diff options
| author | guenther <> | 2014-04-20 12:48:19 +0000 |
|---|---|---|
| committer | guenther <> | 2014-04-20 12:48:19 +0000 |
| commit | 71d6ded93deb4d1edc464874b5359ece0ef857d2 (patch) | |
| tree | cca6edfc57a2953a5fb440052243f46cd8d7eb12 /src/lib/libssl/ssl.h | |
| parent | 4b4a5d4b04e0ebd28c425210967942e4fa5d834c (diff) | |
| download | openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.gz openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.tar.bz2 openbsd-71d6ded93deb4d1edc464874b5359ece0ef857d2.zip | |
Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.
APIs that pass times as longs will have to change at some point...
Bump major on both libcrypto and libssl.
ok tedu@
Diffstat (limited to 'src/lib/libssl/ssl.h')
| -rw-r--r-- | src/lib/libssl/ssl.h | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index f3ca8c5c4e..3624bdcccd 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -399,7 +399,7 @@ struct ssl_cipher_st { | |||
| 399 | }; | 399 | }; |
| 400 | 400 | ||
| 401 | 401 | ||
| 402 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ | 402 | /* Used to hold functions for SSLv3/TLSv1 functions */ |
| 403 | struct ssl_method_st { | 403 | struct ssl_method_st { |
| 404 | int version; | 404 | int version; |
| 405 | int (*ssl_new)(SSL *s); | 405 | int (*ssl_new)(SSL *s); |
| @@ -442,7 +442,6 @@ struct ssl_method_st { | |||
| 442 | * Session_ID OCTET STRING, -- the Session ID | 442 | * Session_ID OCTET STRING, -- the Session ID |
| 443 | * Master_key OCTET STRING, -- the master key | 443 | * Master_key OCTET STRING, -- the master key |
| 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal | 444 | * KRB5_principal OCTET STRING -- optional Kerberos principal |
| 445 | * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument | ||
| 446 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time | 445 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time |
| 447 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds | 446 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds |
| 448 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate | 447 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate |
| @@ -463,9 +462,6 @@ struct ssl_session_st { | |||
| 463 | int ssl_version; /* what ssl version session info is | 462 | int ssl_version; /* what ssl version session info is |
| 464 | * being kept in here? */ | 463 | * being kept in here? */ |
| 465 | 464 | ||
| 466 | /* only really used in SSLv2 */ | ||
| 467 | unsigned int key_arg_length; | ||
| 468 | unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; | ||
| 469 | int master_key_length; | 465 | int master_key_length; |
| 470 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; | 466 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; |
| 471 | /* session_id - valid? */ | 467 | /* session_id - valid? */ |
| @@ -502,9 +498,9 @@ struct ssl_session_st { | |||
| 502 | * is not ok, we must remember the error for session reuse: */ | 498 | * is not ok, we must remember the error for session reuse: */ |
| 503 | long verify_result; /* only for servers */ | 499 | long verify_result; /* only for servers */ |
| 504 | 500 | ||
| 505 | int references; | ||
| 506 | long timeout; | 501 | long timeout; |
| 507 | long time; | 502 | time_t time; |
| 503 | int references; | ||
| 508 | 504 | ||
| 509 | unsigned int compress_meth; /* Need to lookup the method */ | 505 | unsigned int compress_meth; /* Need to lookup the method */ |
| 510 | 506 | ||
| @@ -845,9 +841,8 @@ struct ssl_ctx_st { | |||
| 845 | 841 | ||
| 846 | CRYPTO_EX_DATA ex_data; | 842 | CRYPTO_EX_DATA ex_data; |
| 847 | 843 | ||
| 848 | const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ | ||
| 849 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | 844 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ |
| 850 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ | 845 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ |
| 851 | 846 | ||
| 852 | STACK_OF(X509) *extra_certs; | 847 | STACK_OF(X509) *extra_certs; |
| 853 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ | 848 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ |
| @@ -1155,7 +1150,6 @@ struct ssl_st { | |||
| 1155 | unsigned char *packet; | 1150 | unsigned char *packet; |
| 1156 | unsigned int packet_length; | 1151 | unsigned int packet_length; |
| 1157 | 1152 | ||
| 1158 | struct ssl2_state_st *s2; /* SSLv2 variables */ | ||
| 1159 | struct ssl3_state_st *s3; /* SSLv3 variables */ | 1153 | struct ssl3_state_st *s3; /* SSLv3 variables */ |
| 1160 | struct dtls1_state_st *d1; /* DTLSv1 variables */ | 1154 | struct dtls1_state_st *d1; /* DTLSv1 variables */ |
| 1161 | 1155 | ||
| @@ -1828,9 +1822,9 @@ const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ | |||
| 1828 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ | 1822 | const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ |
| 1829 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ | 1823 | const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ |
| 1830 | 1824 | ||
| 1831 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ | 1825 | const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */ |
| 1832 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ | 1826 | const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */ |
| 1833 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ | 1827 | const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */ |
| 1834 | 1828 | ||
| 1835 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | 1829 | const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ |
| 1836 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | 1830 | const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ |