summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl.h')
-rw-r--r--src/lib/libssl/ssl.h507
1 files changed, 250 insertions, 257 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index bf4b2f2cb6..97e4a3f96c 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -260,9 +260,9 @@ extern "C" {
260#define SSL_TXT_aKRB5 "aKRB5" 260#define SSL_TXT_aKRB5 "aKRB5"
261#define SSL_TXT_aECDSA "aECDSA" 261#define SSL_TXT_aECDSA "aECDSA"
262#define SSL_TXT_aPSK "aPSK" 262#define SSL_TXT_aPSK "aPSK"
263#define SSL_TXT_aGOST94 "aGOST94" 263#define SSL_TXT_aGOST94 "aGOST94"
264#define SSL_TXT_aGOST01 "aGOST01" 264#define SSL_TXT_aGOST01 "aGOST01"
265#define SSL_TXT_aGOST "aGOST" 265#define SSL_TXT_aGOST "aGOST"
266 266
267#define SSL_TXT_DSS "DSS" 267#define SSL_TXT_DSS "DSS"
268#define SSL_TXT_DH "DH" 268#define SSL_TXT_DH "DH"
@@ -369,23 +369,22 @@ typedef struct ssl_session_st SSL_SESSION;
369DECLARE_STACK_OF(SSL_CIPHER) 369DECLARE_STACK_OF(SSL_CIPHER)
370 370
371/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ 371/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
372typedef struct srtp_protection_profile_st 372typedef struct srtp_protection_profile_st {
373 { 373 const char *name;
374 const char *name; 374 unsigned long id;
375 unsigned long id; 375} SRTP_PROTECTION_PROFILE;
376 } SRTP_PROTECTION_PROFILE;
377 376
378DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) 377DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
379 378
380typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg); 379typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
381typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); 380 int len, void *arg);
382 381typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
382 STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
383 383
384#ifndef OPENSSL_NO_SSL_INTERN 384#ifndef OPENSSL_NO_SSL_INTERN
385 385
386/* used to hold info on the particular ciphers used */ 386/* used to hold info on the particular ciphers used */
387struct ssl_cipher_st 387struct ssl_cipher_st {
388 {
389 int valid; 388 int valid;
390 const char *name; /* text name */ 389 const char *name; /* text name */
391 unsigned long id; /* id, 4 bytes, first is version */ 390 unsigned long id; /* id, 4 bytes, first is version */
@@ -401,34 +400,33 @@ struct ssl_cipher_st
401 unsigned long algorithm2; /* Extra flags */ 400 unsigned long algorithm2; /* Extra flags */
402 int strength_bits; /* Number of bits really used */ 401 int strength_bits; /* Number of bits really used */
403 int alg_bits; /* Number of bits for algorithm */ 402 int alg_bits; /* Number of bits for algorithm */
404 }; 403};
405 404
406 405
407/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 406/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
408struct ssl_method_st 407struct ssl_method_st {
409 {
410 int version; 408 int version;
411 int (*ssl_new)(SSL *s); 409 int (*ssl_new)(SSL *s);
412 void (*ssl_clear)(SSL *s); 410 void (*ssl_clear)(SSL *s);
413 void (*ssl_free)(SSL *s); 411 void (*ssl_free)(SSL *s);
414 int (*ssl_accept)(SSL *s); 412 int (*ssl_accept)(SSL *s);
415 int (*ssl_connect)(SSL *s); 413 int (*ssl_connect)(SSL *s);
416 int (*ssl_read)(SSL *s,void *buf,int len); 414 int (*ssl_read)(SSL *s, void *buf, int len);
417 int (*ssl_peek)(SSL *s,void *buf,int len); 415 int (*ssl_peek)(SSL *s, void *buf, int len);
418 int (*ssl_write)(SSL *s,const void *buf,int len); 416 int (*ssl_write)(SSL *s, const void *buf, int len);
419 int (*ssl_shutdown)(SSL *s); 417 int (*ssl_shutdown)(SSL *s);
420 int (*ssl_renegotiate)(SSL *s); 418 int (*ssl_renegotiate)(SSL *s);
421 int (*ssl_renegotiate_check)(SSL *s); 419 int (*ssl_renegotiate_check)(SSL *s);
422 long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long 420 long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
423 max, int *ok); 421 long max, int *ok);
424 int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 422 int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
425 int peek); 423 int len, int peek);
426 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); 424 int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
427 int (*ssl_dispatch_alert)(SSL *s); 425 int (*ssl_dispatch_alert)(SSL *s);
428 long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); 426 long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
429 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); 427 long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
430 const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); 428 const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
431 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); 429 int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
432 int (*ssl_pending)(const SSL *s); 430 int (*ssl_pending)(const SSL *s);
433 int (*num_ciphers)(void); 431 int (*num_ciphers)(void);
434 const SSL_CIPHER *(*get_cipher)(unsigned ncipher); 432 const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
@@ -438,7 +436,7 @@ struct ssl_method_st
438 int (*ssl_version)(void); 436 int (*ssl_version)(void);
439 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); 437 long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
440 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); 438 long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
441 }; 439};
442 440
443/* Lets make this into an ASN.1 type structure as follows 441/* Lets make this into an ASN.1 type structure as follows
444 * SSL_SESSION_ID ::= SEQUENCE { 442 * SSL_SESSION_ID ::= SEQUENCE {
@@ -465,8 +463,7 @@ struct ssl_method_st
465 * Look in ssl/ssl_asn1.c for more details 463 * Look in ssl/ssl_asn1.c for more details
466 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). 464 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
467 */ 465 */
468struct ssl_session_st 466struct ssl_session_st {
469 {
470 int ssl_version; /* what ssl version session info is 467 int ssl_version; /* what ssl version session info is
471 * being kept in here? */ 468 * being kept in here? */
472 469
@@ -485,8 +482,8 @@ struct ssl_session_st
485 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 482 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
486 483
487#ifndef OPENSSL_NO_KRB5 484#ifndef OPENSSL_NO_KRB5
488 unsigned int krb5_client_princ_len; 485 unsigned int krb5_client_princ_len;
489 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; 486 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
490#endif /* OPENSSL_NO_KRB5 */ 487#endif /* OPENSSL_NO_KRB5 */
491#ifndef OPENSSL_NO_PSK 488#ifndef OPENSSL_NO_PSK
492 char *psk_identity_hint; 489 char *psk_identity_hint;
@@ -526,7 +523,7 @@ struct ssl_session_st
526 523
527 /* These are used to make removal of session-ids more 524 /* These are used to make removal of session-ids more
528 * efficient and to implement a maximum cache size. */ 525 * efficient and to implement a maximum cache size. */
529 struct ssl_session_st *prev,*next; 526 struct ssl_session_st *prev, *next;
530#ifndef OPENSSL_NO_TLSEXT 527#ifndef OPENSSL_NO_TLSEXT
531 char *tlsext_hostname; 528 char *tlsext_hostname;
532#ifndef OPENSSL_NO_EC 529#ifndef OPENSSL_NO_EC
@@ -543,7 +540,7 @@ struct ssl_session_st
543#ifndef OPENSSL_NO_SRP 540#ifndef OPENSSL_NO_SRP
544 char *srp_username; 541 char *srp_username;
545#endif 542#endif
546 }; 543};
547 544
548#endif 545#endif
549 546
@@ -684,8 +681,11 @@ struct ssl_session_st
684#define SSL_get_secure_renegotiation_support(ssl) \ 681#define SSL_get_secure_renegotiation_support(ssl) \
685 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) 682 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
686 683
687void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 684void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p,
688void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 685 int version, int content_type, const void *buf, size_t len, SSL *ssl,
686 void *arg));
687void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
688 int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
689#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 689#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
690#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 690#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
691 691
@@ -693,8 +693,7 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
693 693
694#ifndef OPENSSL_NO_SSL_INTERN 694#ifndef OPENSSL_NO_SSL_INTERN
695 695
696typedef struct srp_ctx_st 696typedef struct srp_ctx_st {
697 {
698 /* param for all the callbacks */ 697 /* param for all the callbacks */
699 void *SRP_cb_arg; 698 void *SRP_cb_arg;
700 /* set client Hello login callback */ 699 /* set client Hello login callback */
@@ -705,13 +704,13 @@ typedef struct srp_ctx_st
705 char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *); 704 char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
706 705
707 char *login; 706 char *login;
708 BIGNUM *N,*g,*s,*B,*A; 707 BIGNUM *N, *g, *s, *B, *A;
709 BIGNUM *a,*b,*v; 708 BIGNUM *a, *b, *v;
710 char *info; 709 char *info;
711 int strength; 710 int strength;
712 711
713 unsigned long srp_Mask; 712 unsigned long srp_Mask;
714 } SRP_CTX; 713} SRP_CTX;
715 714
716#endif 715#endif
717 716
@@ -721,9 +720,9 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
721int SSL_SRP_CTX_free(SSL *ctx); 720int SSL_SRP_CTX_free(SSL *ctx);
722int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); 721int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
723int SSL_srp_server_param_with_username(SSL *s, int *ad); 722int SSL_srp_server_param_with_username(SSL *s, int *ad);
724int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key); 723int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
725int SRP_Calc_A_param(SSL *s); 724int SRP_Calc_A_param(SSL *s);
726int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key); 725int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
727 726
728#endif 727#endif
729 728
@@ -745,14 +744,13 @@ int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
745 * returns in this case. It is also an error for the callback to set the size to 744 * returns in this case. It is also an error for the callback to set the size to
746 * zero. */ 745 * zero. */
747typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, 746typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
748 unsigned int *id_len); 747 unsigned int *id_len);
749 748
750typedef struct ssl_comp_st SSL_COMP; 749typedef struct ssl_comp_st SSL_COMP;
751 750
752#ifndef OPENSSL_NO_SSL_INTERN 751#ifndef OPENSSL_NO_SSL_INTERN
753 752
754struct ssl_comp_st 753struct ssl_comp_st {
755 {
756 int id; 754 int id;
757 const char *name; 755 const char *name;
758#ifndef OPENSSL_NO_COMP 756#ifndef OPENSSL_NO_COMP
@@ -760,13 +758,12 @@ struct ssl_comp_st
760#else 758#else
761 char *method; 759 char *method;
762#endif 760#endif
763 }; 761};
764 762
765DECLARE_STACK_OF(SSL_COMP) 763DECLARE_STACK_OF(SSL_COMP)
766DECLARE_LHASH_OF(SSL_SESSION); 764DECLARE_LHASH_OF(SSL_SESSION);
767 765
768struct ssl_ctx_st 766struct ssl_ctx_st {
769 {
770 const SSL_METHOD *method; 767 const SSL_METHOD *method;
771 768
772 STACK_OF(SSL_CIPHER) *cipher_list; 769 STACK_OF(SSL_CIPHER) *cipher_list;
@@ -801,13 +798,12 @@ struct ssl_ctx_st
801 * If remove_session_cb is not null, it will be called when 798 * If remove_session_cb is not null, it will be called when
802 * a session-id is removed from the cache. After the call, 799 * a session-id is removed from the cache. After the call,
803 * OpenSSL will SSL_SESSION_free() it. */ 800 * OpenSSL will SSL_SESSION_free() it. */
804 int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); 801 int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
805 void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); 802 void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
806 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, 803 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
807 unsigned char *data,int len,int *copy); 804 unsigned char *data, int len, int *copy);
808 805
809 struct 806 struct {
810 {
811 int sess_connect; /* SSL new conn - started */ 807 int sess_connect; /* SSL new conn - started */
812 int sess_connect_renegotiate;/* SSL reneg - requested */ 808 int sess_connect_renegotiate;/* SSL reneg - requested */
813 int sess_connect_good; /* SSL new conne/reneg - finished */ 809 int sess_connect_good; /* SSL new conne/reneg - finished */
@@ -824,7 +820,7 @@ struct ssl_ctx_st
824 * indicates that the application is 820 * indicates that the application is
825 * supplying session-id's from other 821 * supplying session-id's from other
826 * processes - spooky :-) */ 822 * processes - spooky :-) */
827 } stats; 823 } stats;
828 824
829 int references; 825 int references;
830 826
@@ -843,19 +839,19 @@ struct ssl_ctx_st
843 /* get client cert callback */ 839 /* get client cert callback */
844 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); 840 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
845 841
846 /* cookie generate callback */ 842 /* cookie generate callback */
847 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 843 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
848 unsigned int *cookie_len); 844 unsigned int *cookie_len);
849 845
850 /* verify cookie callback */ 846 /* verify cookie callback */
851 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 847 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
852 unsigned int cookie_len); 848 unsigned int cookie_len);
853 849
854 CRYPTO_EX_DATA ex_data; 850 CRYPTO_EX_DATA ex_data;
855 851
856 const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ 852 const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */
857 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ 853 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
858 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ 854 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
859 855
860 STACK_OF(X509) *extra_certs; 856 STACK_OF(X509) *extra_certs;
861 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ 857 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
@@ -879,7 +875,8 @@ struct ssl_ctx_st
879 int read_ahead; 875 int read_ahead;
880 876
881 /* callback that allows applications to peek at protocol messages */ 877 /* callback that allows applications to peek at protocol messages */
882 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); 878 void (*msg_callback)(int write_p, int version, int content_type,
879 const void *buf, size_t len, SSL *ssl, void *arg);
883 void *msg_callback_arg; 880 void *msg_callback_arg;
884 881
885 int verify_mode; 882 int verify_mode;
@@ -920,10 +917,8 @@ struct ssl_ctx_st
920 unsigned char tlsext_tick_hmac_key[16]; 917 unsigned char tlsext_tick_hmac_key[16];
921 unsigned char tlsext_tick_aes_key[16]; 918 unsigned char tlsext_tick_aes_key[16];
922 /* Callback to support customisation of ticket key setting */ 919 /* Callback to support customisation of ticket key setting */
923 int (*tlsext_ticket_key_cb)(SSL *ssl, 920 int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
924 unsigned char *name, unsigned char *iv, 921 unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
925 EVP_CIPHER_CTX *ectx,
926 HMAC_CTX *hctx, int enc);
927 922
928 /* certificate status request info */ 923 /* certificate status request info */
929 /* Callback for status request */ 924 /* Callback for status request */
@@ -931,17 +926,18 @@ struct ssl_ctx_st
931 void *tlsext_status_arg; 926 void *tlsext_status_arg;
932 927
933 /* draft-rescorla-tls-opaque-prf-input-00.txt information */ 928 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
934 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); 929 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput,
930 size_t len, void *arg);
935 void *tlsext_opaque_prf_input_callback_arg; 931 void *tlsext_opaque_prf_input_callback_arg;
936#endif 932#endif
937 933
938#ifndef OPENSSL_NO_PSK 934#ifndef OPENSSL_NO_PSK
939 char *psk_identity_hint; 935 char *psk_identity_hint;
940 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, 936 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
941 unsigned int max_identity_len, unsigned char *psk, 937 char *identity, unsigned int max_identity_len, unsigned char *psk,
942 unsigned int max_psk_len); 938 unsigned int max_psk_len);
943 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 939 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
944 unsigned char *psk, unsigned int max_psk_len); 940 unsigned char *psk, unsigned int max_psk_len);
945#endif 941#endif
946 942
947#ifndef OPENSSL_NO_BUF_FREELISTS 943#ifndef OPENSSL_NO_BUF_FREELISTS
@@ -963,21 +959,20 @@ struct ssl_ctx_st
963 /* For a server, this contains a callback function by which the set of 959 /* For a server, this contains a callback function by which the set of
964 * advertised protocols can be provided. */ 960 * advertised protocols can be provided. */
965 int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, 961 int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
966 unsigned int *len, void *arg); 962 unsigned int *len, void *arg);
967 void *next_protos_advertised_cb_arg; 963 void *next_protos_advertised_cb_arg;
968 /* For a client, this contains a callback function that selects the 964 /* For a client, this contains a callback function that selects the
969 * next protocol from the list provided by the server. */ 965 * next protocol from the list provided by the server. */
970 int (*next_proto_select_cb)(SSL *s, unsigned char **out, 966 int (*next_proto_select_cb)(SSL *s, unsigned char **out,
971 unsigned char *outlen, 967 unsigned char *outlen, const unsigned char *in,
972 const unsigned char *in, 968 unsigned int inlen, void *arg);
973 unsigned int inlen,
974 void *arg);
975 void *next_proto_select_cb_arg; 969 void *next_proto_select_cb_arg;
976# endif 970# endif
977 /* SRTP profiles we are willing to do from RFC 5764 */ 971 /* SRTP profiles we are willing to do from RFC 5764 */
978 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 972 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
973
979#endif 974#endif
980 }; 975};
981 976
982#endif 977#endif
983 978
@@ -1018,42 +1013,49 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
1018#define SSL_CTX_sess_cache_full(ctx) \ 1013#define SSL_CTX_sess_cache_full(ctx) \
1019 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) 1014 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
1020 1015
1021void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); 1016void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
1022int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); 1017 int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess));
1023void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); 1018int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
1024void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); 1019 SSL_SESSION *sess);
1025void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); 1020void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
1026SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); 1021 void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess));
1027void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); 1022void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
1028void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); 1023 SSL_SESSION *sess);
1029void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); 1024void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
1030int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); 1025 SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
1026 int len, int *copy));
1027SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
1028 unsigned char *Data, int len, int *copy);
1029void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
1030 int type, int val));
1031void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
1032 int val);
1033void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
1034 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
1035int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
1036 EVP_PKEY **pkey);
1031#ifndef OPENSSL_NO_ENGINE 1037#ifndef OPENSSL_NO_ENGINE
1032int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); 1038int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
1033#endif 1039#endif
1034void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); 1040void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
1035void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); 1041 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
1042 unsigned int *cookie_len));
1043void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
1044 int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
1045 unsigned int cookie_len));
1036#ifndef OPENSSL_NO_NEXTPROTONEG 1046#ifndef OPENSSL_NO_NEXTPROTONEG
1037void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, 1047void
1038 int (*cb) (SSL *ssl, 1048SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
1039 const unsigned char **out, 1049 const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
1040 unsigned int *outlen, 1050void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
1041 void *arg), 1051 unsigned char **out, unsigned char *outlen, const unsigned char *in,
1042 void *arg); 1052 unsigned int inlen, void *arg), void *arg);
1043void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
1044 int (*cb) (SSL *ssl,
1045 unsigned char **out,
1046 unsigned char *outlen,
1047 const unsigned char *in,
1048 unsigned int inlen,
1049 void *arg),
1050 void *arg);
1051 1053
1052int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 1054int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
1053 const unsigned char *in, unsigned int inlen, 1055 const unsigned char *in, unsigned int inlen, const unsigned char *client,
1054 const unsigned char *client, unsigned int client_len); 1056 unsigned int client_len);
1055void SSL_get0_next_proto_negotiated(const SSL *s, 1057void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
1056 const unsigned char **data, unsigned *len); 1058 unsigned *len);
1057 1059
1058#define OPENSSL_NPN_UNSUPPORTED 0 1060#define OPENSSL_NPN_UNSUPPORTED 0
1059#define OPENSSL_NPN_NEGOTIATED 1 1061#define OPENSSL_NPN_NEGOTIATED 1
@@ -1065,20 +1067,20 @@ void SSL_get0_next_proto_negotiated(const SSL *s,
1065 * resulting identity/psk */ 1067 * resulting identity/psk */
1066#define PSK_MAX_IDENTITY_LEN 128 1068#define PSK_MAX_IDENTITY_LEN 128
1067#define PSK_MAX_PSK_LEN 256 1069#define PSK_MAX_PSK_LEN 256
1068void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 1070void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
1069 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 1071 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
1070 char *identity, unsigned int max_identity_len, unsigned char *psk, 1072 char *identity, unsigned int max_identity_len, unsigned char *psk,
1071 unsigned int max_psk_len)); 1073 unsigned int max_psk_len));
1072void SSL_set_psk_client_callback(SSL *ssl, 1074void SSL_set_psk_client_callback(SSL *ssl,
1073 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 1075 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
1074 char *identity, unsigned int max_identity_len, unsigned char *psk, 1076 char *identity, unsigned int max_identity_len, unsigned char *psk,
1075 unsigned int max_psk_len)); 1077 unsigned int max_psk_len));
1076void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 1078void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
1077 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 1079 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1078 unsigned char *psk, unsigned int max_psk_len)); 1080 unsigned char *psk, unsigned int max_psk_len));
1079void SSL_set_psk_server_callback(SSL *ssl, 1081void SSL_set_psk_server_callback(SSL *ssl,
1080 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 1082 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1081 unsigned char *psk, unsigned int max_psk_len)); 1083 unsigned char *psk, unsigned int max_psk_len));
1082int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); 1084int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
1083int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); 1085int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
1084const char *SSL_get_psk_identity_hint(const SSL *s); 1086const char *SSL_get_psk_identity_hint(const SSL *s);
@@ -1101,8 +1103,7 @@ const char *SSL_get_psk_identity(const SSL *s);
1101 1103
1102#ifndef OPENSSL_NO_SSL_INTERN 1104#ifndef OPENSSL_NO_SSL_INTERN
1103 1105
1104struct ssl_st 1106struct ssl_st {
1105 {
1106 /* protocol version 1107 /* protocol version
1107 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) 1108 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
1108 */ 1109 */
@@ -1146,9 +1147,9 @@ struct ssl_st
1146 int server; /* are we the server side? - mostly used by SSL_clear*/ 1147 int server; /* are we the server side? - mostly used by SSL_clear*/
1147 1148
1148 int new_session;/* Generate a new session or reuse an old one. 1149 int new_session;/* Generate a new session or reuse an old one.
1149 * NB: For servers, the 'new' session may actually be a previously 1150 * NB: For servers, the 'new' session may actually be a previously
1150 * cached session or even the previous session unless 1151 * cached session or even the previous session unless
1151 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ 1152 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
1152 int quiet_shutdown;/* don't send shutdown packets */ 1153 int quiet_shutdown;/* don't send shutdown packets */
1153 int shutdown; /* we have shut things down, 0x01 sent, 0x02 1154 int shutdown; /* we have shut things down, 0x01 sent, 0x02
1154 * for received */ 1155 * for received */
@@ -1156,7 +1157,7 @@ struct ssl_st
1156 int rstate; /* where we are when reading */ 1157 int rstate; /* where we are when reading */
1157 1158
1158 BUF_MEM *init_buf; /* buffer used during init */ 1159 BUF_MEM *init_buf; /* buffer used during init */
1159 void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ 1160 void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
1160 int init_num; /* amount read/written */ 1161 int init_num; /* amount read/written */
1161 int init_off; /* amount read/written */ 1162 int init_off; /* amount read/written */
1162 1163
@@ -1169,10 +1170,11 @@ struct ssl_st
1169 struct dtls1_state_st *d1; /* DTLSv1 variables */ 1170 struct dtls1_state_st *d1; /* DTLSv1 variables */
1170 1171
1171 int read_ahead; /* Read as many input bytes as possible 1172 int read_ahead; /* Read as many input bytes as possible
1172 * (for non-blocking reads) */ 1173 * (for non-blocking reads) */
1173 1174
1174 /* callback that allows applications to peek at protocol messages */ 1175 /* callback that allows applications to peek at protocol messages */
1175 void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); 1176 void (*msg_callback)(int write_p, int version, int content_type,
1177 const void *buf, size_t len, SSL *ssl, void *arg);
1176 void *msg_callback_arg; 1178 void *msg_callback_arg;
1177 1179
1178 int hit; /* reusing a previous session */ 1180 int hit; /* reusing a previous session */
@@ -1190,9 +1192,10 @@ struct ssl_st
1190 1192
1191 /* These are the ones being used, the ones in SSL_SESSION are 1193 /* These are the ones being used, the ones in SSL_SESSION are
1192 * the ones to be 'copied' into these ones */ 1194 * the ones to be 'copied' into these ones */
1193 int mac_flags; 1195 int mac_flags;
1196
1194 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 1197 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
1195 EVP_MD_CTX *read_hash; /* used for mac generation */ 1198 EVP_MD_CTX *read_hash; /* used for mac generation */
1196#ifndef OPENSSL_NO_COMP 1199#ifndef OPENSSL_NO_COMP
1197 COMP_CTX *expand; /* uncompress */ 1200 COMP_CTX *expand; /* uncompress */
1198#else 1201#else
@@ -1200,11 +1203,12 @@ struct ssl_st
1200#endif 1203#endif
1201 1204
1202 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 1205 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
1203 EVP_MD_CTX *write_hash; /* used for mac generation */ 1206 EVP_MD_CTX *write_hash; /* used for mac generation */
1204#ifndef OPENSSL_NO_COMP 1207#ifndef OPENSSL_NO_COMP
1205 COMP_CTX *compress; /* compression */ 1208 COMP_CTX *compress; /* compression */
1206#else 1209#else
1207 char *compress; 1210 char *compress;
1211
1208#endif 1212#endif
1209 1213
1210 /* session info */ 1214 /* session info */
@@ -1235,21 +1239,22 @@ struct ssl_st
1235 int error_code; /* actual code */ 1239 int error_code; /* actual code */
1236 1240
1237#ifndef OPENSSL_NO_KRB5 1241#ifndef OPENSSL_NO_KRB5
1238 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ 1242 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
1239#endif /* OPENSSL_NO_KRB5 */ 1243#endif /* OPENSSL_NO_KRB5 */
1240 1244
1241#ifndef OPENSSL_NO_PSK 1245#ifndef OPENSSL_NO_PSK
1242 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, 1246 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
1243 unsigned int max_identity_len, unsigned char *psk, 1247 char *identity, unsigned int max_identity_len, unsigned char *psk,
1244 unsigned int max_psk_len); 1248 unsigned int max_psk_len);
1245 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, 1249 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1246 unsigned char *psk, unsigned int max_psk_len); 1250 unsigned char *psk, unsigned int max_psk_len);
1247#endif 1251#endif
1248 1252
1249 SSL_CTX *ctx; 1253 SSL_CTX *ctx;
1250 /* set this flag to 1 and a sleep(1) is put into all SSL_read() 1254 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
1251 * and SSL_write() calls, good for nbio debuging :-) */ 1255 * and SSL_write() calls, good for nbio debuging :-) */
1252 int debug; 1256 int debug;
1257
1253 1258
1254 /* extra application data */ 1259 /* extra application data */
1255 long verify_result; 1260 long verify_result;
@@ -1269,15 +1274,14 @@ struct ssl_st
1269#ifndef OPENSSL_NO_TLSEXT 1274#ifndef OPENSSL_NO_TLSEXT
1270 /* TLS extension debug callback */ 1275 /* TLS extension debug callback */
1271 void (*tlsext_debug_cb)(SSL *s, int client_server, int type, 1276 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
1272 unsigned char *data, int len, 1277 unsigned char *data, int len, void *arg);
1273 void *arg);
1274 void *tlsext_debug_arg; 1278 void *tlsext_debug_arg;
1275 char *tlsext_hostname; 1279 char *tlsext_hostname;
1276 int servername_done; /* no further mod of servername 1280 int servername_done; /* no further mod of servername
1277 0 : call the servername extension callback. 1281 0 : call the servername extension callback.
1278 1 : prepare 2, allow last ack just after in server callback. 1282 1 : prepare 2, allow last ack just after in server callback.
1279 2 : don't call servername callback, no ack in server hello 1283 2 : don't call servername callback, no ack in server hello
1280 */ 1284 */
1281 /* certificate status request info */ 1285 /* certificate status request info */
1282 /* Status type or -1 if no status type */ 1286 /* Status type or -1 if no status type */
1283 int tlsext_status_type; 1287 int tlsext_status_type;
@@ -1330,28 +1334,28 @@ struct ssl_st
1330 1334
1331#define session_ctx initial_ctx 1335#define session_ctx initial_ctx
1332 1336
1333 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */ 1337 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */
1334 SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */ 1338 SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */
1335 1339
1336 unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated? 1340 unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated?
1337 0: disabled 1341 0: disabled
1338 1: enabled 1342 1: enabled
1339 2: enabled, but not allowed to send Requests 1343 2: enabled, but not allowed to send Requests
1340 */ 1344 */
1341 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ 1345 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
1342 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ 1346 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
1343#else 1347#else
1344#define session_ctx ctx 1348#define session_ctx ctx
1345#endif /* OPENSSL_NO_TLSEXT */ 1349#endif /* OPENSSL_NO_TLSEXT */
1346 1350
1347 int renegotiate;/* 1 if we are renegotiating. 1351 int renegotiate;/* 1 if we are renegotiating.
1348 * 2 if we are a server and are inside a handshake 1352 * 2 if we are a server and are inside a handshake
1349 * (i.e. not just sending a HelloRequest) */ 1353 * (i.e. not just sending a HelloRequest) */
1350 1354
1351#ifndef OPENSSL_NO_SRP 1355#ifndef OPENSSL_NO_SRP
1352 SRP_CTX srp_ctx; /* ctx for SRP authentication */ 1356 SRP_CTX srp_ctx; /* ctx for SRP authentication */
1353#endif 1357#endif
1354 }; 1358};
1355 1359
1356#endif 1360#endif
1357 1361
@@ -1361,10 +1365,10 @@ struct ssl_st
1361 1365
1362#include <openssl/ssl2.h> 1366#include <openssl/ssl2.h>
1363#include <openssl/ssl3.h> 1367#include <openssl/ssl3.h>
1364#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ 1368#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
1365#include <openssl/dtls1.h> /* Datagram TLS */ 1369#include <openssl/dtls1.h> /* Datagram TLS */
1366#include <openssl/ssl23.h> 1370#include <openssl/ssl23.h>
1367#include <openssl/srtp.h> /* Support for the use_srtp extension */ 1371#include <openssl/srtp.h> /* Support for the use_srtp extension */
1368 1372
1369#ifdef __cplusplus 1373#ifdef __cplusplus
1370extern "C" { 1374extern "C" {
@@ -1417,9 +1421,9 @@ extern "C" {
1417 1421
1418/* The following 2 states are kept in ssl->rstate when reads fail, 1422/* The following 2 states are kept in ssl->rstate when reads fail,
1419 * you should not need these */ 1423 * you should not need these */
1420#define SSL_ST_READ_HEADER 0xF0 1424#define SSL_ST_READ_HEADER 0xF0
1421#define SSL_ST_READ_BODY 0xF1 1425#define SSL_ST_READ_BODY 0xF1
1422#define SSL_ST_READ_DONE 0xF2 1426#define SSL_ST_READ_DONE 0xF2
1423 1427
1424/* Obtain latest Finished message 1428/* Obtain latest Finished message
1425 * -- that we sent (SSL_get_finished) 1429 * -- that we sent (SSL_get_finished)
@@ -1646,28 +1650,27 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1646 1650
1647#ifndef OPENSSL_NO_BIO 1651#ifndef OPENSSL_NO_BIO
1648BIO_METHOD *BIO_f_ssl(void); 1652BIO_METHOD *BIO_f_ssl(void);
1649BIO *BIO_new_ssl(SSL_CTX *ctx,int client); 1653BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
1650BIO *BIO_new_ssl_connect(SSL_CTX *ctx); 1654BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
1651BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); 1655BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
1652int BIO_ssl_copy_session_id(BIO *to,BIO *from); 1656int BIO_ssl_copy_session_id(BIO *to, BIO *from);
1653void BIO_ssl_shutdown(BIO *ssl_bio); 1657void BIO_ssl_shutdown(BIO *ssl_bio);
1654
1655#endif 1658#endif
1656 1659
1657int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); 1660int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
1658SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); 1661SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1659void SSL_CTX_free(SSL_CTX *); 1662void SSL_CTX_free(SSL_CTX *);
1660long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); 1663long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
1661long SSL_CTX_get_timeout(const SSL_CTX *ctx); 1664long SSL_CTX_get_timeout(const SSL_CTX *ctx);
1662X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); 1665X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
1663void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); 1666void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
1664int SSL_want(const SSL *s); 1667int SSL_want(const SSL *s);
1665int SSL_clear(SSL *s); 1668int SSL_clear(SSL *s);
1666 1669
1667void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); 1670void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
1668 1671
1669const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); 1672const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1670int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); 1673int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
1671char * SSL_CIPHER_get_version(const SSL_CIPHER *c); 1674char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1672const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); 1675const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
1673unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); 1676unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
@@ -1675,7 +1678,7 @@ unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
1675int SSL_get_fd(const SSL *s); 1678int SSL_get_fd(const SSL *s);
1676int SSL_get_rfd(const SSL *s); 1679int SSL_get_rfd(const SSL *s);
1677int SSL_get_wfd(const SSL *s); 1680int SSL_get_wfd(const SSL *s);
1678const char * SSL_get_cipher_list(const SSL *s,int n); 1681const char * SSL_get_cipher_list(const SSL *s, int n);
1679char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); 1682char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
1680int SSL_get_read_ahead(const SSL * s); 1683int SSL_get_read_ahead(const SSL * s);
1681int SSL_pending(const SSL *s); 1684int SSL_pending(const SSL *s);
@@ -1685,7 +1688,7 @@ int SSL_set_rfd(SSL *s, int fd);
1685int SSL_set_wfd(SSL *s, int fd); 1688int SSL_set_wfd(SSL *s, int fd);
1686#endif 1689#endif
1687#ifndef OPENSSL_NO_BIO 1690#ifndef OPENSSL_NO_BIO
1688void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); 1691void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
1689BIO * SSL_get_rbio(const SSL *s); 1692BIO * SSL_get_rbio(const SSL *s);
1690BIO * SSL_get_wbio(const SSL *s); 1693BIO * SSL_get_wbio(const SSL *s);
1691#endif 1694#endif
@@ -1693,16 +1696,16 @@ int SSL_set_cipher_list(SSL *s, const char *str);
1693void SSL_set_read_ahead(SSL *s, int yes); 1696void SSL_set_read_ahead(SSL *s, int yes);
1694int SSL_get_verify_mode(const SSL *s); 1697int SSL_get_verify_mode(const SSL *s);
1695int SSL_get_verify_depth(const SSL *s); 1698int SSL_get_verify_depth(const SSL *s);
1696int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); 1699int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
1697void SSL_set_verify(SSL *s, int mode, 1700void SSL_set_verify(SSL *s, int mode,
1698 int (*callback)(int ok,X509_STORE_CTX *ctx)); 1701 int (*callback)(int ok, X509_STORE_CTX *ctx));
1699void SSL_set_verify_depth(SSL *s, int depth); 1702void SSL_set_verify_depth(SSL *s, int depth);
1700#ifndef OPENSSL_NO_RSA 1703#ifndef OPENSSL_NO_RSA
1701int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); 1704int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
1702#endif 1705#endif
1703int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); 1706int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
1704int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); 1707int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
1705int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); 1708int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
1706int SSL_use_certificate(SSL *ssl, X509 *x); 1709int SSL_use_certificate(SSL *ssl, X509 *x);
1707int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); 1710int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
1708 1711
@@ -1716,9 +1719,9 @@ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
1716int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ 1719int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
1717STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 1720STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
1718int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 1721int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1719 const char *file); 1722 const char *file);
1720int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 1723int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
1721 const char *dir); 1724 const char *dir);
1722#endif 1725#endif
1723 1726
1724void SSL_load_error_strings(void ); 1727void SSL_load_error_strings(void );
@@ -1730,32 +1733,34 @@ long SSL_SESSION_get_time(const SSL_SESSION *s);
1730long SSL_SESSION_set_time(SSL_SESSION *s, long t); 1733long SSL_SESSION_set_time(SSL_SESSION *s, long t);
1731long SSL_SESSION_get_timeout(const SSL_SESSION *s); 1734long SSL_SESSION_get_timeout(const SSL_SESSION *s);
1732long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); 1735long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1733void SSL_copy_session_id(SSL *to,const SSL *from); 1736void SSL_copy_session_id(SSL *to, const SSL *from);
1734X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); 1737X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
1735int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx, 1738int
1736 unsigned int sid_ctx_len); 1739SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
1740unsigned int sid_ctx_len);
1737 1741
1738SSL_SESSION *SSL_SESSION_new(void); 1742SSL_SESSION *SSL_SESSION_new(void);
1739const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, 1743const unsigned char
1740 unsigned int *len); 1744*SSL_SESSION_get_id(const SSL_SESSION *s,
1745unsigned int *len);
1741unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); 1746unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
1742#ifndef OPENSSL_NO_FP_API 1747#ifndef OPENSSL_NO_FP_API
1743int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); 1748int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
1744#endif 1749#endif
1745#ifndef OPENSSL_NO_BIO 1750#ifndef OPENSSL_NO_BIO
1746int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); 1751int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
1747#endif 1752#endif
1748void SSL_SESSION_free(SSL_SESSION *ses); 1753void SSL_SESSION_free(SSL_SESSION *ses);
1749int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); 1754int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
1750int SSL_set_session(SSL *to, SSL_SESSION *session); 1755int SSL_set_session(SSL *to, SSL_SESSION *session);
1751int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); 1756int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
1752int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); 1757int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
1753int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); 1758int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
1754int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); 1759int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
1755int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 1760int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
1756 unsigned int id_len); 1761 unsigned int id_len);
1757SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, 1762SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
1758 long length); 1763 long length);
1759 1764
1760#ifdef HEADER_X509_H 1765#ifdef HEADER_X509_H
1761X509 * SSL_get_peer_certificate(const SSL *s); 1766X509 * SSL_get_peer_certificate(const SSL *s);
@@ -1765,18 +1770,17 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
1765 1770
1766int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); 1771int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
1767int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); 1772int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
1768int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); 1773int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
1769void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, 1774void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
1770 int (*callback)(int, X509_STORE_CTX *)); 1775 int (*callback)(int, X509_STORE_CTX *));
1771void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); 1776void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
1772void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); 1777void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
1773#ifndef OPENSSL_NO_RSA 1778#ifndef OPENSSL_NO_RSA
1774int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 1779int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
1775#endif 1780#endif
1776int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); 1781int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
1777int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 1782int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
1778int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, 1783int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
1779 const unsigned char *d, long len);
1780int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 1784int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
1781int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); 1785int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
1782 1786
@@ -1786,12 +1790,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
1786int SSL_CTX_check_private_key(const SSL_CTX *ctx); 1790int SSL_CTX_check_private_key(const SSL_CTX *ctx);
1787int SSL_check_private_key(const SSL *ctx); 1791int SSL_check_private_key(const SSL *ctx);
1788 1792
1789int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, 1793int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
1790 unsigned int sid_ctx_len);
1791 1794
1792SSL * SSL_new(SSL_CTX *ctx); 1795SSL *SSL_new(SSL_CTX *ctx);
1793int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, 1796int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
1794 unsigned int sid_ctx_len);
1795 1797
1796int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); 1798int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
1797int SSL_set_purpose(SSL *s, int purpose); 1799int SSL_set_purpose(SSL *s, int purpose);
@@ -1802,21 +1804,16 @@ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1802int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 1804int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1803 1805
1804#ifndef OPENSSL_NO_SRP 1806#ifndef OPENSSL_NO_SRP
1805int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name); 1807int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
1806int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password); 1808int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
1807int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); 1809int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
1808int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, 1810int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *));
1809 char *(*cb)(SSL *,void *)); 1811int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *));
1810int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, 1812int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *));
1811 int (*cb)(SSL *,void *));
1812int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
1813 int (*cb)(SSL *,int *,void *));
1814int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); 1813int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
1815 1814
1816int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, 1815int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info);
1817 BIGNUM *sa, BIGNUM *v, char *info); 1816int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp);
1818int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
1819 const char *grp);
1820 1817
1821BIGNUM *SSL_get_srp_g(SSL *s); 1818BIGNUM *SSL_get_srp_g(SSL *s);
1822BIGNUM *SSL_get_srp_N(SSL *s); 1819BIGNUM *SSL_get_srp_N(SSL *s);
@@ -1828,15 +1825,15 @@ char *SSL_get_srp_userinfo(SSL *s);
1828void SSL_free(SSL *ssl); 1825void SSL_free(SSL *ssl);
1829int SSL_accept(SSL *ssl); 1826int SSL_accept(SSL *ssl);
1830int SSL_connect(SSL *ssl); 1827int SSL_connect(SSL *ssl);
1831int SSL_read(SSL *ssl,void *buf,int num); 1828int SSL_read(SSL *ssl, void *buf, int num);
1832int SSL_peek(SSL *ssl,void *buf,int num); 1829int SSL_peek(SSL *ssl, void *buf, int num);
1833int SSL_write(SSL *ssl,const void *buf,int num); 1830int SSL_write(SSL *ssl, const void *buf, int num);
1834long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); 1831long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
1835long SSL_callback_ctrl(SSL *, int, void (*)(void)); 1832long SSL_callback_ctrl(SSL *, int, void (*)(void));
1836long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); 1833long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
1837long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); 1834long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
1838 1835
1839int SSL_get_error(const SSL *s,int ret_code); 1836int SSL_get_error(const SSL *s, int ret_code);
1840const char *SSL_get_version(const SSL *s); 1837const char *SSL_get_version(const SSL *s);
1841 1838
1842/* This sets the 'default' SSL version that SSL_new() will create */ 1839/* This sets the 'default' SSL version that SSL_new() will create */
@@ -1852,7 +1849,7 @@ const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1852const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ 1849const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1853const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ 1850const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1854 1851
1855const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ 1852const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
1856const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ 1853const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
1857const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ 1854const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
1858 1855
@@ -1892,8 +1889,8 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
1892void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); 1889void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
1893STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); 1890STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
1894STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); 1891STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
1895int SSL_add_client_CA(SSL *ssl,X509 *x); 1892int SSL_add_client_CA(SSL *ssl, X509 *x);
1896int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); 1893int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
1897 1894
1898void SSL_set_connect_state(SSL *s); 1895void SSL_set_connect_state(SSL *s);
1899void SSL_set_accept_state(SSL *s); 1896void SSL_set_accept_state(SSL *s);
@@ -1902,7 +1899,7 @@ long SSL_get_default_timeout(const SSL *s);
1902 1899
1903int SSL_library_init(void ); 1900int SSL_library_init(void );
1904 1901
1905char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); 1902char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
1906STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); 1903STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1907 1904
1908SSL *SSL_dup(SSL *ssl); 1905SSL *SSL_dup(SSL *ssl);
@@ -1919,35 +1916,36 @@ int SSL_get_shutdown(const SSL *ssl);
1919int SSL_version(const SSL *ssl); 1916int SSL_version(const SSL *ssl);
1920int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); 1917int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
1921int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 1918int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
1922 const char *CApath); 1919 const char *CApath);
1923#define SSL_get0_session SSL_get_session /* just peek at pointer */ 1920#define SSL_get0_session SSL_get_session /* just peek at pointer */
1924SSL_SESSION *SSL_get_session(const SSL *ssl); 1921SSL_SESSION *SSL_get_session(const SSL *ssl);
1925SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ 1922SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
1926SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); 1923SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
1927SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); 1924SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
1928void SSL_set_info_callback(SSL *ssl, 1925void SSL_set_info_callback(SSL *ssl,
1929 void (*cb)(const SSL *ssl,int type,int val)); 1926 void (*cb)(const SSL *ssl, int type, int val));
1930void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); 1927void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val);
1931int SSL_state(const SSL *ssl); 1928int SSL_state(const SSL *ssl);
1932void SSL_set_state(SSL *ssl, int state); 1929void SSL_set_state(SSL *ssl, int state);
1933 1930
1934void SSL_set_verify_result(SSL *ssl,long v); 1931void SSL_set_verify_result(SSL *ssl, long v);
1935long SSL_get_verify_result(const SSL *ssl); 1932long SSL_get_verify_result(const SSL *ssl);
1936 1933
1937int SSL_set_ex_data(SSL *ssl,int idx,void *data); 1934int SSL_set_ex_data(SSL *ssl, int idx, void *data);
1938void *SSL_get_ex_data(const SSL *ssl,int idx); 1935void *SSL_get_ex_data(const SSL *ssl, int idx);
1939int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 1936int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1940 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 1937 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1941 1938
1942int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); 1939int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
1943void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); 1940void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
1944int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 1941int SSL_SESSION_get_ex_new_index(long argl, void *argp,
1945 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 1942 CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
1943 CRYPTO_EX_free *free_func);
1946 1944
1947int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); 1945int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
1948void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); 1946void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
1949int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 1947int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
1950 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 1948 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
1951 1949
1952int SSL_get_ex_data_X509_STORE_CTX_idx(void ); 1950int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1953 1951
@@ -1980,31 +1978,25 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1980#define SSL_set_max_send_fragment(ssl,m) \ 1978#define SSL_set_max_send_fragment(ssl,m) \
1981 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 1979 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1982 1980
1983 /* NB: the keylength is only applicable when is_export is true */ 1981/* NB: the keylength is only applicable when is_export is true */
1984#ifndef OPENSSL_NO_RSA 1982#ifndef OPENSSL_NO_RSA
1985void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, 1983void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
1986 RSA *(*cb)(SSL *ssl,int is_export, 1984 RSA *(*cb)(SSL *ssl, int is_export, int keylength));
1987 int keylength));
1988 1985
1989void SSL_set_tmp_rsa_callback(SSL *ssl, 1986void SSL_set_tmp_rsa_callback(SSL *ssl,
1990 RSA *(*cb)(SSL *ssl,int is_export, 1987 RSA *(*cb)(SSL *ssl, int is_export, int keylength));
1991 int keylength));
1992#endif 1988#endif
1993#ifndef OPENSSL_NO_DH 1989#ifndef OPENSSL_NO_DH
1994void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 1990void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
1995 DH *(*dh)(SSL *ssl,int is_export, 1991 DH *(*dh)(SSL *ssl, int is_export, int keylength));
1996 int keylength));
1997void SSL_set_tmp_dh_callback(SSL *ssl, 1992void SSL_set_tmp_dh_callback(SSL *ssl,
1998 DH *(*dh)(SSL *ssl,int is_export, 1993 DH *(*dh)(SSL *ssl, int is_export, int keylength));
1999 int keylength));
2000#endif 1994#endif
2001#ifndef OPENSSL_NO_ECDH 1995#ifndef OPENSSL_NO_ECDH
2002void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, 1996void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
2003 EC_KEY *(*ecdh)(SSL *ssl,int is_export, 1997 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
2004 int keylength));
2005void SSL_set_tmp_ecdh_callback(SSL *ssl, 1998void SSL_set_tmp_ecdh_callback(SSL *ssl,
2006 EC_KEY *(*ecdh)(SSL *ssl,int is_export, 1999 EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
2007 int keylength));
2008#endif 2000#endif
2009 2001
2010#ifndef OPENSSL_NO_COMP 2002#ifndef OPENSSL_NO_COMP
@@ -2012,23 +2004,24 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s);
2012const COMP_METHOD *SSL_get_current_expansion(SSL *s); 2004const COMP_METHOD *SSL_get_current_expansion(SSL *s);
2013const char *SSL_COMP_get_name(const COMP_METHOD *comp); 2005const char *SSL_COMP_get_name(const COMP_METHOD *comp);
2014STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 2006STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
2015int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); 2007int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
2016#else 2008#else
2017const void *SSL_get_current_compression(SSL *s); 2009const void *SSL_get_current_compression(SSL *s);
2018const void *SSL_get_current_expansion(SSL *s); 2010const void *SSL_get_current_expansion(SSL *s);
2019const char *SSL_COMP_get_name(const void *comp); 2011const char *SSL_COMP_get_name(const void *comp);
2020void *SSL_COMP_get_compression_methods(void); 2012void *SSL_COMP_get_compression_methods(void);
2021int SSL_COMP_add_compression_method(int id,void *cm); 2013int SSL_COMP_add_compression_method(int id, void *cm);
2022#endif 2014#endif
2023 2015
2024/* TLS extensions functions */ 2016/* TLS extensions functions */
2025int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); 2017int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
2026 2018
2027int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 2019int SSL_set_session_ticket_ext_cb(SSL *s,
2028 void *arg); 2020 tls_session_ticket_ext_cb_fn cb, void *arg);
2029 2021
2030/* Pre-shared secret session resumption functions */ 2022/* Pre-shared secret session resumption functions */
2031int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg); 2023int SSL_set_session_secret_cb(SSL *s,
2024 tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
2032 2025
2033void SSL_set_debug(SSL *s, int debug); 2026void SSL_set_debug(SSL *s, int debug);
2034int SSL_cache_hit(SSL *s); 2027int SSL_cache_hit(SSL *s);