2107 2108 2109 2110
#define SSL_F_DTLS1_BUFFER_RECORD			 247
#define SSL_F_DTLS1_CLIENT_HELLO			 248
#define SSL_F_DTLS1_CONNECT				 249
#define SSL_F_DTLS1_ENC					 250
#define SSL_F_DTLS1_GET_HELLO_VERIFY			 251
#define SSL_F_DTLS1_GET_MESSAGE				 252
#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT		 253
#define SSL_F_DTLS1_GET_RECORD				 254
2111
#define SSL_F_DTLS1_HANDLE_TIMEOUT			 297
D
Dr. Stephen Henson 已提交
2112
#define SSL_F_DTLS1_HEARTBEAT				 305
2113
#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN			 255
A
Andy Polyakov 已提交
2114
#define SSL_F_DTLS1_PREPROCESS_FRAGMENT			 288
2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127
#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE		 256
#define SSL_F_DTLS1_PROCESS_RECORD			 257
#define SSL_F_DTLS1_READ_BYTES				 258
#define SSL_F_DTLS1_READ_FAILED				 259
#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST		 260
#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE		 261
#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE		 262
#define SSL_F_DTLS1_SEND_CLIENT_VERIFY			 263
#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST		 264
#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE		 265
#define SSL_F_DTLS1_SEND_SERVER_HELLO			 266
#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE		 267
#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES		 268
2128 2129 2130 2131 2132 2133 2134 2135 2136
#define SSL_F_GET_CLIENT_FINISHED			 105
#define SSL_F_GET_CLIENT_HELLO				 106
#define SSL_F_GET_CLIENT_MASTER_KEY			 107
#define SSL_F_GET_SERVER_FINISHED			 108
#define SSL_F_GET_SERVER_HELLO				 109
#define SSL_F_GET_SERVER_VERIFY				 110
#define SSL_F_I2D_SSL_SESSION				 111
#define SSL_F_READ_N					 112
#define SSL_F_REQUEST_CERTIFICATE			 113
B
Bodo Möller 已提交
2137
#define SSL_F_SERVER_FINISH				 239
2138
#define SSL_F_SERVER_HELLO				 114
B
Bodo Möller 已提交
2139
#define SSL_F_SERVER_VERIFY				 240
2140 2141 2142 2143 2144
#define SSL_F_SSL23_ACCEPT				 115
#define SSL_F_SSL23_CLIENT_HELLO			 116
#define SSL_F_SSL23_CONNECT				 117
#define SSL_F_SSL23_GET_CLIENT_HELLO			 118
#define SSL_F_SSL23_GET_SERVER_HELLO			 119
B
Bodo Möller 已提交
2145
#define SSL_F_SSL23_PEEK				 237
2146 2147 2148 2149 2150
#define SSL_F_SSL23_READ				 120
#define SSL_F_SSL23_WRITE				 121
#define SSL_F_SSL2_ACCEPT				 122
#define SSL_F_SSL2_CONNECT				 123
#define SSL_F_SSL2_ENC_INIT				 124
B
Bodo Möller 已提交
2151
#define SSL_F_SSL2_GENERATE_KEY_MATERIAL		 241
B
Bodo Möller 已提交
2152
#define SSL_F_SSL2_PEEK					 234
2153
#define SSL_F_SSL2_READ					 125
B
Bodo Möller 已提交
2154
#define SSL_F_SSL2_READ_INTERNAL			 236
2155 2156 2157
#define SSL_F_SSL2_SET_CERTIFICATE			 126
#define SSL_F_SSL2_WRITE				 127
#define SSL_F_SSL3_ACCEPT				 128
D
Dr. Stephen Henson 已提交
2158
#define SSL_F_SSL3_ADD_CERT_TO_BUF			 296
2159
#define SSL_F_SSL3_CALLBACK_CTRL			 233
2160 2161
#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
D
Dr. Stephen Henson 已提交
2162
#define SSL_F_SSL3_CHECK_CLIENT_HELLO			 304
2163 2164
#define SSL_F_SSL3_CLIENT_HELLO				 131
#define SSL_F_SSL3_CONNECT				 132
2165
#define SSL_F_SSL3_CTRL					 213
2166
#define SSL_F_SSL3_CTX_CTRL				 133
D
Dr. Stephen Henson 已提交
2167
#define SSL_F_SSL3_DIGEST_CACHED_RECORDS		 293
B
Bodo Möller 已提交
2168
#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC		 292
2169
#define SSL_F_SSL3_ENC					 134
B
Bodo Möller 已提交
2170
#define SSL_F_SSL3_GENERATE_KEY_BLOCK			 238
2171
#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
D
Dr. Stephen Henson 已提交
2172
#define SSL_F_SSL3_GET_CERT_STATUS			 289
2173 2174 2175 2176 2177 2178 2179
#define SSL_F_SSL3_GET_CERT_VERIFY			 136
#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
#define SSL_F_SSL3_GET_CLIENT_HELLO			 138
#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139
#define SSL_F_SSL3_GET_FINISHED				 140
#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141
#define SSL_F_SSL3_GET_MESSAGE				 142
2180
#define SSL_F_SSL3_GET_NEW_SESSION_TICKET		 283
D
Dr. Stephen Henson 已提交
2181
#define SSL_F_SSL3_GET_NEXT_PROTO			 306
2182 2183 2184 2185
#define SSL_F_SSL3_GET_RECORD				 143
#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144
#define SSL_F_SSL3_GET_SERVER_DONE			 145
#define SSL_F_SSL3_GET_SERVER_HELLO			 146
B
Bodo Möller 已提交
2186
#define SSL_F_SSL3_HANDSHAKE_MAC			 285
B
Ben Laurie 已提交
2187
#define SSL_F_SSL3_NEW_SESSION_TICKET			 287
2188
#define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
B
Bodo Möller 已提交
2189
#define SSL_F_SSL3_PEEK					 235
2190 2191 2192 2193 2194 2195 2196
#define SSL_F_SSL3_READ_BYTES				 148
#define SSL_F_SSL3_READ_N				 149
#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151
#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
#define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
B
Bodo Möller 已提交
2197
#define SSL_F_SSL3_SEND_SERVER_HELLO			 242
2198 2199
#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
#define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
2200 2201
#define SSL_F_SSL3_SETUP_READ_BUFFER			 156
#define SSL_F_SSL3_SETUP_WRITE_BUFFER			 291
2202 2203
#define SSL_F_SSL3_WRITE_BYTES				 158
#define SSL_F_SSL3_WRITE_PENDING			 159
2204 2205
#define SSL_F_SSL_ADD_CERT_CHAIN			 316
#define SSL_F_SSL_ADD_CERT_TO_BUF			 317
2206
#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT	 298
B
Bodo Möller 已提交
2207
#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT		 277
B
Ben Laurie 已提交
2208
#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT		 307
B
Ben Laurie 已提交
2209 2210
#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215
#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216
2211
#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT	 299
B
Bodo Möller 已提交
2212
#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT		 278
B
Ben Laurie 已提交
2213
#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT		 308
2214 2215
#define SSL_F_SSL_BAD_METHOD				 160
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
2216 2217
#define SSL_F_SSL_CERT_DUP				 221
#define SSL_F_SSL_CERT_INST				 222
2218
#define SSL_F_SSL_CERT_INSTANTIATE			 214
2219 2220
#define SSL_F_SSL_CERT_NEW				 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
B
Bodo Möller 已提交
2221
#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT		 280
2222
#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG		 279
2223 2224
#define SSL_F_SSL_CIPHER_PROCESS_RULESTR		 230
#define SSL_F_SSL_CIPHER_STRENGTH_SORT			 231
2225 2226 2227
#define SSL_F_SSL_CLEAR					 164
#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD		 165
#define SSL_F_SSL_CREATE_CIPHER_LIST			 166
R
Richard Levitte 已提交
2228
#define SSL_F_SSL_CTRL					 232
2229
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
B
Ben Laurie 已提交
2230
#define SSL_F_SSL_CTX_MAKE_PROFILES			 309
2231
#define SSL_F_SSL_CTX_NEW				 169
2232
#define SSL_F_SSL_CTX_SET_CIPHER_LIST			 269
D
Dr. Stephen Henson 已提交
2233
#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE		 290
2234
#define SSL_F_SSL_CTX_SET_PURPOSE			 226
2235
#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
2236
#define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
2237
#define SSL_F_SSL_CTX_SET_TRUST				 229
2238 2239
#define SSL_F_SSL_CTX_USE_CERTIFICATE			 171
#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172
2240
#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220
2241 2242 2243 2244
#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173
#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 176
2245
#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT		 272
2246 2247 2248 2249 2250
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 177
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 178
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 179
#define SSL_F_SSL_DO_HANDSHAKE				 180
#define SSL_F_SSL_GET_NEW_SESSION			 181
B
Ben Laurie 已提交
2251
#define SSL_F_SSL_GET_PREV_SESSION			 217
D
Dr. Stephen Henson 已提交
2252
#define SSL_F_SSL_GET_SERVER_SEND_PKEY			 182
2253 2254 2255 2256
#define SSL_F_SSL_GET_SIGN_PKEY				 183
#define SSL_F_SSL_INIT_WBIO_BUFFER			 184
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
#define SSL_F_SSL_NEW					 186
2257
#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT	 300
2258
#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT		 302
B
Ben Laurie 已提交
2259
#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT	 310
2260
#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT	 301
2261
#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT		 303
B
Ben Laurie 已提交
2262
#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT	 311
2263
#define SSL_F_SSL_PEEK					 270
B
Bodo Möller 已提交
2264 2265
#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT		 281
#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT		 282
2266
#define SSL_F_SSL_READ					 223
2267 2268 2269 2270
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
#define SSL_F_SSL_SESSION_NEW				 189
#define SSL_F_SSL_SESSION_PRINT_FP			 190
D
Dr. Stephen Henson 已提交
2271
#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT		 312
2272
#define SSL_F_SSL_SESS_CERT_NEW				 225
2273
#define SSL_F_SSL_SET_CERT				 191
2274
#define SSL_F_SSL_SET_CIPHER_LIST			 271
2275 2276
#define SSL_F_SSL_SET_FD				 192
#define SSL_F_SSL_SET_PKEY				 193
2277
#define SSL_F_SSL_SET_PURPOSE				 227
2278 2279
#define SSL_F_SSL_SET_RFD				 194
#define SSL_F_SSL_SET_SESSION				 195
B
Ben Laurie 已提交
2280
#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218
2281
#define SSL_F_SSL_SET_SESSION_TICKET_EXT		 294
2282
#define SSL_F_SSL_SET_TRUST				 228
2283
#define SSL_F_SSL_SET_WFD				 196
2284
#define SSL_F_SSL_SHUTDOWN				 224
D
Dr. Stephen Henson 已提交
2285
#define SSL_F_SSL_SRP_CTX_INIT				 313
B
Ben Laurie 已提交
2286
#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION		 243
2287
#define SSL_F_SSL_UNDEFINED_FUNCTION			 197
2288
#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION		 244
2289 2290 2291 2292 2293 2294
#define SSL_F_SSL_USE_CERTIFICATE			 198
#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199
#define SSL_F_SSL_USE_CERTIFICATE_FILE			 200
#define SSL_F_SSL_USE_PRIVATEKEY			 201
#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202
#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 203
2295
#define SSL_F_SSL_USE_PSK_IDENTITY_HINT			 273
2296 2297 2298 2299 2300
#define SSL_F_SSL_USE_RSAPRIVATEKEY			 204
#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 205
#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206
#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207
#define SSL_F_SSL_WRITE					 208
B
Bodo Möller 已提交
2301
#define SSL_F_TLS1_CERT_VERIFY_MAC			 286
2302
#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209
2303
#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT		 274
2304
#define SSL_F_TLS1_ENC					 210
D
Dr. Stephen Henson 已提交
2305 2306
#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL		 314
#define SSL_F_TLS1_HEARTBEAT				 315
2307 2308
#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT		 275
#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT		 276
B
Bodo Möller 已提交
2309
#define SSL_F_TLS1_PRF					 284
2310 2311
#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211
#define SSL_F_WRITE_PENDING				 212
D
Dr. Stephen Henson 已提交
2312

2313 2314
/* Reason codes. */
#define SSL_R_APP_DATA_IN_HANDSHAKE			 100
B
Ben Laurie 已提交
2315
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326
#define SSL_R_BAD_ALERT_RECORD				 101
#define SSL_R_BAD_AUTHENTICATION_TYPE			 102
#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103
#define SSL_R_BAD_CHECKSUM				 104
#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106
#define SSL_R_BAD_DECOMPRESSION				 107
#define SSL_R_BAD_DH_G_LENGTH				 108
#define SSL_R_BAD_DH_PUB_KEY_LENGTH			 109
#define SSL_R_BAD_DH_P_LENGTH				 110
#define SSL_R_BAD_DIGEST_LENGTH				 111
#define SSL_R_BAD_DSA_SIGNATURE				 112
2327 2328 2329
#define SSL_R_BAD_ECC_CERT				 304
#define SSL_R_BAD_ECDSA_SIGNATURE			 305
#define SSL_R_BAD_ECPOINT				 306
2330
#define SSL_R_BAD_HANDSHAKE_LENGTH			 332
2331
#define SSL_R_BAD_HELLO_REQUEST				 105
B
Ben Laurie 已提交
2332
#define SSL_R_BAD_LENGTH				 271
2333
#define SSL_R_BAD_MAC_DECODE				 113
2334
#define SSL_R_BAD_MAC_LENGTH				 333
2335 2336
#define SSL_R_BAD_MESSAGE_TYPE				 114
#define SSL_R_BAD_PACKET_LENGTH				 115
2337
#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
2338
#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH		 316
2339 2340 2341 2342 2343 2344 2345
#define SSL_R_BAD_RESPONSE_ARGUMENT			 117
#define SSL_R_BAD_RSA_DECRYPT				 118
#define SSL_R_BAD_RSA_ENCRYPT				 119
#define SSL_R_BAD_RSA_E_LENGTH				 120
#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121
#define SSL_R_BAD_RSA_SIGNATURE				 122
#define SSL_R_BAD_SIGNATURE				 123
D
Dr. Stephen Henson 已提交
2346 2347 2348 2349 2350 2351 2352
#define SSL_R_BAD_SRP_A_LENGTH				 347
#define SSL_R_BAD_SRP_B_LENGTH				 348
#define SSL_R_BAD_SRP_G_LENGTH				 349
#define SSL_R_BAD_SRP_N_LENGTH				 350
#define SSL_R_BAD_SRP_S_LENGTH				 351
#define SSL_R_BAD_SRTP_MKI_VALUE			 352
#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST		 353
2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368
#define SSL_R_BAD_SSL_FILETYPE				 124
#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125
#define SSL_R_BAD_STATE					 126
#define SSL_R_BAD_WRITE_RETRY				 127
#define SSL_R_BIO_NOT_SET				 128
#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
#define SSL_R_BN_LIB					 130
#define SSL_R_CA_DN_LENGTH_MISMATCH			 131
#define SSL_R_CA_DN_TOO_LONG				 132
#define SSL_R_CCS_RECEIVED_EARLY			 133
#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
#define SSL_R_CERT_LENGTH_MISMATCH			 135
#define SSL_R_CHALLENGE_IS_DIFFERENT			 136
#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
2369
#define SSL_R_CLIENTHELLO_TLSEXT			 226
2370
#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
2371
#define SSL_R_COMPRESSION_DISABLED			 343
2372
#define SSL_R_COMPRESSION_FAILURE			 141
2373
#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE	 307
2374 2375 2376
#define SSL_R_COMPRESSION_LIBRARY_ERROR			 142
#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143
#define SSL_R_CONNECTION_TYPE_NOT_SET			 144
2377
#define SSL_R_COOKIE_MISMATCH				 308
2378 2379 2380
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
#define SSL_R_DATA_LENGTH_TOO_LONG			 146
#define SSL_R_DECRYPTION_FAILED				 147
2381
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 281
2382 2383
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
#define SSL_R_DIGEST_CHECK_FAILED			 149
2384
#define SSL_R_DTLS_MESSAGE_TOO_BIG			 334
2385
#define SSL_R_DUPLICATE_COMPRESSION_ID			 309
2386 2387 2388 2389
#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT		 317
#define SSL_R_ECC_CERT_NOT_FOR_SIGNING			 318
#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE	 322
#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE	 323
2390
#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310
D
Dr. Stephen Henson 已提交
2391
#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST	 354
2392
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
2393
#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282
2394 2395 2396 2397
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
#define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
D
Dr. Stephen Henson 已提交
2398 2399
#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS		 355
#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION		 356
2400 2401
#define SSL_R_HTTPS_PROXY_REQUEST			 155
#define SSL_R_HTTP_REQUEST				 156
2402
#define SSL_R_ILLEGAL_PADDING				 283
2403
#define SSL_R_INCONSISTENT_COMPRESSION			 340
2404
#define SSL_R_INVALID_CHALLENGE_LENGTH			 158
2405
#define SSL_R_INVALID_COMMAND				 280
2406
#define SSL_R_INVALID_COMPRESSION_ALGORITHM		 341
2407
#define SSL_R_INVALID_PURPOSE				 278
D
Dr. Stephen Henson 已提交
2408
#define SSL_R_INVALID_SRP_USERNAME			 357
2409
#define SSL_R_INVALID_STATUS_RESPONSE			 328
B
Bodo Möller 已提交
2410
#define SSL_R_INVALID_TICKET_KEYS_LENGTH		 325
2411
#define SSL_R_INVALID_TRUST				 279
2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423
#define SSL_R_KEY_ARG_TOO_LONG				 284
#define SSL_R_KRB5					 285
#define SSL_R_KRB5_C_CC_PRINC				 286
#define SSL_R_KRB5_C_GET_CRED				 287
#define SSL_R_KRB5_C_INIT				 288
#define SSL_R_KRB5_C_MK_REQ				 289
#define SSL_R_KRB5_S_BAD_TICKET				 290
#define SSL_R_KRB5_S_INIT				 291
#define SSL_R_KRB5_S_RD_REQ				 292
#define SSL_R_KRB5_S_TKT_EXPIRED			 293
#define SSL_R_KRB5_S_TKT_NYV				 294
#define SSL_R_KRB5_S_TKT_SKEW				 295
2424 2425
#define SSL_R_LENGTH_MISMATCH				 159
#define SSL_R_LENGTH_TOO_SHORT				 160
2426
#define SSL_R_LIBRARY_BUG				 274
2427
#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
2428
#define SSL_R_MESSAGE_TOO_LONG				 296
2429 2430 2431 2432 2433 2434 2435 2436 2437
#define SSL_R_MISSING_DH_DSA_CERT			 162
#define SSL_R_MISSING_DH_KEY				 163
#define SSL_R_MISSING_DH_RSA_CERT			 164
#define SSL_R_MISSING_DSA_SIGNING_CERT			 165
#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 166
#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 167
#define SSL_R_MISSING_RSA_CERTIFICATE			 168
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169
#define SSL_R_MISSING_RSA_SIGNING_CERT			 170
D
Dr. Stephen Henson 已提交
2438
#define SSL_R_MISSING_SRP_PARAM				 358
2439
#define SSL_R_MISSING_TMP_DH_KEY			 171
2440
#define SSL_R_MISSING_TMP_ECDH_KEY			 311
2441 2442 2443
#define SSL_R_MISSING_TMP_RSA_KEY			 172
#define SSL_R_MISSING_TMP_RSA_PKEY			 173
#define SSL_R_MISSING_VERIFY_MESSAGE			 174
D
Dr. Stephen Henson 已提交
2444
#define SSL_R_MULTIPLE_SGC_RESTARTS			 346
2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455
#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
#define SSL_R_NO_CERTIFICATES_RETURNED			 176
#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177
#define SSL_R_NO_CERTIFICATE_RETURNED			 178
#define SSL_R_NO_CERTIFICATE_SET			 179
#define SSL_R_NO_CERTIFICATE_SPECIFIED			 180
#define SSL_R_NO_CIPHERS_AVAILABLE			 181
#define SSL_R_NO_CIPHERS_PASSED				 182
#define SSL_R_NO_CIPHERS_SPECIFIED			 183
#define SSL_R_NO_CIPHER_LIST				 184
#define SSL_R_NO_CIPHER_MATCH				 185
D
Dr. Stephen Henson 已提交
2456
#define SSL_R_NO_CLIENT_CERT_METHOD			 331
2457 2458
#define SSL_R_NO_CLIENT_CERT_RECEIVED			 186
#define SSL_R_NO_COMPRESSION_SPECIFIED			 187
D
Dr. Stephen Henson 已提交
2459
#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER		 330
2460 2461 2462 2463 2464
#define SSL_R_NO_METHOD_SPECIFIED			 188
#define SSL_R_NO_PRIVATEKEY				 189
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
#define SSL_R_NO_PUBLICKEY				 192
2465
#define SSL_R_NO_RENEGOTIATION				 339
B
Bodo Möller 已提交
2466
#define SSL_R_NO_REQUIRED_DIGEST			 324
2467
#define SSL_R_NO_SHARED_CIPHER				 193
D
Dr. Stephen Henson 已提交
2468
#define SSL_R_NO_SRTP_PROFILES				 359
2469 2470 2471 2472
#define SSL_R_NO_VERIFY_CALLBACK			 194
#define SSL_R_NULL_SSL_CTX				 195
#define SSL_R_NULL_SSL_METHOD_PASSED			 196
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
2473
#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
2474
#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 297
2475
#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG			 327
2476
#define SSL_R_PACKET_LENGTH_TOO_LONG			 198
2477
#define SSL_R_PARSE_TLSEXT				 227
2478
#define SSL_R_PATH_TOO_LONG				 270
2479 2480 2481 2482 2483 2484 2485 2486 2487
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199
#define SSL_R_PEER_ERROR				 200
#define SSL_R_PEER_ERROR_CERTIFICATE			 201
#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202
#define SSL_R_PEER_ERROR_NO_CIPHER			 203
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206
#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207
2488 2489 2490
#define SSL_R_PSK_IDENTITY_NOT_FOUND			 223
#define SSL_R_PSK_NO_CLIENT_CB				 224
#define SSL_R_PSK_NO_SERVER_CB				 225
2491 2492 2493 2494
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 208
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 209
#define SSL_R_PUBLIC_KEY_NOT_RSA			 210
#define SSL_R_READ_BIO_NOT_SET				 211
2495
#define SSL_R_READ_TIMEOUT_EXPIRED			 312
2496 2497 2498
#define SSL_R_READ_WRONG_PACKET_TYPE			 212
#define SSL_R_RECORD_LENGTH_MISMATCH			 213
#define SSL_R_RECORD_TOO_LARGE				 214
2499
#define SSL_R_RECORD_TOO_SMALL				 298
2500 2501 2502
#define SSL_R_RENEGOTIATE_EXT_TOO_LONG			 335
#define SSL_R_RENEGOTIATION_ENCODING_ERR		 336
#define SSL_R_RENEGOTIATION_MISMATCH			 337
2503
#define SSL_R_REQUIRED_CIPHER_MISSING			 215
2504
#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING	 342
2505 2506 2507
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218
2508
#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345
2509
#define SSL_R_SERVERHELLO_TLSEXT			 275
2510
#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
2511
#define SSL_R_SHORT_READ				 219
D
Dr. Stephen Henson 已提交
2512
#define SSL_R_SIGNATURE_ALGORITHMS_ERROR		 360
2513
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
D
Dr. Stephen Henson 已提交
2514 2515 2516 2517
#define SSL_R_SRP_A_CALC				 361
#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES		 362
#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG	 363
#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE		 364
2518
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
2519
#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 299
2520
#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT		 321
2521 2522 2523
#define SSL_R_SSL3_EXT_INVALID_SERVERNAME		 319
#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE		 320
#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 300
2524
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		 1044
#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		 1046
#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE		 1030
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
2536 2537 2538
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228
#define SSL_R_SSL_HANDSHAKE_FAILURE			 229
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230
2539 2540
#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED		 301
#define SSL_R_SSL_SESSION_ID_CONFLICT			 302
B
Ben Laurie 已提交
2541
#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273
2542
#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH		 303
2543
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231
2544 2545 2546 2547
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
U
Ulf Möller 已提交
2548
#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060
2549 2550 2551 2552 2553 2554
#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048
U
Ulf Möller 已提交
2555
#define SSL_R_TLSV1_ALERT_USER_CANCELLED		 1090
2556 2557 2558 2559 2560
#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE		 1114
#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE	 1113
#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE		 1111
#define SSL_R_TLSV1_UNRECOGNIZED_NAME			 1112
#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION		 1110
2561
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232
D
Dr. Stephen Henson 已提交
2562 2563
#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT		 365
#define SSL_R_TLS_HEARTBEAT_PENDING			 366
B
Ben Laurie 已提交
2564
#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL		 367
2565
#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST		 157
2566 2567 2568 2569
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 234
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 235
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 236
2570
#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS		 313
2571 2572
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 237
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 238
2573
#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS		 314
2574 2575 2576 2577 2578 2579 2580
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 239
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 240
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 241
#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 242
#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243
#define SSL_R_UNEXPECTED_MESSAGE			 244
#define SSL_R_UNEXPECTED_RECORD				 245
2581
#define SSL_R_UNINITIALIZED				 276
2582 2583 2584 2585
#define SSL_R_UNKNOWN_ALERT_TYPE			 246
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247
#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248
#define SSL_R_UNKNOWN_CIPHER_TYPE			 249
D
Dr. Stephen Henson 已提交
2586
#define SSL_R_UNKNOWN_DIGEST				 368
2587 2588 2589 2590 2591 2592
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250
#define SSL_R_UNKNOWN_PKEY_TYPE				 251
#define SSL_R_UNKNOWN_PROTOCOL				 252
#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253
#define SSL_R_UNKNOWN_SSL_VERSION			 254
#define SSL_R_UNKNOWN_STATE				 255
2593
#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED	 338
2594 2595
#define SSL_R_UNSUPPORTED_CIPHER			 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257
B
Bodo Möller 已提交
2596
#define SSL_R_UNSUPPORTED_DIGEST_TYPE			 326
2597
#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE		 315
2598 2599
#define SSL_R_UNSUPPORTED_PROTOCOL			 258
#define SSL_R_UNSUPPORTED_SSL_VERSION			 259
2600
#define SSL_R_UNSUPPORTED_STATUS_TYPE			 329
D
Dr. Stephen Henson 已提交
2601
#define SSL_R_USE_SRTP_NOT_NEGOTIATED			 369
2602 2603 2604 2605 2606 2607
#define SSL_R_WRITE_BIO_NOT_SET				 260
#define SSL_R_WRONG_CIPHER_RETURNED			 261
#define SSL_R_WRONG_MESSAGE_TYPE			 262
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263
#define SSL_R_WRONG_SIGNATURE_LENGTH			 264
#define SSL_R_WRONG_SIGNATURE_SIZE			 265
D
Dr. Stephen Henson 已提交
2608
#define SSL_R_WRONG_SIGNATURE_TYPE			 370
2609 2610 2611 2612
#define SSL_R_WRONG_SSL_VERSION				 266
#define SSL_R_WRONG_VERSION_NUMBER			 267
#define SSL_R_X509_LIB					 268
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269
D
Dr. Stephen Henson 已提交
2613

2614 2615 2616 2617
#ifdef  __cplusplus
}
#endif
#endif