Import OpenSSL 1.0.1g

1 files changed, 18 insertions, 3 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 8b0c2a2dac..7219a0e64b 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -493,6 +493,9 @@ struct ssl_session_st
         char *psk_identity_hint;
         char *psk_identity;
 #endif
+        /* Used to indicate that session resumption is not allowed.
+         * Applications can also set this bit for a new session via
+         * not_resumable_session_cb to disable session caching and tickets. */
         int not_resumable;
 
         /* The cert is the certificate used to establish this connection */
@@ -535,7 +538,7 @@ struct ssl_session_st
 #endif /* OPENSSL_NO_EC */
         /* RFC4507 info */
         unsigned char *tlsext_tick;     /* Session ticket */
-        size_t  tlsext_ticklen;         /* Session ticket length */     
+        size_t tlsext_ticklen;          /* Session ticket length */
         long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
 #endif
 #ifndef OPENSSL_NO_SRP
@@ -552,11 +555,14 @@ struct ssl_session_st
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040L
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
 #define SSL_OP_TLS_D5_BUG                               0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
 
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
+
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
  * the workaround is not needed.  Unfortunately some broken SSL/TLS
@@ -638,6 +644,12 @@ struct ssl_session_st
  * TLS only.)  "Released" buffers are put onto a free-list in the context
  * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+/* Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */
@@ -903,7 +915,7 @@ struct ssl_ctx_st
          */
         unsigned int max_send_fragment;
 
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
         /* Engine to pass requests for client certs to
          */
         ENGINE *client_cert_engine;
@@ -927,6 +939,7 @@ struct ssl_ctx_st
         /* Callback for status request */
         int (*tlsext_status_cb)(SSL *ssl, void *arg);
         void *tlsext_status_arg;
+
         /* draft-rescorla-tls-opaque-prf-input-00.txt information */
         int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
         void *tlsext_opaque_prf_input_callback_arg;
@@ -952,6 +965,7 @@ struct ssl_ctx_st
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
+
 # ifndef OPENSSL_NO_NEXTPROTONEG
         /* Next protocol negotiation information */
         /* (for experimental NPN extension). */
@@ -2206,6 +2220,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_GET_NEW_SESSION                        181
 #define SSL_F_SSL_GET_PREV_SESSION                       217
 #define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
+#define SSL_F_SSL_GET_SERVER_SEND_PKEY                   317
 #define SSL_F_SSL_GET_SIGN_PKEY                          183
 #define SSL_F_SSL_INIT_WBIO_BUFFER                       184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185