summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl.h')
-rw-r--r--src/lib/libssl/ssl.h539
1 files changed, 383 insertions, 156 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index ff8a128d3c..e4c3f65010 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -109,62 +109,35 @@
109 * 109 *
110 */ 110 */
111/* ==================================================================== 111/* ====================================================================
112 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
113 * 118 *
114 * Redistribution and use in source and binary forms, with or without 119 * The portions of the attached software ("Contribution") is developed by
115 * modification, are permitted provided that the following conditions 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
116 * are met: 121 * license.
117 * 122 *
118 * 1. Redistributions of source code must retain the above copyright 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
119 * notice, this list of conditions and the following disclaimer. 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
120 * 126 *
121 * 2. Redistributions in binary form must reproduce the above copyright 127 * No patent licenses or other rights except those expressly stated in
122 * notice, this list of conditions and the following disclaimer in 128 * the OpenSSL open source license shall be deemed granted or received
123 * the documentation and/or other materials provided with the 129 * expressly, by implication, estoppel, or otherwise.
124 * distribution.
125 * 130 *
126 * 3. All advertising materials mentioning features or use of this 131 * No assurances are provided by Nokia that the Contribution does not
127 * software must display the following acknowledgment: 132 * infringe the patent or other intellectual property rights of any third
128 * "This product includes software developed by the OpenSSL Project 133 * party or that the license provides you with all the necessary rights
129 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 134 * to make use of the Contribution.
130 *
131 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
132 * endorse or promote products derived from this software without
133 * prior written permission. For written permission, please contact
134 * openssl-core@openssl.org.
135 *
136 * 5. Products derived from this software may not be called "OpenSSL"
137 * nor may "OpenSSL" appear in their names without prior written
138 * permission of the OpenSSL Project.
139 *
140 * 6. Redistributions of any form whatsoever must retain the following
141 * acknowledgment:
142 * "This product includes software developed by the OpenSSL Project
143 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
144 *
145 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
146 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
147 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
148 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
149 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
150 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
151 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
152 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
153 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
154 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
155 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
156 * OF THE POSSIBILITY OF SUCH DAMAGE.
157 * ====================================================================
158 *
159 * This product includes cryptographic software written by Eric Young
160 * (eay@cryptsoft.com). This product includes software written by Tim
161 * Hudson (tjh@cryptsoft.com).
162 * 135 *
163 */ 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
164/* ==================================================================== 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
165 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
166 * ECC cipher suite support in OpenSSL originally developed by 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
167 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 140 * OTHERWISE.
168 */ 141 */
169 142
170#ifndef HEADER_SSL_H 143#ifndef HEADER_SSL_H
@@ -248,56 +221,88 @@ extern "C" {
248#define SSL_MAX_KEY_ARG_LENGTH 8 221#define SSL_MAX_KEY_ARG_LENGTH 8
249#define SSL_MAX_MASTER_KEY_LENGTH 48 222#define SSL_MAX_MASTER_KEY_LENGTH 48
250 223
224
251/* These are used to specify which ciphers to use and not to use */ 225/* These are used to specify which ciphers to use and not to use */
226
227#define SSL_TXT_EXP40 "EXPORT40"
228#define SSL_TXT_EXP56 "EXPORT56"
252#define SSL_TXT_LOW "LOW" 229#define SSL_TXT_LOW "LOW"
253#define SSL_TXT_MEDIUM "MEDIUM" 230#define SSL_TXT_MEDIUM "MEDIUM"
254#define SSL_TXT_HIGH "HIGH" 231#define SSL_TXT_HIGH "HIGH"
255#define SSL_TXT_FIPS "FIPS" 232#define SSL_TXT_FIPS "FIPS"
256#define SSL_TXT_kFZA "kFZA" 233
257#define SSL_TXT_aFZA "aFZA" 234#define SSL_TXT_kFZA "kFZA" /* unused! */
258#define SSL_TXT_eFZA "eFZA" 235#define SSL_TXT_aFZA "aFZA" /* unused! */
259#define SSL_TXT_FZA "FZA" 236#define SSL_TXT_eFZA "eFZA" /* unused! */
237#define SSL_TXT_FZA "FZA" /* unused! */
260 238
261#define SSL_TXT_aNULL "aNULL" 239#define SSL_TXT_aNULL "aNULL"
262#define SSL_TXT_eNULL "eNULL" 240#define SSL_TXT_eNULL "eNULL"
263#define SSL_TXT_NULL "NULL" 241#define SSL_TXT_NULL "NULL"
264 242
265#define SSL_TXT_kKRB5 "kKRB5"
266#define SSL_TXT_aKRB5 "aKRB5"
267#define SSL_TXT_KRB5 "KRB5"
268
269#define SSL_TXT_kRSA "kRSA" 243#define SSL_TXT_kRSA "kRSA"
270#define SSL_TXT_kDHr "kDHr" 244#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */
271#define SSL_TXT_kDHd "kDHd" 245#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */
246#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */
272#define SSL_TXT_kEDH "kEDH" 247#define SSL_TXT_kEDH "kEDH"
248#define SSL_TXT_kKRB5 "kKRB5"
249#define SSL_TXT_kECDHr "kECDHr"
250#define SSL_TXT_kECDHe "kECDHe"
251#define SSL_TXT_kECDH "kECDH"
252#define SSL_TXT_kEECDH "kEECDH"
253#define SSL_TXT_kPSK "kPSK"
254#define SSL_TXT_kGOST "kGOST"
255
273#define SSL_TXT_aRSA "aRSA" 256#define SSL_TXT_aRSA "aRSA"
274#define SSL_TXT_aDSS "aDSS" 257#define SSL_TXT_aDSS "aDSS"
275#define SSL_TXT_aDH "aDH" 258#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */
259#define SSL_TXT_aECDH "aECDH"
260#define SSL_TXT_aKRB5 "aKRB5"
261#define SSL_TXT_aECDSA "aECDSA"
262#define SSL_TXT_aPSK "aPSK"
263#define SSL_TXT_aGOST94 "aGOST94"
264#define SSL_TXT_aGOST01 "aGOST01"
265#define SSL_TXT_aGOST "aGOST"
266
276#define SSL_TXT_DSS "DSS" 267#define SSL_TXT_DSS "DSS"
277#define SSL_TXT_DH "DH" 268#define SSL_TXT_DH "DH"
278#define SSL_TXT_EDH "EDH" 269#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */
279#define SSL_TXT_ADH "ADH" 270#define SSL_TXT_ADH "ADH"
280#define SSL_TXT_RSA "RSA" 271#define SSL_TXT_RSA "RSA"
272#define SSL_TXT_ECDH "ECDH"
273#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */
274#define SSL_TXT_AECDH "AECDH"
275#define SSL_TXT_ECDSA "ECDSA"
276#define SSL_TXT_KRB5 "KRB5"
277#define SSL_TXT_PSK "PSK"
278
281#define SSL_TXT_DES "DES" 279#define SSL_TXT_DES "DES"
282#define SSL_TXT_3DES "3DES" 280#define SSL_TXT_3DES "3DES"
283#define SSL_TXT_RC4 "RC4" 281#define SSL_TXT_RC4 "RC4"
284#define SSL_TXT_RC2 "RC2" 282#define SSL_TXT_RC2 "RC2"
285#define SSL_TXT_IDEA "IDEA" 283#define SSL_TXT_IDEA "IDEA"
286#define SSL_TXT_SEED "SEED" 284#define SSL_TXT_SEED "SEED"
285#define SSL_TXT_AES128 "AES128"
286#define SSL_TXT_AES256 "AES256"
287#define SSL_TXT_AES "AES" 287#define SSL_TXT_AES "AES"
288#define SSL_TXT_CAMELLIA128 "CAMELLIA128"
289#define SSL_TXT_CAMELLIA256 "CAMELLIA256"
288#define SSL_TXT_CAMELLIA "CAMELLIA" 290#define SSL_TXT_CAMELLIA "CAMELLIA"
291
289#define SSL_TXT_MD5 "MD5" 292#define SSL_TXT_MD5 "MD5"
290#define SSL_TXT_SHA1 "SHA1" 293#define SSL_TXT_SHA1 "SHA1"
291#define SSL_TXT_SHA "SHA" 294#define SSL_TXT_SHA "SHA" /* same as "SHA1" */
292#define SSL_TXT_EXP "EXP" 295#define SSL_TXT_GOST94 "GOST94"
293#define SSL_TXT_EXPORT "EXPORT" 296#define SSL_TXT_GOST89MAC "GOST89MAC"
294#define SSL_TXT_EXP40 "EXPORT40" 297
295#define SSL_TXT_EXP56 "EXPORT56"
296#define SSL_TXT_SSLV2 "SSLv2" 298#define SSL_TXT_SSLV2 "SSLv2"
297#define SSL_TXT_SSLV3 "SSLv3" 299#define SSL_TXT_SSLV3 "SSLv3"
298#define SSL_TXT_TLSV1 "TLSv1" 300#define SSL_TXT_TLSV1 "TLSv1"
301
302#define SSL_TXT_EXP "EXP"
303#define SSL_TXT_EXPORT "EXPORT"
304
299#define SSL_TXT_ALL "ALL" 305#define SSL_TXT_ALL "ALL"
300#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */
301 306
302/* 307/*
303 * COMPLEMENTOF* definitions. These identifiers are used to (de-select) 308 * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
@@ -319,7 +324,13 @@ extern "C" {
319/* The following cipher list is used by default. 324/* The following cipher list is used by default.
320 * It also is substituted when an application-defined cipher list string 325 * It also is substituted when an application-defined cipher list string
321 * starts with 'DEFAULT'. */ 326 * starts with 'DEFAULT'. */
322#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ 327#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
328/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
329 * starts with a reasonable order, and all we have to do for DEFAULT is
330 * throwing out anonymous and unencrypted ciphersuites!
331 * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
332 * some of them.)
333 */
323 334
324/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ 335/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
325#define SSL_SENT_SHUTDOWN 1 336#define SSL_SENT_SHUTDOWN 1
@@ -344,6 +355,7 @@ extern "C" {
344 * 'struct ssl_st *' function parameters used to prototype callbacks 355 * 'struct ssl_st *' function parameters used to prototype callbacks
345 * in SSL_CTX. */ 356 * in SSL_CTX. */
346typedef struct ssl_st *ssl_crock_st; 357typedef struct ssl_st *ssl_crock_st;
358typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
347 359
348/* used to hold info on the particular ciphers used */ 360/* used to hold info on the particular ciphers used */
349typedef struct ssl_cipher_st 361typedef struct ssl_cipher_st
@@ -351,17 +363,25 @@ typedef struct ssl_cipher_st
351 int valid; 363 int valid;
352 const char *name; /* text name */ 364 const char *name; /* text name */
353 unsigned long id; /* id, 4 bytes, first is version */ 365 unsigned long id; /* id, 4 bytes, first is version */
354 unsigned long algorithms; /* what ciphers are used */ 366
367 /* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
368 unsigned long algorithm_mkey; /* key exchange algorithm */
369 unsigned long algorithm_auth; /* server authentication */
370 unsigned long algorithm_enc; /* symmetric encryption */
371 unsigned long algorithm_mac; /* symmetric authentication */
372 unsigned long algorithm_ssl; /* (major) protocol version */
373
355 unsigned long algo_strength; /* strength and export flags */ 374 unsigned long algo_strength; /* strength and export flags */
356 unsigned long algorithm2; /* Extra flags */ 375 unsigned long algorithm2; /* Extra flags */
357 int strength_bits; /* Number of bits really used */ 376 int strength_bits; /* Number of bits really used */
358 int alg_bits; /* Number of bits for algorithm */ 377 int alg_bits; /* Number of bits for algorithm */
359 unsigned long mask; /* used for matching */
360 unsigned long mask_strength; /* also used for matching */
361 } SSL_CIPHER; 378 } SSL_CIPHER;
362 379
363DECLARE_STACK_OF(SSL_CIPHER) 380DECLARE_STACK_OF(SSL_CIPHER)
364 381
382typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
383typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
384
365/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 385/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
366typedef struct ssl_method_st 386typedef struct ssl_method_st
367 { 387 {
@@ -385,12 +405,12 @@ typedef struct ssl_method_st
385 int (*ssl_dispatch_alert)(SSL *s); 405 int (*ssl_dispatch_alert)(SSL *s);
386 long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); 406 long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
387 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); 407 long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
388 SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); 408 const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
389 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); 409 int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
390 int (*ssl_pending)(const SSL *s); 410 int (*ssl_pending)(const SSL *s);
391 int (*num_ciphers)(void); 411 int (*num_ciphers)(void);
392 SSL_CIPHER *(*get_cipher)(unsigned ncipher); 412 const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
393 struct ssl_method_st *(*get_ssl_method)(int version); 413 const struct ssl_method_st *(*get_ssl_method)(int version);
394 long (*get_timeout)(void); 414 long (*get_timeout)(void);
395 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ 415 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
396 int (*ssl_version)(void); 416 int (*ssl_version)(void);
@@ -402,17 +422,20 @@ typedef struct ssl_method_st
402 * SSL_SESSION_ID ::= SEQUENCE { 422 * SSL_SESSION_ID ::= SEQUENCE {
403 * version INTEGER, -- structure version number 423 * version INTEGER, -- structure version number
404 * SSLversion INTEGER, -- SSL version number 424 * SSLversion INTEGER, -- SSL version number
405 * Cipher OCTET_STRING, -- the 3 byte cipher ID 425 * Cipher OCTET STRING, -- the 3 byte cipher ID
406 * Session_ID OCTET_STRING, -- the Session ID 426 * Session_ID OCTET STRING, -- the Session ID
407 * Master_key OCTET_STRING, -- the master key 427 * Master_key OCTET STRING, -- the master key
408 * KRB5_principal OCTET_STRING -- optional Kerberos principal 428 * KRB5_principal OCTET STRING -- optional Kerberos principal
409 * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument 429 * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
410 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time 430 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
411 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds 431 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
412 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate 432 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
413 * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context 433 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
414 * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' 434 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
415 * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX 435 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
436 * ECPointFormatList [ 7 ] OCTET STRING, -- optional EC point format list from TLS extension
437 * PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
438 * PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity
416 * } 439 * }
417 * Look in ssl/ssl_asn1.c for more details 440 * Look in ssl/ssl_asn1.c for more details
418 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). 441 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -440,7 +463,10 @@ typedef struct ssl_session_st
440 unsigned int krb5_client_princ_len; 463 unsigned int krb5_client_princ_len;
441 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; 464 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
442#endif /* OPENSSL_NO_KRB5 */ 465#endif /* OPENSSL_NO_KRB5 */
443 466#ifndef OPENSSL_NO_PSK
467 char *psk_identity_hint;
468 char *psk_identity;
469#endif
444 int not_resumable; 470 int not_resumable;
445 471
446 /* The cert is the certificate used to establish this connection */ 472 /* The cert is the certificate used to establish this connection */
@@ -459,9 +485,9 @@ typedef struct ssl_session_st
459 long timeout; 485 long timeout;
460 long time; 486 long time;
461 487
462 int compress_meth; /* Need to lookup the method */ 488 unsigned int compress_meth; /* Need to lookup the method */
463 489
464 SSL_CIPHER *cipher; 490 const SSL_CIPHER *cipher;
465 unsigned long cipher_id; /* when ASN.1 loaded, this 491 unsigned long cipher_id; /* when ASN.1 loaded, this
466 * needs to be used to load 492 * needs to be used to load
467 * the 'cipher' structure */ 493 * the 'cipher' structure */
@@ -475,6 +501,12 @@ typedef struct ssl_session_st
475 struct ssl_session_st *prev,*next; 501 struct ssl_session_st *prev,*next;
476#ifndef OPENSSL_NO_TLSEXT 502#ifndef OPENSSL_NO_TLSEXT
477 char *tlsext_hostname; 503 char *tlsext_hostname;
504#ifndef OPENSSL_NO_EC
505 size_t tlsext_ecpointformatlist_length;
506 unsigned char *tlsext_ecpointformatlist; /* peer's list */
507 size_t tlsext_ellipticcurvelist_length;
508 unsigned char *tlsext_ellipticcurvelist; /* peer's list */
509#endif /* OPENSSL_NO_EC */
478 /* RFC4507 info */ 510 /* RFC4507 info */
479 unsigned char *tlsext_tick; /* Session ticket */ 511 unsigned char *tlsext_tick; /* Session ticket */
480 size_t tlsext_ticklen; /* Session ticket length */ 512 size_t tlsext_ticklen; /* Session ticket length */
@@ -485,6 +517,8 @@ typedef struct ssl_session_st
485 517
486#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 518#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
487#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 519#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
520/* Allow initial connection to servers that don't support RI */
521#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
488#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 522#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
489#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L 523#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
490#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 524#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
@@ -502,7 +536,7 @@ typedef struct ssl_session_st
502 536
503/* SSL_OP_ALL: various bug workarounds that should be rather harmless. 537/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
504 * This used to be 0x000FFFFFL before 0.9.7. */ 538 * This used to be 0x000FFFFFL before 0.9.7. */
505#define SSL_OP_ALL 0x00000FFFL 539#define SSL_OP_ALL 0x80000FFFL
506 540
507/* DTLS options */ 541/* DTLS options */
508#define SSL_OP_NO_QUERY_MTU 0x00001000L 542#define SSL_OP_NO_QUERY_MTU 0x00001000L
@@ -510,9 +544,15 @@ typedef struct ssl_session_st
510#define SSL_OP_COOKIE_EXCHANGE 0x00002000L 544#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
511/* Don't use RFC4507 ticket extension */ 545/* Don't use RFC4507 ticket extension */
512#define SSL_OP_NO_TICKET 0x00004000L 546#define SSL_OP_NO_TICKET 0x00004000L
547/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
548#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
513 549
514/* As server, disallow session resumption on renegotiation */ 550/* As server, disallow session resumption on renegotiation */
515#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L 551#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
552/* Don't use compression even if supported */
553#define SSL_OP_NO_COMPRESSION 0x00020000L
554/* Permit unsafe legacy renegotiation */
555#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
516/* If set, always create a new key when using tmp_ecdh parameters */ 556/* If set, always create a new key when using tmp_ecdh parameters */
517#define SSL_OP_SINGLE_ECDH_USE 0x00080000L 557#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
518/* If set, always create a new key when using tmp_dh parameters */ 558/* If set, always create a new key when using tmp_dh parameters */
@@ -539,7 +579,11 @@ typedef struct ssl_session_st
539#define SSL_OP_PKCS1_CHECK_2 0x10000000L 579#define SSL_OP_PKCS1_CHECK_2 0x10000000L
540#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 580#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
541#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L 581#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
542 582/* Make server add server-hello extension from early version of
583 * cryptopro draft, when GOST ciphersuite is negotiated.
584 * Required for interoperability with CryptoPro CSP 3.x
585 */
586#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L
543 587
544/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 588/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
545 * when just a single record has been written): */ 589 * when just a single record has been written): */
@@ -554,24 +598,35 @@ typedef struct ssl_session_st
554#define SSL_MODE_AUTO_RETRY 0x00000004L 598#define SSL_MODE_AUTO_RETRY 0x00000004L
555/* Don't attempt to automatically build certificate chain */ 599/* Don't attempt to automatically build certificate chain */
556#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L 600#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
557 601/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
602 * TLS only.) "Released" buffers are put onto a free-list in the context
603 * or just freed (depending on the context's setting for freelist_max_len). */
604#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
558 605
559/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, 606/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
560 * they cannot be used to clear bits. */ 607 * they cannot be used to clear bits. */
561 608
562#define SSL_CTX_set_options(ctx,op) \ 609#define SSL_CTX_set_options(ctx,op) \
563 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) 610 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
611#define SSL_CTX_clear_options(ctx,op) \
612 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
564#define SSL_CTX_get_options(ctx) \ 613#define SSL_CTX_get_options(ctx) \
565 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) 614 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
566#define SSL_set_options(ssl,op) \ 615#define SSL_set_options(ssl,op) \
567 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) 616 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
617#define SSL_clear_options(ssl,op) \
618 SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
568#define SSL_get_options(ssl) \ 619#define SSL_get_options(ssl) \
569 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) 620 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
570 621
571#define SSL_CTX_set_mode(ctx,op) \ 622#define SSL_CTX_set_mode(ctx,op) \
572 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) 623 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
624#define SSL_CTX_clear_mode(ctx,op) \
625 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
573#define SSL_CTX_get_mode(ctx) \ 626#define SSL_CTX_get_mode(ctx) \
574 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) 627 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
628#define SSL_clear_mode(ssl,op) \
629 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
575#define SSL_set_mode(ssl,op) \ 630#define SSL_set_mode(ssl,op) \
576 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) 631 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
577#define SSL_get_mode(ssl) \ 632#define SSL_get_mode(ssl) \
@@ -579,6 +634,8 @@ typedef struct ssl_session_st
579#define SSL_set_mtu(ssl, mtu) \ 634#define SSL_set_mtu(ssl, mtu) \
580 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) 635 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
581 636
637#define SSL_get_secure_renegotiation_support(ssl) \
638 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
582 639
583void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 640void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
584void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); 641void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -623,17 +680,18 @@ typedef struct ssl_comp_st
623 } SSL_COMP; 680 } SSL_COMP;
624 681
625DECLARE_STACK_OF(SSL_COMP) 682DECLARE_STACK_OF(SSL_COMP)
683DECLARE_LHASH_OF(SSL_SESSION);
626 684
627struct ssl_ctx_st 685struct ssl_ctx_st
628 { 686 {
629 SSL_METHOD *method; 687 const SSL_METHOD *method;
630 688
631 STACK_OF(SSL_CIPHER) *cipher_list; 689 STACK_OF(SSL_CIPHER) *cipher_list;
632 /* same as above but sorted for lookup */ 690 /* same as above but sorted for lookup */
633 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 691 STACK_OF(SSL_CIPHER) *cipher_list_by_id;
634 692
635 struct x509_store_st /* X509_STORE */ *cert_store; 693 struct x509_store_st /* X509_STORE */ *cert_store;
636 struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ 694 LHASH_OF(SSL_SESSION) *sessions;
637 /* Most session-ids that will be cached, default is 695 /* Most session-ids that will be cached, default is
638 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ 696 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
639 unsigned long session_cache_size; 697 unsigned long session_cache_size;
@@ -758,6 +816,12 @@ struct ssl_ctx_st
758 816
759 int quiet_shutdown; 817 int quiet_shutdown;
760 818
819 /* Maximum amount of data to send in one fragment.
820 * actual record size can be more than this due to
821 * padding and MAC overheads.
822 */
823 unsigned int max_send_fragment;
824
761#ifndef OPENSSL_ENGINE 825#ifndef OPENSSL_ENGINE
762 /* Engine to pass requests for client certs to 826 /* Engine to pass requests for client certs to
763 */ 827 */
@@ -776,14 +840,33 @@ struct ssl_ctx_st
776 int (*tlsext_ticket_key_cb)(SSL *ssl, 840 int (*tlsext_ticket_key_cb)(SSL *ssl,
777 unsigned char *name, unsigned char *iv, 841 unsigned char *name, unsigned char *iv,
778 EVP_CIPHER_CTX *ectx, 842 EVP_CIPHER_CTX *ectx,
779 HMAC_CTX *hctx, int enc); 843 HMAC_CTX *hctx, int enc);
780 844
781 /* certificate status request info */ 845 /* certificate status request info */
782 /* Callback for status request */ 846 /* Callback for status request */
783 int (*tlsext_status_cb)(SSL *ssl, void *arg); 847 int (*tlsext_status_cb)(SSL *ssl, void *arg);
784 void *tlsext_status_arg; 848 void *tlsext_status_arg;
849
850 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
851 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
852 void *tlsext_opaque_prf_input_callback_arg;
853#endif
854
855#ifndef OPENSSL_NO_PSK
856 char *psk_identity_hint;
857 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
858 unsigned int max_identity_len, unsigned char *psk,
859 unsigned int max_psk_len);
860 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
861 unsigned char *psk, unsigned int max_psk_len);
785#endif 862#endif
786 863
864#ifndef OPENSSL_NO_BUF_FREELISTS
865#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
866 unsigned int freelist_max_len;
867 struct ssl3_buf_freelist_st *wbuf_freelist;
868 struct ssl3_buf_freelist_st *rbuf_freelist;
869#endif
787 }; 870 };
788 871
789#define SSL_SESS_CACHE_OFF 0x0000 872#define SSL_SESS_CACHE_OFF 0x0000
@@ -797,7 +880,7 @@ struct ssl_ctx_st
797#define SSL_SESS_CACHE_NO_INTERNAL \ 880#define SSL_SESS_CACHE_NO_INTERNAL \
798 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) 881 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
799 882
800 struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); 883LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
801#define SSL_CTX_sess_number(ctx) \ 884#define SSL_CTX_sess_number(ctx) \
802 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) 885 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
803#define SSL_CTX_sess_connect(ctx) \ 886#define SSL_CTX_sess_connect(ctx) \
@@ -839,6 +922,31 @@ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
839void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); 922void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
840void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); 923void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
841 924
925#ifndef OPENSSL_NO_PSK
926/* the maximum length of the buffer given to callbacks containing the
927 * resulting identity/psk */
928#define PSK_MAX_IDENTITY_LEN 128
929#define PSK_MAX_PSK_LEN 256
930void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
931 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
932 char *identity, unsigned int max_identity_len, unsigned char *psk,
933 unsigned int max_psk_len));
934void SSL_set_psk_client_callback(SSL *ssl,
935 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
936 char *identity, unsigned int max_identity_len, unsigned char *psk,
937 unsigned int max_psk_len));
938void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
939 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
940 unsigned char *psk, unsigned int max_psk_len));
941void SSL_set_psk_server_callback(SSL *ssl,
942 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
943 unsigned char *psk, unsigned int max_psk_len));
944int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
945int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
946const char *SSL_get_psk_identity_hint(const SSL *s);
947const char *SSL_get_psk_identity(const SSL *s);
948#endif
949
842#define SSL_NOTHING 1 950#define SSL_NOTHING 1
843#define SSL_WRITING 2 951#define SSL_WRITING 2
844#define SSL_READING 3 952#define SSL_READING 3
@@ -850,6 +958,9 @@ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL
850#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) 958#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
851#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) 959#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
852 960
961#define SSL_MAC_FLAG_READ_MAC_STREAM 1
962#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
963
853struct ssl_st 964struct ssl_st
854 { 965 {
855 /* protocol version 966 /* protocol version
@@ -858,7 +969,7 @@ struct ssl_st
858 int version; 969 int version;
859 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ 970 int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
860 971
861 SSL_METHOD *method; /* SSLv3 */ 972 const SSL_METHOD *method; /* SSLv3 */
862 973
863 /* There are 2 BIO's even though they are normally both the 974 /* There are 2 BIO's even though they are normally both the
864 * same. This is so data can be read and written to different 975 * same. This is so data can be read and written to different
@@ -941,9 +1052,9 @@ struct ssl_st
941 1052
942 /* These are the ones being used, the ones in SSL_SESSION are 1053 /* These are the ones being used, the ones in SSL_SESSION are
943 * the ones to be 'copied' into these ones */ 1054 * the ones to be 'copied' into these ones */
944 1055 int mac_flags;
945 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 1056 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
946 const EVP_MD *read_hash; /* used for mac generation */ 1057 EVP_MD_CTX *read_hash; /* used for mac generation */
947#ifndef OPENSSL_NO_COMP 1058#ifndef OPENSSL_NO_COMP
948 COMP_CTX *expand; /* uncompress */ 1059 COMP_CTX *expand; /* uncompress */
949#else 1060#else
@@ -951,7 +1062,7 @@ struct ssl_st
951#endif 1062#endif
952 1063
953 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 1064 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
954 const EVP_MD *write_hash; /* used for mac generation */ 1065 EVP_MD_CTX *write_hash; /* used for mac generation */
955#ifndef OPENSSL_NO_COMP 1066#ifndef OPENSSL_NO_COMP
956 COMP_CTX *compress; /* compression */ 1067 COMP_CTX *compress; /* compression */
957#else 1068#else
@@ -989,6 +1100,14 @@ struct ssl_st
989 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ 1100 KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
990#endif /* OPENSSL_NO_KRB5 */ 1101#endif /* OPENSSL_NO_KRB5 */
991 1102
1103#ifndef OPENSSL_NO_PSK
1104 unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
1105 unsigned int max_identity_len, unsigned char *psk,
1106 unsigned int max_psk_len);
1107 unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
1108 unsigned char *psk, unsigned int max_psk_len);
1109#endif
1110
992 SSL_CTX *ctx; 1111 SSL_CTX *ctx;
993 /* set this flag to 1 and a sleep(1) is put into all SSL_read() 1112 /* set this flag to 1 and a sleep(1) is put into all SSL_read()
994 * and SSL_write() calls, good for nbio debuging :-) */ 1113 * and SSL_write() calls, good for nbio debuging :-) */
@@ -1008,6 +1127,7 @@ struct ssl_st
1008 int first_packet; 1127 int first_packet;
1009 int client_version; /* what was passed, used for 1128 int client_version; /* what was passed, used for
1010 * SSLv3/TLS rollback check */ 1129 * SSLv3/TLS rollback check */
1130 unsigned int max_send_fragment;
1011#ifndef OPENSSL_NO_TLSEXT 1131#ifndef OPENSSL_NO_TLSEXT
1012 /* TLS extension debug callback */ 1132 /* TLS extension debug callback */
1013 void (*tlsext_debug_cb)(SSL *s, int client_server, int type, 1133 void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
@@ -1034,11 +1154,33 @@ struct ssl_st
1034 1154
1035 /* RFC4507 session ticket expected to be received or sent */ 1155 /* RFC4507 session ticket expected to be received or sent */
1036 int tlsext_ticket_expected; 1156 int tlsext_ticket_expected;
1157#ifndef OPENSSL_NO_EC
1158 size_t tlsext_ecpointformatlist_length;
1159 unsigned char *tlsext_ecpointformatlist; /* our list */
1160 size_t tlsext_ellipticcurvelist_length;
1161 unsigned char *tlsext_ellipticcurvelist; /* our list */
1162#endif /* OPENSSL_NO_EC */
1163
1164 /* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
1165 void *tlsext_opaque_prf_input;
1166 size_t tlsext_opaque_prf_input_len;
1167
1168 /* TLS Session Ticket extension override */
1169 TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
1170
1171 /* TLS Session Ticket extension callback */
1172 tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
1173 void *tls_session_ticket_ext_cb_arg;
1174
1175 /* TLS pre-shared secret session resumption */
1176 tls_session_secret_cb_fn tls_session_secret_cb;
1177 void *tls_session_secret_cb_arg;
1178
1037 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ 1179 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
1038#define session_ctx initial_ctx 1180#define session_ctx initial_ctx
1039#else 1181#else
1040#define session_ctx ctx 1182#define session_ctx ctx
1041#endif 1183#endif /* OPENSSL_NO_TLSEXT */
1042 }; 1184 };
1043 1185
1044#ifdef __cplusplus 1186#ifdef __cplusplus
@@ -1145,20 +1287,13 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1145#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) 1287#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
1146#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) 1288#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
1147 1289
1148#if 1 /*SSLEAY_MACROS*/
1149#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) 1290#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
1150#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) 1291#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
1151#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
1152 (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
1153#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
1154#define PEM_write_SSL_SESSION(fp,x) \
1155 PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
1156 PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
1157#define PEM_write_bio_SSL_SESSION(bp,x) \
1158 PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
1159#endif
1160 1292
1161#define SSL_AD_REASON_OFFSET 1000 1293DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1294
1295#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
1296
1162/* These alert types are for SSLv3 and TLSv1 */ 1297/* These alert types are for SSLv3 and TLSv1 */
1163#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY 1298#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
1164#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ 1299#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
@@ -1188,6 +1323,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1188#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE 1323#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
1189#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME 1324#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
1190#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 1325#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
1326#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
1327#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
1191 1328
1192#define SSL_ERROR_NONE 0 1329#define SSL_ERROR_NONE 0
1193#define SSL_ERROR_SSL 1 1330#define SSL_ERROR_SSL 1
@@ -1246,6 +1383,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1246#define SSL_CTRL_GET_MAX_CERT_LIST 50 1383#define SSL_CTRL_GET_MAX_CERT_LIST 50
1247#define SSL_CTRL_SET_MAX_CERT_LIST 51 1384#define SSL_CTRL_SET_MAX_CERT_LIST 51
1248 1385
1386#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
1387
1249/* see tls1.h for macros based on these */ 1388/* see tls1.h for macros based on these */
1250#ifndef OPENSSL_NO_TLSEXT 1389#ifndef OPENSSL_NO_TLSEXT
1251#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 1390#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
@@ -1255,7 +1394,9 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1255#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 1394#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
1256#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 1395#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
1257#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 1396#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
1258 1397#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
1398#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
1399#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
1259#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 1400#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
1260#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 1401#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
1261#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 1402#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
@@ -1269,6 +1410,21 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
1269#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 1410#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
1270#endif 1411#endif
1271 1412
1413#define DTLS_CTRL_GET_TIMEOUT 73
1414#define DTLS_CTRL_HANDLE_TIMEOUT 74
1415#define DTLS_CTRL_LISTEN 75
1416
1417#define SSL_CTRL_GET_RI_SUPPORT 76
1418#define SSL_CTRL_CLEAR_OPTIONS 77
1419#define SSL_CTRL_CLEAR_MODE 78
1420
1421#define DTLSv1_get_timeout(ssl, arg) \
1422 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
1423#define DTLSv1_handle_timeout(ssl) \
1424 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
1425#define DTLSv1_listen(ssl, peer) \
1426 SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
1427
1272#define SSL_session_reused(ssl) \ 1428#define SSL_session_reused(ssl) \
1273 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) 1429 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
1274#define SSL_num_renegotiations(ssl) \ 1430#define SSL_num_renegotiations(ssl) \
@@ -1310,7 +1466,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
1310#endif 1466#endif
1311 1467
1312int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); 1468int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
1313SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); 1469SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
1314void SSL_CTX_free(SSL_CTX *); 1470void SSL_CTX_free(SSL_CTX *);
1315long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); 1471long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
1316long SSL_CTX_get_timeout(const SSL_CTX *ctx); 1472long SSL_CTX_get_timeout(const SSL_CTX *ctx);
@@ -1321,7 +1477,7 @@ int SSL_clear(SSL *s);
1321 1477
1322void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); 1478void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
1323 1479
1324SSL_CIPHER *SSL_get_current_cipher(const SSL *s); 1480const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
1325int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); 1481int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
1326char * SSL_CIPHER_get_version(const SSL_CIPHER *c); 1482char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
1327const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); 1483const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
@@ -1392,9 +1548,8 @@ long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
1392void SSL_copy_session_id(SSL *to,const SSL *from); 1548void SSL_copy_session_id(SSL *to,const SSL *from);
1393 1549
1394SSL_SESSION *SSL_SESSION_new(void); 1550SSL_SESSION *SSL_SESSION_new(void);
1395unsigned long SSL_SESSION_hash(const SSL_SESSION *a); 1551const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
1396int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); 1552 unsigned int *len);
1397const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
1398#ifndef OPENSSL_NO_FP_API 1553#ifndef OPENSSL_NO_FP_API
1399int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); 1554int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
1400#endif 1555#endif
@@ -1454,6 +1609,9 @@ int SSL_set_purpose(SSL *s, int purpose);
1454int SSL_CTX_set_trust(SSL_CTX *s, int trust); 1609int SSL_CTX_set_trust(SSL_CTX *s, int trust);
1455int SSL_set_trust(SSL *s, int trust); 1610int SSL_set_trust(SSL *s, int trust);
1456 1611
1612int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
1613int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
1614
1457void SSL_free(SSL *ssl); 1615void SSL_free(SSL *ssl);
1458int SSL_accept(SSL *ssl); 1616int SSL_accept(SSL *ssl);
1459int SSL_connect(SSL *ssl); 1617int SSL_connect(SSL *ssl);
@@ -1469,27 +1627,29 @@ int SSL_get_error(const SSL *s,int ret_code);
1469const char *SSL_get_version(const SSL *s); 1627const char *SSL_get_version(const SSL *s);
1470 1628
1471/* This sets the 'default' SSL version that SSL_new() will create */ 1629/* This sets the 'default' SSL version that SSL_new() will create */
1472int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); 1630int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
1473 1631
1474SSL_METHOD *SSLv2_method(void); /* SSLv2 */ 1632#ifndef OPENSSL_NO_SSL2
1475SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ 1633const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
1476SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ 1634const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
1635const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
1636#endif
1477 1637
1478SSL_METHOD *SSLv3_method(void); /* SSLv3 */ 1638const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
1479SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ 1639const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
1480SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ 1640const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
1481 1641
1482SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ 1642const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
1483SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ 1643const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
1484SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ 1644const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
1485 1645
1486SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ 1646const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
1487SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ 1647const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
1488SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ 1648const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
1489 1649
1490SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ 1650const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
1491SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ 1651const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
1492SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ 1652const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
1493 1653
1494STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); 1654STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
1495 1655
@@ -1498,8 +1658,8 @@ int SSL_renegotiate(SSL *s);
1498int SSL_renegotiate_pending(SSL *s); 1658int SSL_renegotiate_pending(SSL *s);
1499int SSL_shutdown(SSL *s); 1659int SSL_shutdown(SSL *s);
1500 1660
1501SSL_METHOD *SSL_get_ssl_method(SSL *s); 1661const SSL_METHOD *SSL_get_ssl_method(SSL *s);
1502int SSL_set_ssl_method(SSL *s,SSL_METHOD *method); 1662int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
1503const char *SSL_alert_type_string_long(int value); 1663const char *SSL_alert_type_string_long(int value);
1504const char *SSL_alert_type_string(int value); 1664const char *SSL_alert_type_string(int value);
1505const char *SSL_alert_desc_string_long(int value); 1665const char *SSL_alert_desc_string_long(int value);
@@ -1519,7 +1679,7 @@ long SSL_get_default_timeout(const SSL *s);
1519 1679
1520int SSL_library_init(void ); 1680int SSL_library_init(void );
1521 1681
1522char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); 1682char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
1523STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); 1683STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
1524 1684
1525SSL *SSL_dup(SSL *ssl); 1685SSL *SSL_dup(SSL *ssl);
@@ -1591,6 +1751,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
1591#define SSL_set_max_cert_list(ssl,m) \ 1751#define SSL_set_max_cert_list(ssl,m) \
1592 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 1752 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
1593 1753
1754#define SSL_CTX_set_max_send_fragment(ctx,m) \
1755 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1756#define SSL_set_max_send_fragment(ssl,m) \
1757 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
1758
1594 /* NB: the keylength is only applicable when is_export is true */ 1759 /* NB: the keylength is only applicable when is_export is true */
1595#ifndef OPENSSL_NO_RSA 1760#ifndef OPENSSL_NO_RSA
1596void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, 1761void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
@@ -1632,6 +1797,15 @@ void *SSL_COMP_get_compression_methods(void);
1632int SSL_COMP_add_compression_method(int id,void *cm); 1797int SSL_COMP_add_compression_method(int id,void *cm);
1633#endif 1798#endif
1634 1799
1800/* TLS extensions functions */
1801int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
1802
1803int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
1804 void *arg);
1805
1806/* Pre-shared secret session resumption functions */
1807int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
1808
1635/* BEGIN ERROR CODES */ 1809/* BEGIN ERROR CODES */
1636/* The following lines are auto generated by the script mkerr.pl. Any changes 1810/* The following lines are auto generated by the script mkerr.pl. Any changes
1637 * made after this point may be overwritten when the script is next run. 1811 * made after this point may be overwritten when the script is next run.
@@ -1649,6 +1823,7 @@ void ERR_load_SSL_strings(void);
1649#define SSL_F_DO_DTLS1_WRITE 245 1823#define SSL_F_DO_DTLS1_WRITE 245
1650#define SSL_F_DO_SSL3_WRITE 104 1824#define SSL_F_DO_SSL3_WRITE 104
1651#define SSL_F_DTLS1_ACCEPT 246 1825#define SSL_F_DTLS1_ACCEPT 246
1826#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295
1652#define SSL_F_DTLS1_BUFFER_RECORD 247 1827#define SSL_F_DTLS1_BUFFER_RECORD 247
1653#define SSL_F_DTLS1_CLIENT_HELLO 248 1828#define SSL_F_DTLS1_CLIENT_HELLO 248
1654#define SSL_F_DTLS1_CONNECT 249 1829#define SSL_F_DTLS1_CONNECT 249
@@ -1657,8 +1832,9 @@ void ERR_load_SSL_strings(void);
1657#define SSL_F_DTLS1_GET_MESSAGE 252 1832#define SSL_F_DTLS1_GET_MESSAGE 252
1658#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 1833#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
1659#define SSL_F_DTLS1_GET_RECORD 254 1834#define SSL_F_DTLS1_GET_RECORD 254
1835#define SSL_F_DTLS1_HANDLE_TIMEOUT 297
1660#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 1836#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
1661#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 1837#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
1662#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 1838#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
1663#define SSL_F_DTLS1_PROCESS_RECORD 257 1839#define SSL_F_DTLS1_PROCESS_RECORD 257
1664#define SSL_F_DTLS1_READ_BYTES 258 1840#define SSL_F_DTLS1_READ_BYTES 258
@@ -1702,6 +1878,7 @@ void ERR_load_SSL_strings(void);
1702#define SSL_F_SSL2_SET_CERTIFICATE 126 1878#define SSL_F_SSL2_SET_CERTIFICATE 126
1703#define SSL_F_SSL2_WRITE 127 1879#define SSL_F_SSL2_WRITE 127
1704#define SSL_F_SSL3_ACCEPT 128 1880#define SSL_F_SSL3_ACCEPT 128
1881#define SSL_F_SSL3_ADD_CERT_TO_BUF 296
1705#define SSL_F_SSL3_CALLBACK_CTRL 233 1882#define SSL_F_SSL3_CALLBACK_CTRL 233
1706#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 1883#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
1707#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 1884#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
@@ -1709,11 +1886,12 @@ void ERR_load_SSL_strings(void);
1709#define SSL_F_SSL3_CONNECT 132 1886#define SSL_F_SSL3_CONNECT 132
1710#define SSL_F_SSL3_CTRL 213 1887#define SSL_F_SSL3_CTRL 213
1711#define SSL_F_SSL3_CTX_CTRL 133 1888#define SSL_F_SSL3_CTX_CTRL 133
1712#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 1889#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
1890#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
1713#define SSL_F_SSL3_ENC 134 1891#define SSL_F_SSL3_ENC 134
1714#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 1892#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
1715#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 1893#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
1716#define SSL_F_SSL3_GET_CERT_STATUS 288 1894#define SSL_F_SSL3_GET_CERT_STATUS 289
1717#define SSL_F_SSL3_GET_CERT_VERIFY 136 1895#define SSL_F_SSL3_GET_CERT_VERIFY 136
1718#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 1896#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
1719#define SSL_F_SSL3_GET_CLIENT_HELLO 138 1897#define SSL_F_SSL3_GET_CLIENT_HELLO 138
@@ -1726,7 +1904,8 @@ void ERR_load_SSL_strings(void);
1726#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 1904#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
1727#define SSL_F_SSL3_GET_SERVER_DONE 145 1905#define SSL_F_SSL3_GET_SERVER_DONE 145
1728#define SSL_F_SSL3_GET_SERVER_HELLO 146 1906#define SSL_F_SSL3_GET_SERVER_HELLO 146
1729#define SSL_F_SSL3_NEW_SESSION_TICKET 284 1907#define SSL_F_SSL3_HANDSHAKE_MAC 285
1908#define SSL_F_SSL3_NEW_SESSION_TICKET 287
1730#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 1909#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
1731#define SSL_F_SSL3_PEEK 235 1910#define SSL_F_SSL3_PEEK 235
1732#define SSL_F_SSL3_READ_BYTES 148 1911#define SSL_F_SSL3_READ_BYTES 148
@@ -1738,14 +1917,17 @@ void ERR_load_SSL_strings(void);
1738#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 1917#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
1739#define SSL_F_SSL3_SEND_SERVER_HELLO 242 1918#define SSL_F_SSL3_SEND_SERVER_HELLO 242
1740#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 1919#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
1741#define SSL_F_SSL3_SETUP_BUFFERS 156
1742#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 1920#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
1921#define SSL_F_SSL3_SETUP_READ_BUFFER 156
1922#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291
1743#define SSL_F_SSL3_WRITE_BYTES 158 1923#define SSL_F_SSL3_WRITE_BYTES 158
1744#define SSL_F_SSL3_WRITE_PENDING 159 1924#define SSL_F_SSL3_WRITE_PENDING 159
1745#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 1925#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
1926#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
1746#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 1927#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
1747#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 1928#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
1748#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 1929#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299
1930#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278
1749#define SSL_F_SSL_BAD_METHOD 160 1931#define SSL_F_SSL_BAD_METHOD 160
1750#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 1932#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
1751#define SSL_F_SSL_CERT_DUP 221 1933#define SSL_F_SSL_CERT_DUP 221
@@ -1753,7 +1935,8 @@ void ERR_load_SSL_strings(void);
1753#define SSL_F_SSL_CERT_INSTANTIATE 214 1935#define SSL_F_SSL_CERT_INSTANTIATE 214
1754#define SSL_F_SSL_CERT_NEW 162 1936#define SSL_F_SSL_CERT_NEW 162
1755#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 1937#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
1756#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 1938#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280
1939#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279
1757#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 1940#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
1758#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 1941#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
1759#define SSL_F_SSL_CLEAR 164 1942#define SSL_F_SSL_CLEAR 164
@@ -1763,7 +1946,7 @@ void ERR_load_SSL_strings(void);
1763#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 1946#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1764#define SSL_F_SSL_CTX_NEW 169 1947#define SSL_F_SSL_CTX_NEW 169
1765#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 1948#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1766#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 1949#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290
1767#define SSL_F_SSL_CTX_SET_PURPOSE 226 1950#define SSL_F_SSL_CTX_SET_PURPOSE 226
1768#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 1951#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1769#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 1952#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
@@ -1775,6 +1958,7 @@ void ERR_load_SSL_strings(void);
1775#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 1958#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
1776#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 1959#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
1777#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 1960#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
1961#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272
1778#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 1962#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
1779#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 1963#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
1780#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 1964#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
@@ -1786,9 +1970,13 @@ void ERR_load_SSL_strings(void);
1786#define SSL_F_SSL_INIT_WBIO_BUFFER 184 1970#define SSL_F_SSL_INIT_WBIO_BUFFER 184
1787#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 1971#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
1788#define SSL_F_SSL_NEW 186 1972#define SSL_F_SSL_NEW 186
1973#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300
1974#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302
1975#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301
1976#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303
1789#define SSL_F_SSL_PEEK 270 1977#define SSL_F_SSL_PEEK 270
1790#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 1978#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281
1791#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 1979#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282
1792#define SSL_F_SSL_READ 223 1980#define SSL_F_SSL_READ 223
1793#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 1981#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
1794#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 1982#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
@@ -1803,6 +1991,7 @@ void ERR_load_SSL_strings(void);
1803#define SSL_F_SSL_SET_RFD 194 1991#define SSL_F_SSL_SET_RFD 194
1804#define SSL_F_SSL_SET_SESSION 195 1992#define SSL_F_SSL_SET_SESSION 195
1805#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 1993#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
1994#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
1806#define SSL_F_SSL_SET_TRUST 228 1995#define SSL_F_SSL_SET_TRUST 228
1807#define SSL_F_SSL_SET_WFD 196 1996#define SSL_F_SSL_SET_WFD 196
1808#define SSL_F_SSL_SHUTDOWN 224 1997#define SSL_F_SSL_SHUTDOWN 224
@@ -1815,13 +2004,19 @@ void ERR_load_SSL_strings(void);
1815#define SSL_F_SSL_USE_PRIVATEKEY 201 2004#define SSL_F_SSL_USE_PRIVATEKEY 201
1816#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 2005#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
1817#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 2006#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
2007#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273
1818#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 2008#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
1819#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 2009#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
1820#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 2010#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
1821#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 2011#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
1822#define SSL_F_SSL_WRITE 208 2012#define SSL_F_SSL_WRITE 208
2013#define SSL_F_TLS1_CERT_VERIFY_MAC 286
1823#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 2014#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
2015#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
1824#define SSL_F_TLS1_ENC 210 2016#define SSL_F_TLS1_ENC 210
2017#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
2018#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
2019#define SSL_F_TLS1_PRF 284
1825#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 2020#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
1826#define SSL_F_WRITE_PENDING 212 2021#define SSL_F_WRITE_PENDING 212
1827 2022
@@ -1842,12 +2037,15 @@ void ERR_load_SSL_strings(void);
1842#define SSL_R_BAD_ECC_CERT 304 2037#define SSL_R_BAD_ECC_CERT 304
1843#define SSL_R_BAD_ECDSA_SIGNATURE 305 2038#define SSL_R_BAD_ECDSA_SIGNATURE 305
1844#define SSL_R_BAD_ECPOINT 306 2039#define SSL_R_BAD_ECPOINT 306
2040#define SSL_R_BAD_HANDSHAKE_LENGTH 332
1845#define SSL_R_BAD_HELLO_REQUEST 105 2041#define SSL_R_BAD_HELLO_REQUEST 105
1846#define SSL_R_BAD_LENGTH 271 2042#define SSL_R_BAD_LENGTH 271
1847#define SSL_R_BAD_MAC_DECODE 113 2043#define SSL_R_BAD_MAC_DECODE 113
2044#define SSL_R_BAD_MAC_LENGTH 333
1848#define SSL_R_BAD_MESSAGE_TYPE 114 2045#define SSL_R_BAD_MESSAGE_TYPE 114
1849#define SSL_R_BAD_PACKET_LENGTH 115 2046#define SSL_R_BAD_PACKET_LENGTH 115
1850#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 2047#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
2048#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316
1851#define SSL_R_BAD_RESPONSE_ARGUMENT 117 2049#define SSL_R_BAD_RESPONSE_ARGUMENT 117
1852#define SSL_R_BAD_RSA_DECRYPT 118 2050#define SSL_R_BAD_RSA_DECRYPT 118
1853#define SSL_R_BAD_RSA_ENCRYPT 119 2051#define SSL_R_BAD_RSA_ENCRYPT 119
@@ -1871,8 +2069,9 @@ void ERR_load_SSL_strings(void);
1871#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 2069#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
1872#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 2070#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
1873#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 2071#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
1874#define SSL_R_CLIENTHELLO_TLSEXT 157 2072#define SSL_R_CLIENTHELLO_TLSEXT 226
1875#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 2073#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
2074#define SSL_R_COMPRESSION_DISABLED 343
1876#define SSL_R_COMPRESSION_FAILURE 141 2075#define SSL_R_COMPRESSION_FAILURE 141
1877#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 2076#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
1878#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 2077#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
@@ -1885,7 +2084,12 @@ void ERR_load_SSL_strings(void);
1885#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 2084#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
1886#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 2085#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
1887#define SSL_R_DIGEST_CHECK_FAILED 149 2086#define SSL_R_DIGEST_CHECK_FAILED 149
2087#define SSL_R_DTLS_MESSAGE_TOO_BIG 334
1888#define SSL_R_DUPLICATE_COMPRESSION_ID 309 2088#define SSL_R_DUPLICATE_COMPRESSION_ID 309
2089#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317
2090#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
2091#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
2092#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
1889#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 2093#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
1890#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 2094#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
1891#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 2095#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
@@ -1896,11 +2100,13 @@ void ERR_load_SSL_strings(void);
1896#define SSL_R_HTTPS_PROXY_REQUEST 155 2100#define SSL_R_HTTPS_PROXY_REQUEST 155
1897#define SSL_R_HTTP_REQUEST 156 2101#define SSL_R_HTTP_REQUEST 156
1898#define SSL_R_ILLEGAL_PADDING 283 2102#define SSL_R_ILLEGAL_PADDING 283
2103#define SSL_R_INCONSISTENT_COMPRESSION 340
1899#define SSL_R_INVALID_CHALLENGE_LENGTH 158 2104#define SSL_R_INVALID_CHALLENGE_LENGTH 158
1900#define SSL_R_INVALID_COMMAND 280 2105#define SSL_R_INVALID_COMMAND 280
2106#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
1901#define SSL_R_INVALID_PURPOSE 278 2107#define SSL_R_INVALID_PURPOSE 278
1902#define SSL_R_INVALID_STATUS_RESPONSE 316 2108#define SSL_R_INVALID_STATUS_RESPONSE 328
1903#define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 2109#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
1904#define SSL_R_INVALID_TRUST 279 2110#define SSL_R_INVALID_TRUST 279
1905#define SSL_R_KEY_ARG_TOO_LONG 284 2111#define SSL_R_KEY_ARG_TOO_LONG 284
1906#define SSL_R_KRB5 285 2112#define SSL_R_KRB5 285
@@ -1944,22 +2150,27 @@ void ERR_load_SSL_strings(void);
1944#define SSL_R_NO_CIPHERS_SPECIFIED 183 2150#define SSL_R_NO_CIPHERS_SPECIFIED 183
1945#define SSL_R_NO_CIPHER_LIST 184 2151#define SSL_R_NO_CIPHER_LIST 184
1946#define SSL_R_NO_CIPHER_MATCH 185 2152#define SSL_R_NO_CIPHER_MATCH 185
1947#define SSL_R_NO_CLIENT_CERT_METHOD 317 2153#define SSL_R_NO_CLIENT_CERT_METHOD 331
1948#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 2154#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
1949#define SSL_R_NO_COMPRESSION_SPECIFIED 187 2155#define SSL_R_NO_COMPRESSION_SPECIFIED 187
2156#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
1950#define SSL_R_NO_METHOD_SPECIFIED 188 2157#define SSL_R_NO_METHOD_SPECIFIED 188
1951#define SSL_R_NO_PRIVATEKEY 189 2158#define SSL_R_NO_PRIVATEKEY 189
1952#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 2159#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
1953#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 2160#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
1954#define SSL_R_NO_PUBLICKEY 192 2161#define SSL_R_NO_PUBLICKEY 192
2162#define SSL_R_NO_RENEGOTIATION 339
2163#define SSL_R_NO_REQUIRED_DIGEST 324
1955#define SSL_R_NO_SHARED_CIPHER 193 2164#define SSL_R_NO_SHARED_CIPHER 193
1956#define SSL_R_NO_VERIFY_CALLBACK 194 2165#define SSL_R_NO_VERIFY_CALLBACK 194
1957#define SSL_R_NULL_SSL_CTX 195 2166#define SSL_R_NULL_SSL_CTX 195
1958#define SSL_R_NULL_SSL_METHOD_PASSED 196 2167#define SSL_R_NULL_SSL_METHOD_PASSED 196
1959#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 2168#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
2169#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
1960#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 2170#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
2171#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327
1961#define SSL_R_PACKET_LENGTH_TOO_LONG 198 2172#define SSL_R_PACKET_LENGTH_TOO_LONG 198
1962#define SSL_R_PARSE_TLSEXT 223 2173#define SSL_R_PARSE_TLSEXT 227
1963#define SSL_R_PATH_TOO_LONG 270 2174#define SSL_R_PATH_TOO_LONG 270
1964#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 2175#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
1965#define SSL_R_PEER_ERROR 200 2176#define SSL_R_PEER_ERROR 200
@@ -1970,6 +2181,9 @@ void ERR_load_SSL_strings(void);
1970#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 2181#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
1971#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 2182#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
1972#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 2183#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
2184#define SSL_R_PSK_IDENTITY_NOT_FOUND 223
2185#define SSL_R_PSK_NO_CLIENT_CB 224
2186#define SSL_R_PSK_NO_SERVER_CB 225
1973#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 2187#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
1974#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 2188#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
1975#define SSL_R_PUBLIC_KEY_NOT_RSA 210 2189#define SSL_R_PUBLIC_KEY_NOT_RSA 210
@@ -1979,18 +2193,24 @@ void ERR_load_SSL_strings(void);
1979#define SSL_R_RECORD_LENGTH_MISMATCH 213 2193#define SSL_R_RECORD_LENGTH_MISMATCH 213
1980#define SSL_R_RECORD_TOO_LARGE 214 2194#define SSL_R_RECORD_TOO_LARGE 214
1981#define SSL_R_RECORD_TOO_SMALL 298 2195#define SSL_R_RECORD_TOO_SMALL 298
2196#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335
2197#define SSL_R_RENEGOTIATION_ENCODING_ERR 336
2198#define SSL_R_RENEGOTIATION_MISMATCH 337
1982#define SSL_R_REQUIRED_CIPHER_MISSING 215 2199#define SSL_R_REQUIRED_CIPHER_MISSING 215
2200#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342
1983#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 2201#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
1984#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 2202#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
1985#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 2203#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
1986#define SSL_R_SERVERHELLO_TLSEXT 224 2204#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
2205#define SSL_R_SERVERHELLO_TLSEXT 275
1987#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 2206#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
1988#define SSL_R_SHORT_READ 219 2207#define SSL_R_SHORT_READ 219
1989#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 2208#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1990#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 2209#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1991#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 2210#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
1992#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 2211#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
1993#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 2212#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
2213#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
1994#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 2214#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
1995#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 2215#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1996#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 2216#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
@@ -2024,8 +2244,13 @@ void ERR_load_SSL_strings(void);
2024#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 2244#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
2025#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 2245#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
2026#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 2246#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
2247#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
2248#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
2249#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
2250#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
2251#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
2027#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 2252#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
2028#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 2253#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
2029#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 2254#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
2030#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 2255#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
2031#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 2256#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
@@ -2052,8 +2277,10 @@ void ERR_load_SSL_strings(void);
2052#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 2277#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
2053#define SSL_R_UNKNOWN_SSL_VERSION 254 2278#define SSL_R_UNKNOWN_SSL_VERSION 254
2054#define SSL_R_UNKNOWN_STATE 255 2279#define SSL_R_UNKNOWN_STATE 255
2280#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338
2055#define SSL_R_UNSUPPORTED_CIPHER 256 2281#define SSL_R_UNSUPPORTED_CIPHER 256
2056#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 2282#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
2283#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326
2057#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 2284#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
2058#define SSL_R_UNSUPPORTED_PROTOCOL 258 2285#define SSL_R_UNSUPPORTED_PROTOCOL 258
2059#define SSL_R_UNSUPPORTED_SSL_VERSION 259 2286#define SSL_R_UNSUPPORTED_SSL_VERSION 259
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 20:04:47 +0000