summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl.h117
1 files changed, 83 insertions, 34 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index fbe4f667fa..f29f775347 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -123,8 +123,9 @@ extern "C" {
123#define SSL_TXT_MD5 "MD5" 123#define SSL_TXT_MD5 "MD5"
124#define SSL_TXT_SHA1 "SHA1" 124#define SSL_TXT_SHA1 "SHA1"
125#define SSL_TXT_SHA "SHA" 125#define SSL_TXT_SHA "SHA"
126#define SSL_TXT_EXP40 "EXP" 126#define SSL_TXT_EXP "EXP"
127#define SSL_TXT_EXPORT "EXPORT" 127#define SSL_TXT_EXPORT "EXPORT"
128#define SSL_TXT_EXP40 "EXPORT40"
128#define SSL_TXT_EXP56 "EXPORT56" 129#define SSL_TXT_EXP56 "EXPORT56"
129#define SSL_TXT_SSLV2 "SSLv2" 130#define SSL_TXT_SSLV2 "SSLv2"
130#define SSL_TXT_SSLV3 "SSLv3" 131#define SSL_TXT_SSLV3 "SSLv3"
@@ -133,12 +134,7 @@ extern "C" {
133 134
134/* 'DEFAULT' at the start of the cipher list insert the following string 135/* 'DEFAULT' at the start of the cipher list insert the following string
135 * in addition to this being the default cipher string */ 136 * in addition to this being the default cipher string */
136#ifndef NO_RSA 137#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
137#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
138#else
139#define SSL_ALLOW_ADH
140#define SSL_DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP"
141#endif
142 138
143/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ 139/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
144#define SSL_SENT_SHUTDOWN 1 140#define SSL_SENT_SHUTDOWN 1
@@ -151,6 +147,10 @@ extern "C" {
151#include <openssl/pem.h> 147#include <openssl/pem.h>
152#include <openssl/x509.h> 148#include <openssl/x509.h>
153 149
150#if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2)
151#define NO_SSL2
152#endif
153
154#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 154#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
155#define SSL_FILETYPE_PEM X509_FILETYPE_PEM 155#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
156 156
@@ -166,8 +166,12 @@ typedef struct ssl_cipher_st
166 const char *name; /* text name */ 166 const char *name; /* text name */
167 unsigned long id; /* id, 4 bytes, first is version */ 167 unsigned long id; /* id, 4 bytes, first is version */
168 unsigned long algorithms; /* what ciphers are used */ 168 unsigned long algorithms; /* what ciphers are used */
169 unsigned long algo_strength; /* strength and export flags */
169 unsigned long algorithm2; /* Extra flags */ 170 unsigned long algorithm2; /* Extra flags */
171 int strength_bits; /* Number of bits really used */
172 int alg_bits; /* Number of bits for algorithm */
170 unsigned long mask; /* used for matching */ 173 unsigned long mask; /* used for matching */
174 unsigned long mask_strength; /* also used for matching */
171 } SSL_CIPHER; 175 } SSL_CIPHER;
172 176
173DECLARE_STACK_OF(SSL_CIPHER) 177DECLARE_STACK_OF(SSL_CIPHER)
@@ -201,6 +205,8 @@ typedef struct ssl_method_st
201 long (*get_timeout)(void); 205 long (*get_timeout)(void);
202 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ 206 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
203 int (*ssl_version)(); 207 int (*ssl_version)();
208 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)());
209 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)());
204 } SSL_METHOD; 210 } SSL_METHOD;
205 211
206/* Lets make this into an ASN.1 type structure as follows 212/* Lets make this into an ASN.1 type structure as follows
@@ -215,7 +221,8 @@ typedef struct ssl_method_st
215 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds 221 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
216 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate 222 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
217 * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context 223 * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
218 * Compression [5] IMPLICIT ASN1_OBJECT -- compression OID XXXXX 224 * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer'
225 * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
219 * } 226 * }
220 * Look in ssl/ssl_asn1.c for more details 227 * Look in ssl/ssl_asn1.c for more details
221 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). 228 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -249,6 +256,9 @@ typedef struct ssl_session_st
249 * (the latter is not enough as sess_cert is not retained 256 * (the latter is not enough as sess_cert is not retained
250 * in the external representation of sessions, see ssl_asn1.c). */ 257 * in the external representation of sessions, see ssl_asn1.c). */
251 X509 *peer; 258 X509 *peer;
259 /* when app_verify_callback accepts a session where the peer's certificate
260 * is not ok, we must remember the error for session reuse: */
261 long verify_result; /* only for servers */
252 262
253 int references; 263 int references;
254 long timeout; 264 long timeout;
@@ -291,6 +301,7 @@ typedef struct ssl_session_st
291#define SSL_OP_PKCS1_CHECK_1 0x08000000L 301#define SSL_OP_PKCS1_CHECK_1 0x08000000L
292#define SSL_OP_PKCS1_CHECK_2 0x10000000L 302#define SSL_OP_PKCS1_CHECK_2 0x10000000L
293#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 303#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
304/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
294#define SSL_OP_NON_EXPORT_FIRST 0x40000000L 305#define SSL_OP_NON_EXPORT_FIRST 0x40000000L
295#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L 306#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
296#define SSL_OP_ALL 0x000FFFFFL 307#define SSL_OP_ALL 0x000FFFFFL
@@ -355,9 +366,9 @@ struct ssl_ctx_st
355 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 366 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
356 367
357 struct x509_store_st /* X509_STORE */ *cert_store; 368 struct x509_store_st /* X509_STORE */ *cert_store;
358 struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSION's */ 369 struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
359 /* Most session-ids that will be cached, default is 370 /* Most session-ids that will be cached, default is
360 * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */ 371 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
361 unsigned long session_cache_size; 372 unsigned long session_cache_size;
362 struct ssl_session_st *session_cache_head; 373 struct ssl_session_st *session_cache_head;
363 struct ssl_session_st *session_cache_tail; 374 struct ssl_session_st *session_cache_tail;
@@ -424,6 +435,9 @@ struct ssl_ctx_st
424/**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 435/**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
425/**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); 436/**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
426 437
438 int purpose; /* Purpose setting */
439 int trust; /* Trust setting */
440
427 /* Default password callback. */ 441 /* Default password callback. */
428/**/ pem_password_cb *default_passwd_callback; 442/**/ pem_password_cb *default_passwd_callback;
429 443
@@ -433,7 +447,7 @@ struct ssl_ctx_st
433 /* get client cert callback */ 447 /* get client cert callback */
434/**/ int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */); 448/**/ int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
435 449
436 /* what we put in client requests */ 450 /* what we put in client cert requests */
437 STACK_OF(X509_NAME) *client_CA; 451 STACK_OF(X509_NAME) *client_CA;
438 452
439/**/ int quiet_shutdown; 453/**/ int quiet_shutdown;
@@ -458,6 +472,7 @@ struct ssl_ctx_st
458 * defined, this will still get called. */ 472 * defined, this will still get called. */
459#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 473#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
460 474
475 struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
461#define SSL_CTX_sess_number(ctx) \ 476#define SSL_CTX_sess_number(ctx) \
462 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) 477 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
463#define SSL_CTX_sess_connect(ctx) \ 478#define SSL_CTX_sess_connect(ctx) \
@@ -564,17 +579,21 @@ struct ssl_st
564 unsigned char *packet; 579 unsigned char *packet;
565 unsigned int packet_length; 580 unsigned int packet_length;
566 581
567 struct ssl2_ctx_st *s2; /* SSLv2 variables */ 582 struct ssl2_state_st *s2; /* SSLv2 variables */
568 struct ssl3_ctx_st *s3; /* SSLv3 variables */ 583 struct ssl3_state_st *s3; /* SSLv3 variables */
569 584
570 int read_ahead; /* Read as many input bytes as possible */ 585 int read_ahead; /* Read as many input bytes as possible
586 * (for non-blocking reads) */
571 int hit; /* reusing a previous session */ 587 int hit; /* reusing a previous session */
572 588
589 int purpose; /* Purpose setting */
590 int trust; /* Trust setting */
591
573 /* crypto */ 592 /* crypto */
574 STACK_OF(SSL_CIPHER) *cipher_list; 593 STACK_OF(SSL_CIPHER) *cipher_list;
575 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 594 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
576 595
577 /* These are the ones being used, the ones is SSL_SESSION are 596 /* These are the ones being used, the ones in SSL_SESSION are
578 * the ones to be 'copied' into these ones */ 597 * the ones to be 'copied' into these ones */
579 598
580 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 599 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
@@ -634,7 +653,7 @@ struct ssl_st
634 unsigned long mode; /* API behaviour */ 653 unsigned long mode; /* API behaviour */
635 int first_packet; 654 int first_packet;
636 int client_version; /* what was passed, used for 655 int client_version; /* what was passed, used for
637 * SSLv3/TLS rolback check */ 656 * SSLv3/TLS rollback check */
638 }; 657 };
639 658
640#include <openssl/ssl2.h> 659#include <openssl/ssl2.h>
@@ -642,7 +661,7 @@ struct ssl_st
642#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ 661#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
643#include <openssl/ssl23.h> 662#include <openssl/ssl23.h>
644 663
645/* compatablity */ 664/* compatibility */
646#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) 665#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
647#define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) 666#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
648#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) 667#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
@@ -651,7 +670,7 @@ struct ssl_st
651#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) 670#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
652 671
653/* The following are the possible values for ssl->state are are 672/* The following are the possible values for ssl->state are are
654 * used to indicate where we are upto in the SSL connection establishment. 673 * used to indicate where we are up to in the SSL connection establishment.
655 * The macros that follow are about the only things you should need to use 674 * The macros that follow are about the only things you should need to use
656 * and even then, only when using non-blocking IO. 675 * and even then, only when using non-blocking IO.
657 * It can also be useful to work out where you were when the connection 676 * It can also be useful to work out where you were when the connection
@@ -693,6 +712,13 @@ struct ssl_st
693#define SSL_ST_READ_BODY 0xF1 712#define SSL_ST_READ_BODY 0xF1
694#define SSL_ST_READ_DONE 0xF2 713#define SSL_ST_READ_DONE 0xF2
695 714
715/* Obtain latest Finished message
716 * -- that we sent (SSL_get_finished)
717 * -- that we expected from peer (SSL_get_peer_finished).
718 * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
719size_t SSL_get_finished(SSL *s, void *buf, size_t count);
720size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
721
696/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options 722/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
697 * are 'ored' with SSL_VERIFY_PEER if they are desired */ 723 * are 'ored' with SSL_VERIFY_PEER if they are desired */
698#define SSL_VERIFY_NONE 0x00 724#define SSL_VERIFY_NONE 0x00
@@ -700,9 +726,10 @@ struct ssl_st
700#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 726#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
701#define SSL_VERIFY_CLIENT_ONCE 0x04 727#define SSL_VERIFY_CLIENT_ONCE 0x04
702 728
729#define OpenSSL_add_ssl_algorithms() SSL_library_init()
703#define SSLeay_add_ssl_algorithms() SSL_library_init() 730#define SSLeay_add_ssl_algorithms() SSL_library_init()
704 731
705/* this is for backward compatablility */ 732/* this is for backward compatibility */
706#if 0 /* NEW_SSLEAY */ 733#if 0 /* NEW_SSLEAY */
707#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) 734#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
708#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) 735#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
@@ -710,7 +737,7 @@ struct ssl_st
710#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) 737#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
711#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) 738#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
712#endif 739#endif
713/* More backward compatablity */ 740/* More backward compatibility */
714#define SSL_get_cipher(s) \ 741#define SSL_get_cipher(s) \
715 SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 742 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
716#define SSL_get_cipher_bits(s,np) \ 743#define SSL_get_cipher_bits(s,np) \
@@ -762,11 +789,11 @@ struct ssl_st
762#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ 789#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
763#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ 790#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
764#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR 791#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
765#define SSL_AD_EXPORT_RESTRICION TLS1_AD_EXPORT_RESTRICION/* fatal */ 792#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
766#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ 793#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
767#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ 794#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
768#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ 795#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
769#define SSL_AD_USER_CANCLED TLS1_AD_USER_CANCLED 796#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
770#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION 797#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
771 798
772#define SSL_ERROR_NONE 0 799#define SSL_ERROR_NONE 0
@@ -867,7 +894,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
867 894
868#endif 895#endif
869 896
870int SSL_CTX_set_cipher_list(SSL_CTX *,char *str); 897int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
871SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); 898SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
872void SSL_CTX_free(SSL_CTX *); 899void SSL_CTX_free(SSL_CTX *);
873long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); 900long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
@@ -899,7 +926,7 @@ void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
899BIO * SSL_get_rbio(SSL *s); 926BIO * SSL_get_rbio(SSL *s);
900BIO * SSL_get_wbio(SSL *s); 927BIO * SSL_get_wbio(SSL *s);
901#endif 928#endif
902int SSL_set_cipher_list(SSL *s, char *str); 929int SSL_set_cipher_list(SSL *s, const char *str);
903void SSL_set_read_ahead(SSL *s, int yes); 930void SSL_set_read_ahead(SSL *s, int yes);
904int SSL_get_verify_mode(SSL *s); 931int SSL_get_verify_mode(SSL *s);
905int SSL_get_verify_depth(SSL *s); 932int SSL_get_verify_depth(SSL *s);
@@ -998,6 +1025,12 @@ int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
998SSL * SSL_new(SSL_CTX *ctx); 1025SSL * SSL_new(SSL_CTX *ctx);
999int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, 1026int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
1000 unsigned int sid_ctx_len); 1027 unsigned int sid_ctx_len);
1028
1029int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
1030int SSL_set_purpose(SSL *s, int purpose);
1031int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1032int SSL_set_trust(SSL *s, int trust);
1033
1001void SSL_free(SSL *ssl); 1034void SSL_free(SSL *ssl);
1002int SSL_accept(SSL *ssl); 1035int SSL_accept(SSL *ssl);
1003int SSL_connect(SSL *ssl); 1036int SSL_connect(SSL *ssl);
@@ -1005,10 +1038,12 @@ int SSL_read(SSL *ssl,char *buf,int num);
1005int SSL_peek(SSL *ssl,char *buf,int num); 1038int SSL_peek(SSL *ssl,char *buf,int num);
1006int SSL_write(SSL *ssl,const char *buf,int num); 1039int SSL_write(SSL *ssl,const char *buf,int num);
1007long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); 1040long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
1041long SSL_callback_ctrl(SSL *, int, void (*)());
1008long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg); 1042long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
1043long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)());
1009 1044
1010int SSL_get_error(SSL *s,int ret_code); 1045int SSL_get_error(SSL *s,int ret_code);
1011char * SSL_get_version(SSL *s); 1046const char *SSL_get_version(SSL *s);
1012 1047
1013/* This sets the 'default' SSL version that SSL_new() will create */ 1048/* This sets the 'default' SSL version that SSL_new() will create */
1014int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); 1049int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
@@ -1074,7 +1109,9 @@ int SSL_version(SSL *ssl);
1074int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); 1109int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1075int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 1110int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1076 const char *CApath); 1111 const char *CApath);
1112#define SSL_get0_session SSL_get_session /* just peek at pointer */
1077SSL_SESSION *SSL_get_session(SSL *ssl); 1113SSL_SESSION *SSL_get_session(SSL *ssl);
1114SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
1078SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); 1115SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
1079void SSL_set_info_callback(SSL *ssl,void (*cb)()); 1116void SSL_set_info_callback(SSL *ssl,void (*cb)());
1080void (*SSL_get_info_callback(SSL *ssl))(); 1117void (*SSL_get_info_callback(SSL *ssl))();
@@ -1085,18 +1122,18 @@ long SSL_get_verify_result(SSL *ssl);
1085 1122
1086int SSL_set_ex_data(SSL *ssl,int idx,void *data); 1123int SSL_set_ex_data(SSL *ssl,int idx,void *data);
1087void *SSL_get_ex_data(SSL *ssl,int idx); 1124void *SSL_get_ex_data(SSL *ssl,int idx);
1088int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(), 1125int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1089 int (*dup_func)(), void (*free_func)()); 1126 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1090 1127
1091int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); 1128int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
1092void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx); 1129void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
1093int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(), 1130int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1094 int (*dup_func)(), void (*free_func)()); 1131 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1095 1132
1096int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); 1133int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
1097void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx); 1134void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
1098int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), 1135int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1099 int (*dup_func)(), void (*free_func)()); 1136 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1100 1137
1101int SSL_get_ex_data_X509_STORE_CTX_idx(void ); 1138int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1102 1139
@@ -1219,13 +1256,18 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1219#define SSL_F_SSL_CERT_INSTANTIATE 214 1256#define SSL_F_SSL_CERT_INSTANTIATE 214
1220#define SSL_F_SSL_CERT_NEW 162 1257#define SSL_F_SSL_CERT_NEW 162
1221#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 1258#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1259#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
1260#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
1222#define SSL_F_SSL_CLEAR 164 1261#define SSL_F_SSL_CLEAR 164
1223#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 1262#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
1224#define SSL_F_SSL_CREATE_CIPHER_LIST 166 1263#define SSL_F_SSL_CREATE_CIPHER_LIST 166
1264#define SSL_F_SSL_CTRL 232
1225#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 1265#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1226#define SSL_F_SSL_CTX_NEW 169 1266#define SSL_F_SSL_CTX_NEW 169
1267#define SSL_F_SSL_CTX_SET_PURPOSE 226
1227#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 1268#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1228#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 1269#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
1270#define SSL_F_SSL_CTX_SET_TRUST 229
1229#define SSL_F_SSL_CTX_USE_CERTIFICATE 171 1271#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
1230#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 1272#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
1231#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 1273#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
@@ -1253,9 +1295,11 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1253#define SSL_F_SSL_SET_CERT 191 1295#define SSL_F_SSL_SET_CERT 191
1254#define SSL_F_SSL_SET_FD 192 1296#define SSL_F_SSL_SET_FD 192
1255#define SSL_F_SSL_SET_PKEY 193 1297#define SSL_F_SSL_SET_PKEY 193
1298#define SSL_F_SSL_SET_PURPOSE 227
1256#define SSL_F_SSL_SET_RFD 194 1299#define SSL_F_SSL_SET_RFD 194
1257#define SSL_F_SSL_SET_SESSION 195 1300#define SSL_F_SSL_SET_SESSION 195
1258#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 1301#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
1302#define SSL_F_SSL_SET_TRUST 228
1259#define SSL_F_SSL_SET_WFD 196 1303#define SSL_F_SSL_SET_WFD 196
1260#define SSL_F_SSL_SHUTDOWN 224 1304#define SSL_F_SSL_SHUTDOWN 224
1261#define SSL_F_SSL_UNDEFINED_FUNCTION 197 1305#define SSL_F_SSL_UNDEFINED_FUNCTION 197
@@ -1282,7 +1326,6 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1282#define SSL_R_BAD_AUTHENTICATION_TYPE 102 1326#define SSL_R_BAD_AUTHENTICATION_TYPE 102
1283#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 1327#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
1284#define SSL_R_BAD_CHECKSUM 104 1328#define SSL_R_BAD_CHECKSUM 104
1285#define SSL_R_BAD_CLIENT_REQUEST 105
1286#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 1329#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
1287#define SSL_R_BAD_DECOMPRESSION 107 1330#define SSL_R_BAD_DECOMPRESSION 107
1288#define SSL_R_BAD_DH_G_LENGTH 108 1331#define SSL_R_BAD_DH_G_LENGTH 108
@@ -1290,6 +1333,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1290#define SSL_R_BAD_DH_P_LENGTH 110 1333#define SSL_R_BAD_DH_P_LENGTH 110
1291#define SSL_R_BAD_DIGEST_LENGTH 111 1334#define SSL_R_BAD_DIGEST_LENGTH 111
1292#define SSL_R_BAD_DSA_SIGNATURE 112 1335#define SSL_R_BAD_DSA_SIGNATURE 112
1336#define SSL_R_BAD_HELLO_REQUEST 105
1293#define SSL_R_BAD_LENGTH 271 1337#define SSL_R_BAD_LENGTH 271
1294#define SSL_R_BAD_MAC_DECODE 113 1338#define SSL_R_BAD_MAC_DECODE 113
1295#define SSL_R_BAD_MESSAGE_TYPE 114 1339#define SSL_R_BAD_MESSAGE_TYPE 114
@@ -1329,6 +1373,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1329#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 1373#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
1330#define SSL_R_DIGEST_CHECK_FAILED 149 1374#define SSL_R_DIGEST_CHECK_FAILED 149
1331#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 1375#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
1376#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092
1332#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 1377#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
1333#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 1378#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
1334#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 1379#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
@@ -1337,6 +1382,9 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1337#define SSL_R_HTTP_REQUEST 156 1382#define SSL_R_HTTP_REQUEST 156
1338#define SSL_R_INTERNAL_ERROR 157 1383#define SSL_R_INTERNAL_ERROR 157
1339#define SSL_R_INVALID_CHALLENGE_LENGTH 158 1384#define SSL_R_INVALID_CHALLENGE_LENGTH 158
1385#define SSL_R_INVALID_COMMAND 280
1386#define SSL_R_INVALID_PURPOSE 278
1387#define SSL_R_INVALID_TRUST 279
1340#define SSL_R_LENGTH_MISMATCH 159 1388#define SSL_R_LENGTH_MISMATCH 159
1341#define SSL_R_LENGTH_TOO_SHORT 160 1389#define SSL_R_LENGTH_TOO_SHORT 160
1342#define SSL_R_LIBRARY_BUG 274 1390#define SSL_R_LIBRARY_BUG 274
@@ -1429,14 +1477,14 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1429#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 1477#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
1430#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 1478#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
1431#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 1479#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
1432#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION 1060 1480#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
1433#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 1481#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
1434#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 1482#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
1435#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 1483#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
1436#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 1484#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
1437#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 1485#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
1438#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 1486#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
1439#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090 1487#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
1440#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 1488#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
1441#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 1489#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
1442#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 1490#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
@@ -1464,6 +1512,7 @@ int SSL_COMP_add_compression_method(int id,char *cm);
1464#define SSL_R_UNKNOWN_STATE 255 1512#define SSL_R_UNKNOWN_STATE 255
1465#define SSL_R_UNSUPPORTED_CIPHER 256 1513#define SSL_R_UNSUPPORTED_CIPHER 256
1466#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 1514#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
1515#define SSL_R_UNSUPPORTED_OPTION 1091
1467#define SSL_R_UNSUPPORTED_PROTOCOL 258 1516#define SSL_R_UNSUPPORTED_PROTOCOL 258
1468#define SSL_R_UNSUPPORTED_SSL_VERSION 259 1517#define SSL_R_UNSUPPORTED_SSL_VERSION 259
1469#define SSL_R_WRITE_BIO_NOT_SET 260 1518#define SSL_R_WRITE_BIO_NOT_SET 260
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 10:03:30 +0000