summaryrefslogtreecommitdiff
path: root/src/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl')
-rw-r--r--src/lib/libssl/LICENSE2
-rw-r--r--src/lib/libssl/s23_clnt.c225
-rw-r--r--src/lib/libssl/s23_srvr.c9
-rw-r--r--src/lib/libssl/s3_clnt.c6
-rw-r--r--src/lib/libssl/s3_lib.c12
-rw-r--r--src/lib/libssl/s3_srvr.c4
-rw-r--r--src/lib/libssl/ssl.h57
-rw-r--r--src/lib/libssl/ssl_asn1.c2
-rw-r--r--src/lib/libssl/ssl_cert.c16
-rw-r--r--src/lib/libssl/ssl_ciph.c64
-rw-r--r--src/lib/libssl/ssl_err.c745
-rw-r--r--src/lib/libssl/ssl_lib.c38
-rw-r--r--src/lib/libssl/ssl_locl.h5
-rw-r--r--src/lib/libssl/ssl_sess.c4
14 files changed, 650 insertions, 539 deletions
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
index 40277883a5..e6afecc724 100644
--- a/src/lib/libssl/LICENSE
+++ b/src/lib/libssl/LICENSE
@@ -12,7 +12,7 @@
12 --------------- 12 ---------------
13 13
14/* ==================================================================== 14/* ====================================================================
15 * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. 15 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
16 * 16 *
17 * Redistribution and use in source and binary forms, with or without 17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions 18 * modification, are permitted provided that the following conditions
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 779e94a35c..86356731ea 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -106,7 +106,7 @@ SSL_METHOD *SSLv23_client_method(void)
106int ssl23_connect(SSL *s) 106int ssl23_connect(SSL *s)
107 { 107 {
108 BUF_MEM *buf=NULL; 108 BUF_MEM *buf=NULL;
109 unsigned long Time=time(NULL); 109 unsigned long Time=(unsigned long)time(NULL);
110 void (*cb)(const SSL *ssl,int type,int val)=NULL; 110 void (*cb)(const SSL *ssl,int type,int val)=NULL;
111 int ret= -1; 111 int ret= -1;
112 int new_state,state; 112 int new_state,state;
@@ -220,9 +220,28 @@ static int ssl23_client_hello(SSL *s)
220 { 220 {
221 unsigned char *buf; 221 unsigned char *buf;
222 unsigned char *p,*d; 222 unsigned char *p,*d;
223 int i,ch_len; 223 int i,j,ch_len;
224 unsigned long Time,l;
225 int ssl2_compat;
226 int version = 0, version_major, version_minor;
227 SSL_COMP *comp;
224 int ret; 228 int ret;
225 229
230 ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
231
232 if (!(s->options & SSL_OP_NO_TLSv1))
233 {
234 version = TLS1_VERSION;
235 }
236 else if (!(s->options & SSL_OP_NO_SSLv3))
237 {
238 version = SSL3_VERSION;
239 }
240 else if (!(s->options & SSL_OP_NO_SSLv2))
241 {
242 version = SSL2_VERSION;
243 }
244
226 buf=(unsigned char *)s->init_buf->data; 245 buf=(unsigned char *)s->init_buf->data;
227 if (s->state == SSL23_ST_CW_CLNT_HELLO_A) 246 if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
228 { 247 {
@@ -235,19 +254,15 @@ static int ssl23_client_hello(SSL *s)
235#endif 254#endif
236 255
237 p=s->s3->client_random; 256 p=s->s3->client_random;
238 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE) <= 0) 257 Time=(unsigned long)time(NULL); /* Time */
239 return -1; 258 l2n(Time,p);
240 259 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
241 /* Do the message type and length last */ 260 return -1;
242 d= &(buf[2]);
243 p=d+9;
244 261
245 *(d++)=SSL2_MT_CLIENT_HELLO; 262 if (version == TLS1_VERSION)
246 if (!(s->options & SSL_OP_NO_TLSv1))
247 { 263 {
248 *(d++)=TLS1_VERSION_MAJOR; 264 version_major = TLS1_VERSION_MAJOR;
249 *(d++)=TLS1_VERSION_MINOR; 265 version_minor = TLS1_VERSION_MINOR;
250 s->client_version=TLS1_VERSION;
251 } 266 }
252#ifdef OPENSSL_FIPS 267#ifdef OPENSSL_FIPS
253 else if(FIPS_mode()) 268 else if(FIPS_mode())
@@ -257,17 +272,15 @@ static int ssl23_client_hello(SSL *s)
257 return -1; 272 return -1;
258 } 273 }
259#endif 274#endif
260 else if (!(s->options & SSL_OP_NO_SSLv3)) 275 else if (version == SSL3_VERSION)
261 { 276 {
262 *(d++)=SSL3_VERSION_MAJOR; 277 version_major = SSL3_VERSION_MAJOR;
263 *(d++)=SSL3_VERSION_MINOR; 278 version_minor = SSL3_VERSION_MINOR;
264 s->client_version=SSL3_VERSION;
265 } 279 }
266 else if (!(s->options & SSL_OP_NO_SSLv2)) 280 else if (version == SSL2_VERSION)
267 { 281 {
268 *(d++)=SSL2_VERSION_MAJOR; 282 version_major = SSL2_VERSION_MAJOR;
269 *(d++)=SSL2_VERSION_MINOR; 283 version_minor = SSL2_VERSION_MINOR;
270 s->client_version=SSL2_VERSION;
271 } 284 }
272 else 285 else
273 { 286 {
@@ -275,59 +288,153 @@ static int ssl23_client_hello(SSL *s)
275 return(-1); 288 return(-1);
276 } 289 }
277 290
278 /* Ciphers supported */ 291 s->client_version = version;
279 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p); 292
280 if (i == 0) 293 if (ssl2_compat)
281 { 294 {
282 /* no ciphers */ 295 /* create SSL 2.0 compatible Client Hello */
283 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 296
284 return(-1); 297 /* two byte record header will be written last */
285 } 298 d = &(buf[2]);
286 s2n(i,d); 299 p = d + 9; /* leave space for message type, version, individual length fields */
287 p+=i;
288 300
289 /* put in the session-id, zero since there is no 301 *(d++) = SSL2_MT_CLIENT_HELLO;
290 * reuse. */ 302 *(d++) = version_major;
303 *(d++) = version_minor;
304
305 /* Ciphers supported */
306 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
307 if (i == 0)
308 {
309 /* no ciphers */
310 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
311 return -1;
312 }
313 s2n(i,d);
314 p+=i;
315
316 /* put in the session-id length (zero since there is no reuse) */
291#if 0 317#if 0
292 s->session->session_id_length=0; 318 s->session->session_id_length=0;
293#endif 319#endif
294 s2n(0,d); 320 s2n(0,d);
295 321
296 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) 322 if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
297 ch_len=SSL2_CHALLENGE_LENGTH; 323 ch_len=SSL2_CHALLENGE_LENGTH;
324 else
325 ch_len=SSL2_MAX_CHALLENGE_LENGTH;
326
327 /* write out sslv2 challenge */
328 if (SSL3_RANDOM_SIZE < ch_len)
329 i=SSL3_RANDOM_SIZE;
330 else
331 i=ch_len;
332 s2n(i,d);
333 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
334 if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
335 return -1;
336
337 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
338 p+=i;
339
340 i= p- &(buf[2]);
341 buf[0]=((i>>8)&0xff)|0x80;
342 buf[1]=(i&0xff);
343
344 /* number of bytes to write */
345 s->init_num=i+2;
346 s->init_off=0;
347
348 ssl3_finish_mac(s,&(buf[2]),i);
349 }
298 else 350 else
299 ch_len=SSL2_MAX_CHALLENGE_LENGTH; 351 {
352 /* create Client Hello in SSL 3.0/TLS 1.0 format */
300 353
301 /* write out sslv2 challenge */ 354 /* do the record header (5 bytes) and handshake message header (4 bytes) last */
302 if (SSL3_RANDOM_SIZE < ch_len) 355 d = p = &(buf[9]);
303 i=SSL3_RANDOM_SIZE; 356
304 else 357 *(p++) = version_major;
305 i=ch_len; 358 *(p++) = version_minor;
306 s2n(i,d); 359
307 memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); 360 /* Random stuff */
308 if(RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) 361 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
309 return -1; 362 p += SSL3_RANDOM_SIZE;
363
364 /* Session ID (zero since there is no reuse) */
365 *(p++) = 0;
366
367 /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
368 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
369 if (i == 0)
370 {
371 SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
372 return -1;
373 }
374 s2n(i,p);
375 p+=i;
376
377 /* COMPRESSION */
378 if (s->ctx->comp_methods == NULL)
379 j=0;
380 else
381 j=sk_SSL_COMP_num(s->ctx->comp_methods);
382 *(p++)=1+j;
383 for (i=0; i<j; i++)
384 {
385 comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
386 *(p++)=comp->id;
387 }
388 *(p++)=0; /* Add the NULL method */
389
390 l = p-d;
391 *p = 42;
310 392
311 memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); 393 /* fill in 4-byte handshake header */
312 p+=i; 394 d=&(buf[5]);
395 *(d++)=SSL3_MT_CLIENT_HELLO;
396 l2n3(l,d);
313 397
314 i= p- &(buf[2]); 398 l += 4;
315 buf[0]=((i>>8)&0xff)|0x80; 399
316 buf[1]=(i&0xff); 400 if (l > SSL3_RT_MAX_PLAIN_LENGTH)
401 {
402 SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
403 return -1;
404 }
405
406 /* fill in 5-byte record header */
407 d=buf;
408 *(d++) = SSL3_RT_HANDSHAKE;
409 *(d++) = version_major;
410 *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
411 * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
412 s2n((int)l,d);
413
414 /* number of bytes to write */
415 s->init_num=p-buf;
416 s->init_off=0;
417
418 ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
419 }
317 420
318 s->state=SSL23_ST_CW_CLNT_HELLO_B; 421 s->state=SSL23_ST_CW_CLNT_HELLO_B;
319 /* number of bytes to write */
320 s->init_num=i+2;
321 s->init_off=0; 422 s->init_off=0;
322
323 ssl3_finish_mac(s,&(buf[2]),i);
324 } 423 }
325 424
326 /* SSL3_ST_CW_CLNT_HELLO_B */ 425 /* SSL3_ST_CW_CLNT_HELLO_B */
327 ret = ssl23_write_bytes(s); 426 ret = ssl23_write_bytes(s);
328 if (ret >= 2) 427
329 if (s->msg_callback) 428 if ((ret >= 2) && s->msg_callback)
330 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ 429 {
430 /* Client Hello has been sent; tell msg_callback */
431
432 if (ssl2_compat)
433 s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
434 else
435 s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
436 }
437
331 return ret; 438 return ret;
332 } 439 }
333 440
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 92f3391f60..b73abc448f 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -158,7 +158,7 @@ SSL_METHOD *SSLv23_server_method(void)
158int ssl23_accept(SSL *s) 158int ssl23_accept(SSL *s)
159 { 159 {
160 BUF_MEM *buf; 160 BUF_MEM *buf;
161 unsigned long Time=time(NULL); 161 unsigned long Time=(unsigned long)time(NULL);
162 void (*cb)(const SSL *ssl,int type,int val)=NULL; 162 void (*cb)(const SSL *ssl,int type,int val)=NULL;
163 int ret= -1; 163 int ret= -1;
164 int new_state,state; 164 int new_state,state;
@@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s)
268 int n=0,j; 268 int n=0,j;
269 int type=0; 269 int type=0;
270 int v[2]; 270 int v[2];
271#ifndef OPENSSL_NO_RSA
272 int use_sslv2_strong=0;
273#endif
274 271
275 if (s->state == SSL23_ST_SR_CLNT_HELLO_A) 272 if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
276 { 273 {
@@ -528,9 +525,7 @@ int ssl23_get_client_hello(SSL *s)
528 } 525 }
529 526
530 s->state=SSL2_ST_GET_CLIENT_HELLO_A; 527 s->state=SSL2_ST_GET_CLIENT_HELLO_A;
531 if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || 528 if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
532 use_sslv2_strong ||
533 (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
534 s->s2->ssl2_rollback=0; 529 s->s2->ssl2_rollback=0;
535 else 530 else
536 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 531 /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 0969476b25..05194fdb31 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -165,7 +165,7 @@ SSL_METHOD *SSLv3_client_method(void)
165int ssl3_connect(SSL *s) 165int ssl3_connect(SSL *s)
166 { 166 {
167 BUF_MEM *buf=NULL; 167 BUF_MEM *buf=NULL;
168 unsigned long Time=time(NULL),l; 168 unsigned long Time=(unsigned long)time(NULL),l;
169 long num1; 169 long num1;
170 void (*cb)(const SSL *ssl,int type,int val)=NULL; 170 void (*cb)(const SSL *ssl,int type,int val)=NULL;
171 int ret= -1; 171 int ret= -1;
@@ -533,7 +533,7 @@ static int ssl3_client_hello(SSL *s)
533 /* else use the pre-loaded session */ 533 /* else use the pre-loaded session */
534 534
535 p=s->s3->client_random; 535 p=s->s3->client_random;
536 Time=time(NULL); /* Time */ 536 Time=(unsigned long)time(NULL); /* Time */
537 l2n(Time,p); 537 l2n(Time,p);
538 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 538 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
539 goto err; 539 goto err;
@@ -567,7 +567,7 @@ static int ssl3_client_hello(SSL *s)
567 } 567 }
568 568
569 /* Ciphers supported */ 569 /* Ciphers supported */
570 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2])); 570 i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
571 if (i == 0) 571 if (i == 0)
572 { 572 {
573 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); 573 SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 9bf1dbec06..a77588e725 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -835,7 +835,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
835 TLS1_TXT_RSA_WITH_AES_128_SHA, 835 TLS1_TXT_RSA_WITH_AES_128_SHA,
836 TLS1_CK_RSA_WITH_AES_128_SHA, 836 TLS1_CK_RSA_WITH_AES_128_SHA,
837 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 837 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
838 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 838 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
839 0, 839 0,
840 128, 840 128,
841 128, 841 128,
@@ -848,7 +848,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
848 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 848 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
849 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 849 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
850 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 850 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
851 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 851 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
852 0, 852 0,
853 128, 853 128,
854 128, 854 128,
@@ -861,7 +861,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
861 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 861 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
862 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 862 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
863 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 863 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
864 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 864 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
865 0, 865 0,
866 128, 866 128,
867 128, 867 128,
@@ -874,7 +874,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
874 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 874 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
875 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 875 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
876 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 876 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
877 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 877 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
878 0, 878 0,
879 128, 879 128,
880 128, 880 128,
@@ -887,7 +887,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
887 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 887 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
888 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 888 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
889 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 889 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
890 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 890 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
891 0, 891 0,
892 128, 892 128,
893 128, 893 128,
@@ -900,7 +900,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
900 TLS1_TXT_ADH_WITH_AES_128_SHA, 900 TLS1_TXT_ADH_WITH_AES_128_SHA,
901 TLS1_CK_ADH_WITH_AES_128_SHA, 901 TLS1_CK_ADH_WITH_AES_128_SHA,
902 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 902 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
903 SSL_NOT_EXP|SSL_MEDIUM|SSL_FIPS, 903 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
904 0, 904 0,
905 128, 905 128,
906 128, 906 128,
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index c4a1a71523..36fc39d7f8 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -173,7 +173,7 @@ SSL_METHOD *SSLv3_server_method(void)
173int ssl3_accept(SSL *s) 173int ssl3_accept(SSL *s)
174 { 174 {
175 BUF_MEM *buf; 175 BUF_MEM *buf;
176 unsigned long l,Time=time(NULL); 176 unsigned long l,Time=(unsigned long)time(NULL);
177 void (*cb)(const SSL *ssl,int type,int val)=NULL; 177 void (*cb)(const SSL *ssl,int type,int val)=NULL;
178 long num1; 178 long num1;
179 int ret= -1; 179 int ret= -1;
@@ -954,7 +954,7 @@ static int ssl3_send_server_hello(SSL *s)
954 { 954 {
955 buf=(unsigned char *)s->init_buf->data; 955 buf=(unsigned char *)s->init_buf->data;
956 p=s->s3->server_random; 956 p=s->s3->server_random;
957 Time=time(NULL); /* Time */ 957 Time=(unsigned long)time(NULL); /* Time */
958 l2n(Time,p); 958 l2n(Time,p);
959 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0) 959 if(RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
960 return -1; 960 return -1;
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 3161f532cf..99e188086b 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -467,7 +467,7 @@ typedef struct ssl_session_st
467#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 467#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
468#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L 468#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
469#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 469#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
470#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L 470#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
471#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L 471#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
472#define SSL_OP_TLS_D5_BUG 0x00000100L 472#define SSL_OP_TLS_D5_BUG 0x00000100L
473#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L 473#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
@@ -1567,6 +1567,7 @@ void ERR_load_SSL_strings(void);
1567#define SSL_F_SSL_CTRL 232 1567#define SSL_F_SSL_CTRL 232
1568#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 1568#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1569#define SSL_F_SSL_CTX_NEW 169 1569#define SSL_F_SSL_CTX_NEW 169
1570#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1570#define SSL_F_SSL_CTX_SET_PURPOSE 226 1571#define SSL_F_SSL_CTX_SET_PURPOSE 226
1571#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 1572#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1572#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 1573#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
@@ -1596,6 +1597,7 @@ void ERR_load_SSL_strings(void);
1596#define SSL_F_SSL_SESSION_PRINT_FP 190 1597#define SSL_F_SSL_SESSION_PRINT_FP 190
1597#define SSL_F_SSL_SESS_CERT_NEW 225 1598#define SSL_F_SSL_SESS_CERT_NEW 225
1598#define SSL_F_SSL_SET_CERT 191 1599#define SSL_F_SSL_SET_CERT 191
1600#define SSL_F_SSL_SET_CIPHER_LIST 271
1599#define SSL_F_SSL_SET_FD 192 1601#define SSL_F_SSL_SET_FD 192
1600#define SSL_F_SSL_SET_PKEY 193 1602#define SSL_F_SSL_SET_PKEY 193
1601#define SSL_F_SSL_SET_PURPOSE 227 1603#define SSL_F_SSL_SET_PURPOSE 227
@@ -1674,40 +1676,39 @@ void ERR_load_SSL_strings(void);
1674#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 1676#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
1675#define SSL_R_DATA_LENGTH_TOO_LONG 146 1677#define SSL_R_DATA_LENGTH_TOO_LONG 146
1676#define SSL_R_DECRYPTION_FAILED 147 1678#define SSL_R_DECRYPTION_FAILED 147
1677#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 1679#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
1678#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 1680#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
1679#define SSL_R_DIGEST_CHECK_FAILED 149 1681#define SSL_R_DIGEST_CHECK_FAILED 149
1680#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 1682#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
1681#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 1683#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
1682#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 1684#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
1683#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 1685#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
1684#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 1686#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
1685#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 1687#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
1686#define SSL_R_HTTPS_PROXY_REQUEST 155 1688#define SSL_R_HTTPS_PROXY_REQUEST 155
1687#define SSL_R_HTTP_REQUEST 156 1689#define SSL_R_HTTP_REQUEST 156
1688#define SSL_R_ILLEGAL_PADDING 1110 1690#define SSL_R_ILLEGAL_PADDING 283
1689#define SSL_R_INVALID_CHALLENGE_LENGTH 158 1691#define SSL_R_INVALID_CHALLENGE_LENGTH 158
1690#define SSL_R_INVALID_COMMAND 280 1692#define SSL_R_INVALID_COMMAND 280
1691#define SSL_R_INVALID_PURPOSE 278 1693#define SSL_R_INVALID_PURPOSE 278
1692#define SSL_R_INVALID_TRUST 279 1694#define SSL_R_INVALID_TRUST 279
1693#define SSL_R_KEY_ARG_TOO_LONG 1112 1695#define SSL_R_KEY_ARG_TOO_LONG 284
1694#define SSL_R_KRB5 1104 1696#define SSL_R_KRB5 285
1695#define SSL_R_KRB5_C_CC_PRINC 1094 1697#define SSL_R_KRB5_C_CC_PRINC 286
1696#define SSL_R_KRB5_C_GET_CRED 1095 1698#define SSL_R_KRB5_C_GET_CRED 287
1697#define SSL_R_KRB5_C_INIT 1096 1699#define SSL_R_KRB5_C_INIT 288
1698#define SSL_R_KRB5_C_MK_REQ 1097 1700#define SSL_R_KRB5_C_MK_REQ 289
1699#define SSL_R_KRB5_S_BAD_TICKET 1098 1701#define SSL_R_KRB5_S_BAD_TICKET 290
1700#define SSL_R_KRB5_S_INIT 1099 1702#define SSL_R_KRB5_S_INIT 291
1701#define SSL_R_KRB5_S_RD_REQ 1108 1703#define SSL_R_KRB5_S_RD_REQ 292
1702#define SSL_R_KRB5_S_TKT_EXPIRED 1105 1704#define SSL_R_KRB5_S_TKT_EXPIRED 293
1703#define SSL_R_KRB5_S_TKT_NYV 1106 1705#define SSL_R_KRB5_S_TKT_NYV 294
1704#define SSL_R_KRB5_S_TKT_SKEW 1107 1706#define SSL_R_KRB5_S_TKT_SKEW 295
1705#define SSL_R_LENGTH_MISMATCH 159 1707#define SSL_R_LENGTH_MISMATCH 159
1706#define SSL_R_LENGTH_TOO_SHORT 160 1708#define SSL_R_LENGTH_TOO_SHORT 160
1707#define SSL_R_LIBRARY_BUG 274 1709#define SSL_R_LIBRARY_BUG 274
1708#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 1710#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
1709#define SSL_R_MASTER_KEY_TOO_LONG 1112 1711#define SSL_R_MESSAGE_TOO_LONG 296
1710#define SSL_R_MESSAGE_TOO_LONG 1111
1711#define SSL_R_MISSING_DH_DSA_CERT 162 1712#define SSL_R_MISSING_DH_DSA_CERT 162
1712#define SSL_R_MISSING_DH_KEY 163 1713#define SSL_R_MISSING_DH_KEY 163
1713#define SSL_R_MISSING_DH_RSA_CERT 164 1714#define SSL_R_MISSING_DH_RSA_CERT 164
@@ -1744,7 +1745,7 @@ void ERR_load_SSL_strings(void);
1744#define SSL_R_NULL_SSL_CTX 195 1745#define SSL_R_NULL_SSL_CTX 195
1745#define SSL_R_NULL_SSL_METHOD_PASSED 196 1746#define SSL_R_NULL_SSL_METHOD_PASSED 196
1746#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 1747#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
1747#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 1115 1748#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
1748#define SSL_R_PACKET_LENGTH_TOO_LONG 198 1749#define SSL_R_PACKET_LENGTH_TOO_LONG 198
1749#define SSL_R_PATH_TOO_LONG 270 1750#define SSL_R_PATH_TOO_LONG 270
1750#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 1751#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
@@ -1763,7 +1764,7 @@ void ERR_load_SSL_strings(void);
1763#define SSL_R_READ_WRONG_PACKET_TYPE 212 1764#define SSL_R_READ_WRONG_PACKET_TYPE 212
1764#define SSL_R_RECORD_LENGTH_MISMATCH 213 1765#define SSL_R_RECORD_LENGTH_MISMATCH 213
1765#define SSL_R_RECORD_TOO_LARGE 214 1766#define SSL_R_RECORD_TOO_LARGE 214
1766#define SSL_R_RECORD_TOO_SMALL 1093 1767#define SSL_R_RECORD_TOO_SMALL 298
1767#define SSL_R_REQUIRED_CIPHER_MISSING 215 1768#define SSL_R_REQUIRED_CIPHER_MISSING 215
1768#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 1769#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
1769#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 1770#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
@@ -1772,8 +1773,8 @@ void ERR_load_SSL_strings(void);
1772#define SSL_R_SHORT_READ 219 1773#define SSL_R_SHORT_READ 219
1773#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 1774#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
1774#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 1775#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
1775#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114 1776#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
1776#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113 1777#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
1777#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 1778#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
1778#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 1779#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
1779#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 1780#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
@@ -1784,20 +1785,15 @@ void ERR_load_SSL_strings(void);
1784#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 1785#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
1785#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 1786#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
1786#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 1787#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
1787#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
1788#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
1789#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
1790#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
1791#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 1788#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
1792#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
1793#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 1789#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
1794#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 1790#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
1795#define SSL_R_SSL_HANDSHAKE_FAILURE 229 1791#define SSL_R_SSL_HANDSHAKE_FAILURE 229
1796#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 1792#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
1797#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102 1793#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
1798#define SSL_R_SSL_SESSION_ID_CONFLICT 1103 1794#define SSL_R_SSL_SESSION_ID_CONFLICT 302
1799#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 1795#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
1800#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101 1796#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
1801#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 1797#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
1802#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 1798#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
1803#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 1799#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
@@ -1838,7 +1834,6 @@ void ERR_load_SSL_strings(void);
1838#define SSL_R_UNKNOWN_STATE 255 1834#define SSL_R_UNKNOWN_STATE 255
1839#define SSL_R_UNSUPPORTED_CIPHER 256 1835#define SSL_R_UNSUPPORTED_CIPHER 256
1840#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 1836#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
1841#define SSL_R_UNSUPPORTED_OPTION 1091
1842#define SSL_R_UNSUPPORTED_PROTOCOL 258 1837#define SSL_R_UNSUPPORTED_PROTOCOL 258
1843#define SSL_R_UNSUPPORTED_SSL_VERSION 259 1838#define SSL_R_UNSUPPORTED_SSL_VERSION 259
1844#define SSL_R_WRITE_BIO_NOT_SET 260 1839#define SSL_R_WRITE_BIO_NOT_SET 260
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
index 4d5900ad2f..fc5fcce108 100644
--- a/src/lib/libssl/ssl_asn1.c
+++ b/src/lib/libssl/ssl_asn1.c
@@ -344,7 +344,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char * const *pp,
344 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; 344 OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
345 } 345 }
346 else 346 else
347 ret->time=time(NULL); 347 ret->time=(unsigned long)time(NULL);
348 348
349 ai.length=0; 349 ai.length=0;
350 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2); 350 M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index b8b9bc2390..b779e6bb4d 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -616,14 +616,13 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
616 BIO *in; 616 BIO *in;
617 X509 *x=NULL; 617 X509 *x=NULL;
618 X509_NAME *xn=NULL; 618 X509_NAME *xn=NULL;
619 STACK_OF(X509_NAME) *ret,*sk; 619 STACK_OF(X509_NAME) *ret = NULL,*sk;
620 620
621 ret=sk_X509_NAME_new_null();
622 sk=sk_X509_NAME_new(xname_cmp); 621 sk=sk_X509_NAME_new(xname_cmp);
623 622
624 in=BIO_new(BIO_s_file_internal()); 623 in=BIO_new(BIO_s_file_internal());
625 624
626 if ((ret == NULL) || (sk == NULL) || (in == NULL)) 625 if ((sk == NULL) || (in == NULL))
627 { 626 {
628 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE); 627 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
629 goto err; 628 goto err;
@@ -636,6 +635,15 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
636 { 635 {
637 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) 636 if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
638 break; 637 break;
638 if (ret == NULL)
639 {
640 ret = sk_X509_NAME_new_null();
641 if (ret == NULL)
642 {
643 SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
644 goto err;
645 }
646 }
639 if ((xn=X509_get_subject_name(x)) == NULL) goto err; 647 if ((xn=X509_get_subject_name(x)) == NULL) goto err;
640 /* check for duplicates */ 648 /* check for duplicates */
641 xn=X509_NAME_dup(xn); 649 xn=X509_NAME_dup(xn);
@@ -658,6 +666,8 @@ err:
658 if (sk != NULL) sk_X509_NAME_free(sk); 666 if (sk != NULL) sk_X509_NAME_free(sk);
659 if (in != NULL) BIO_free(in); 667 if (in != NULL) BIO_free(in);
660 if (x != NULL) X509_free(x); 668 if (x != NULL) X509_free(x);
669 if (ret != NULL)
670 ERR_clear_error();
661 return(ret); 671 return(ret);
662 } 672 }
663#endif 673#endif
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index b68ed81e52..3df5e2fa80 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -700,9 +700,18 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
700 if (!found) 700 if (!found)
701 break; /* ignore this entry */ 701 break; /* ignore this entry */
702 702
703 algorithms |= ca_list[j]->algorithms; 703 /* New algorithms:
704 * 1 - any old restrictions apply outside new mask
705 * 2 - any new restrictions apply outside old mask
706 * 3 - enforce old & new where masks intersect
707 */
708 algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
709 (ca_list[j]->algorithms & ~mask) | /* 2 */
710 (algorithms & ca_list[j]->algorithms); /* 3 */
704 mask |= ca_list[j]->mask; 711 mask |= ca_list[j]->mask;
705 algo_strength |= ca_list[j]->algo_strength; 712 algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
713 (ca_list[j]->algo_strength & ~mask_strength) |
714 (algo_strength & ca_list[j]->algo_strength);
706 mask_strength |= ca_list[j]->mask_strength; 715 mask_strength |= ca_list[j]->mask_strength;
707 716
708 if (!multi) break; 717 if (!multi) break;
@@ -756,7 +765,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
756 { 765 {
757 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; 766 int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
758 unsigned long disabled_mask; 767 unsigned long disabled_mask;
759 STACK_OF(SSL_CIPHER) *cipherstack; 768 STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
760 const char *rule_p; 769 const char *rule_p;
761 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; 770 CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
762 SSL_CIPHER **ca_list = NULL; 771 SSL_CIPHER **ca_list = NULL;
@@ -764,7 +773,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
764 /* 773 /*
765 * Return with error if nothing to do. 774 * Return with error if nothing to do.
766 */ 775 */
767 if (rule_str == NULL) return(NULL); 776 if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
777 return NULL;
768 778
769 if (init_ciphers) 779 if (init_ciphers)
770 { 780 {
@@ -875,46 +885,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
875 } 885 }
876 OPENSSL_free(co_list); /* Not needed any longer */ 886 OPENSSL_free(co_list); /* Not needed any longer */
877 887
878 /* 888 tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
879 * The following passage is a little bit odd. If pointer variables 889 if (tmp_cipher_list == NULL)
880 * were supplied to hold STACK_OF(SSL_CIPHER) return information,
881 * the old memory pointed to is free()ed. Then, however, the
882 * cipher_list entry will be assigned just a copy of the returned
883 * cipher stack. For cipher_list_by_id a copy of the cipher stack
884 * will be created. See next comment...
885 */
886 if (cipher_list != NULL)
887 {
888 if (*cipher_list != NULL)
889 sk_SSL_CIPHER_free(*cipher_list);
890 *cipher_list = cipherstack;
891 }
892
893 if (cipher_list_by_id != NULL)
894 {
895 if (*cipher_list_by_id != NULL)
896 sk_SSL_CIPHER_free(*cipher_list_by_id);
897 *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack);
898 }
899
900 /*
901 * Now it is getting really strange. If something failed during
902 * the previous pointer assignment or if one of the pointers was
903 * not requested, the error condition is met. That might be
904 * discussable. The strange thing is however that in this case
905 * the memory "ret" pointed to is "free()ed" and hence the pointer
906 * cipher_list becomes wild. The memory reserved for
907 * cipher_list_by_id however is not "free()ed" and stays intact.
908 */
909 if ( (cipher_list_by_id == NULL) ||
910 (*cipher_list_by_id == NULL) ||
911 (cipher_list == NULL) ||
912 (*cipher_list == NULL))
913 { 890 {
914 sk_SSL_CIPHER_free(cipherstack); 891 sk_SSL_CIPHER_free(cipherstack);
915 return(NULL); 892 return NULL;
916 } 893 }
917 894 if (*cipher_list != NULL)
895 sk_SSL_CIPHER_free(*cipher_list);
896 *cipher_list = cipherstack;
897 if (*cipher_list_by_id != NULL)
898 sk_SSL_CIPHER_free(*cipher_list_by_id);
899 *cipher_list_by_id = tmp_cipher_list;
918 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); 900 sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
919 901
920 return(cipherstack); 902 return(cipherstack);
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 29b8ff4788..4bcf591298 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -64,384 +64,383 @@
64 64
65/* BEGIN ERROR CODES */ 65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
70
67static ERR_STRING_DATA SSL_str_functs[]= 71static ERR_STRING_DATA SSL_str_functs[]=
68 { 72 {
69{ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, 73{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
70{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0), "CLIENT_FINISHED"}, 74{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
71{ERR_PACK(0,SSL_F_CLIENT_HELLO,0), "CLIENT_HELLO"}, 75{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
72{ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0), "CLIENT_MASTER_KEY"}, 76{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
73{ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0), "d2i_SSL_SESSION"}, 77{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
74{ERR_PACK(0,SSL_F_DO_SSL3_WRITE,0), "DO_SSL3_WRITE"}, 78{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
75{ERR_PACK(0,SSL_F_GET_CLIENT_FINISHED,0), "GET_CLIENT_FINISHED"}, 79{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
76{ERR_PACK(0,SSL_F_GET_CLIENT_HELLO,0), "GET_CLIENT_HELLO"}, 80{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
77{ERR_PACK(0,SSL_F_GET_CLIENT_MASTER_KEY,0), "GET_CLIENT_MASTER_KEY"}, 81{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
78{ERR_PACK(0,SSL_F_GET_SERVER_FINISHED,0), "GET_SERVER_FINISHED"}, 82{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
79{ERR_PACK(0,SSL_F_GET_SERVER_HELLO,0), "GET_SERVER_HELLO"}, 83{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
80{ERR_PACK(0,SSL_F_GET_SERVER_VERIFY,0), "GET_SERVER_VERIFY"}, 84{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
81{ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0), "i2d_SSL_SESSION"}, 85{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
82{ERR_PACK(0,SSL_F_READ_N,0), "READ_N"}, 86{ERR_FUNC(SSL_F_READ_N), "READ_N"},
83{ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0), "REQUEST_CERTIFICATE"}, 87{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
84{ERR_PACK(0,SSL_F_SERVER_FINISH,0), "SERVER_FINISH"}, 88{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
85{ERR_PACK(0,SSL_F_SERVER_HELLO,0), "SERVER_HELLO"}, 89{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
86{ERR_PACK(0,SSL_F_SERVER_VERIFY,0), "SERVER_VERIFY"}, 90{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
87{ERR_PACK(0,SSL_F_SSL23_ACCEPT,0), "SSL23_ACCEPT"}, 91{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
88{ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0), "SSL23_CLIENT_HELLO"}, 92{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
89{ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, 93{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
90{ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"}, 94{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
91{ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"}, 95{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
92{ERR_PACK(0,SSL_F_SSL23_PEEK,0), "SSL23_PEEK"}, 96{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
93{ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"}, 97{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
94{ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"}, 98{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
95{ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, 99{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
96{ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, 100{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
97{ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, 101{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
98{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0), "SSL2_GENERATE_KEY_MATERIAL"}, 102{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
99{ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, 103{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
100{ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, 104{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
101{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, 105{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
102{ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, 106{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
103{ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, 107{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
104{ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"}, 108{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
105{ERR_PACK(0,SSL_F_SSL3_CALLBACK_CTRL,0), "SSL3_CALLBACK_CTRL"}, 109{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
106{ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"}, 110{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
107{ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"}, 111{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
108{ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"}, 112{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
109{ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"}, 113{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
110{ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"}, 114{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
111{ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"}, 115{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
112{ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"}, 116{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
113{ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0), "SSL3_GENERATE_KEY_BLOCK"}, 117{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
114{ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"}, 118{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
115{ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"}, 119{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
116{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"}, 120{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
117{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_HELLO,0), "SSL3_GET_CLIENT_HELLO"}, 121{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
118{ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,0), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, 122{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
119{ERR_PACK(0,SSL_F_SSL3_GET_FINISHED,0), "SSL3_GET_FINISHED"}, 123{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
120{ERR_PACK(0,SSL_F_SSL3_GET_KEY_EXCHANGE,0), "SSL3_GET_KEY_EXCHANGE"}, 124{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
121{ERR_PACK(0,SSL_F_SSL3_GET_MESSAGE,0), "SSL3_GET_MESSAGE"}, 125{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
122{ERR_PACK(0,SSL_F_SSL3_GET_RECORD,0), "SSL3_GET_RECORD"}, 126{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
123{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_CERTIFICATE,0), "SSL3_GET_SERVER_CERTIFICATE"}, 127{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
124{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"}, 128{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
125{ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"}, 129{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
126{ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"}, 130{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
127{ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"}, 131{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
128{ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"}, 132{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
129{ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"}, 133{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
130{ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"}, 134{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
131{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,0), "SSL3_SEND_CLIENT_CERTIFICATE"}, 135{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
132{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, 136{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
133{ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0), "SSL3_SEND_CLIENT_VERIFY"}, 137{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
134{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0), "SSL3_SEND_SERVER_CERTIFICATE"}, 138{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
135{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0), "SSL3_SEND_SERVER_HELLO"}, 139{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
136{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0), "SSL3_SEND_SERVER_KEY_EXCHANGE"}, 140{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
137{ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0), "SSL3_SETUP_BUFFERS"}, 141{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"},
138{ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, 142{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
139{ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"}, 143{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
140{ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"}, 144{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
141{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"}, 145{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
142{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"}, 146{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
143{ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"}, 147{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
144{ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"}, 148{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
145{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"}, 149{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
146{ERR_PACK(0,SSL_F_SSL_CERT_INST,0), "SSL_CERT_INST"}, 150{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
147{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0), "SSL_CERT_INSTANTIATE"}, 151{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
148{ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"}, 152{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
149{ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"}, 153{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
150{ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0), "SSL_CIPHER_PROCESS_RULESTR"}, 154{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
151{ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0), "SSL_CIPHER_STRENGTH_SORT"}, 155{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
152{ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"}, 156{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
153{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"}, 157{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
154{ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"}, 158{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
155{ERR_PACK(0,SSL_F_SSL_CTRL,0), "SSL_ctrl"}, 159{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
156{ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"}, 160{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
157{ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"}, 161{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
158{ERR_PACK(0,SSL_F_SSL_CTX_SET_PURPOSE,0), "SSL_CTX_set_purpose"}, 162{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
159{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0), "SSL_CTX_set_session_id_context"}, 163{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
160{ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"}, 164{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
161{ERR_PACK(0,SSL_F_SSL_CTX_SET_TRUST,0), "SSL_CTX_set_trust"}, 165{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
162{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"}, 166{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
163{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"}, 167{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
164{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0), "SSL_CTX_use_certificate_chain_file"}, 168{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
165{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"}, 169{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
166{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"}, 170{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
167{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"}, 171{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
168{ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,0), "SSL_CTX_use_PrivateKey_file"}, 172{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
169{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,0), "SSL_CTX_use_RSAPrivateKey"}, 173{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
170{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,0), "SSL_CTX_use_RSAPrivateKey_ASN1"}, 174{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
171{ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"}, 175{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
172{ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"}, 176{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
173{ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"}, 177{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
174{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0), "SSL_GET_PREV_SESSION"}, 178{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
175{ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"}, 179{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
176{ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"}, 180{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
177{ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"}, 181{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
178{ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"}, 182{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
179{ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"}, 183{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
180{ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"}, 184{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
181{ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"}, 185{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
182{ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"}, 186{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
183{ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"}, 187{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
184{ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"}, 188{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
185{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0), "SSL_SESS_CERT_NEW"}, 189{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
186{ERR_PACK(0,SSL_F_SSL_SET_CERT,0), "SSL_SET_CERT"}, 190{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
187{ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"}, 191{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
188{ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"}, 192{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
189{ERR_PACK(0,SSL_F_SSL_SET_PURPOSE,0), "SSL_set_purpose"}, 193{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
190{ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"}, 194{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
191{ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"}, 195{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
192{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0), "SSL_set_session_id_context"}, 196{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
193{ERR_PACK(0,SSL_F_SSL_SET_TRUST,0), "SSL_set_trust"}, 197{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
194{ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"}, 198{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
195{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"}, 199{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
196{ERR_PACK(0,SSL_F_SSL_UNDEFINED_CONST_FUNCTION,0), "SSL_UNDEFINED_CONST_FUNCTION"}, 200{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
197{ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"}, 201{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
198{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"}, 202{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
199{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"}, 203{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
200{ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_FILE,0), "SSL_use_certificate_file"}, 204{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
201{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY,0), "SSL_use_PrivateKey"}, 205{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
202{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_ASN1,0), "SSL_use_PrivateKey_ASN1"}, 206{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
203{ERR_PACK(0,SSL_F_SSL_USE_PRIVATEKEY_FILE,0), "SSL_use_PrivateKey_file"}, 207{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
204{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"}, 208{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
205{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"}, 209{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
206{ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"}, 210{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
207{ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0), "SSL_VERIFY_CERT_CHAIN"}, 211{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
208{ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"}, 212{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
209{ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"}, 213{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
210{ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"}, 214{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
211{ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0), "TLS1_SETUP_KEY_BLOCK"}, 215{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
212{ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"}, 216{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
217{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
218{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
213{0,NULL} 219{0,NULL}
214 }; 220 };
215 221
216static ERR_STRING_DATA SSL_str_reasons[]= 222static ERR_STRING_DATA SSL_str_reasons[]=
217 { 223 {
218{SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"}, 224{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
219{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"}, 225{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
220{SSL_R_BAD_ALERT_RECORD ,"bad alert record"}, 226{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
221{SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"}, 227{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
222{SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"}, 228{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
223{SSL_R_BAD_CHECKSUM ,"bad checksum"}, 229{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
224{SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"}, 230{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
225{SSL_R_BAD_DECOMPRESSION ,"bad decompression"}, 231{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
226{SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"}, 232{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
227{SSL_R_BAD_DH_PUB_KEY_LENGTH ,"bad dh pub key length"}, 233{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
228{SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"}, 234{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
229{SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"}, 235{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
230{SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"}, 236{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
231{SSL_R_BAD_HELLO_REQUEST ,"bad hello request"}, 237{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
232{SSL_R_BAD_LENGTH ,"bad length"}, 238{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
233{SSL_R_BAD_MAC_DECODE ,"bad mac decode"}, 239{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
234{SSL_R_BAD_MESSAGE_TYPE ,"bad message type"}, 240{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
235{SSL_R_BAD_PACKET_LENGTH ,"bad packet length"}, 241{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
236{SSL_R_BAD_PROTOCOL_VERSION_NUMBER ,"bad protocol version number"}, 242{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
237{SSL_R_BAD_RESPONSE_ARGUMENT ,"bad response argument"}, 243{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
238{SSL_R_BAD_RSA_DECRYPT ,"bad rsa decrypt"}, 244{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
239{SSL_R_BAD_RSA_ENCRYPT ,"bad rsa encrypt"}, 245{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
240{SSL_R_BAD_RSA_E_LENGTH ,"bad rsa e length"}, 246{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
241{SSL_R_BAD_RSA_MODULUS_LENGTH ,"bad rsa modulus length"}, 247{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
242{SSL_R_BAD_RSA_SIGNATURE ,"bad rsa signature"}, 248{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
243{SSL_R_BAD_SIGNATURE ,"bad signature"}, 249{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
244{SSL_R_BAD_SSL_FILETYPE ,"bad ssl filetype"}, 250{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
245{SSL_R_BAD_SSL_SESSION_ID_LENGTH ,"bad ssl session id length"}, 251{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
246{SSL_R_BAD_STATE ,"bad state"}, 252{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
247{SSL_R_BAD_WRITE_RETRY ,"bad write retry"}, 253{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
248{SSL_R_BIO_NOT_SET ,"bio not set"}, 254{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
249{SSL_R_BLOCK_CIPHER_PAD_IS_WRONG ,"block cipher pad is wrong"}, 255{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
250{SSL_R_BN_LIB ,"bn lib"}, 256{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
251{SSL_R_CA_DN_LENGTH_MISMATCH ,"ca dn length mismatch"}, 257{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
252{SSL_R_CA_DN_TOO_LONG ,"ca dn too long"}, 258{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
253{SSL_R_CCS_RECEIVED_EARLY ,"ccs received early"}, 259{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
254{SSL_R_CERTIFICATE_VERIFY_FAILED ,"certificate verify failed"}, 260{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
255{SSL_R_CERT_LENGTH_MISMATCH ,"cert length mismatch"}, 261{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
256{SSL_R_CHALLENGE_IS_DIFFERENT ,"challenge is different"}, 262{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
257{SSL_R_CIPHER_CODE_WRONG_LENGTH ,"cipher code wrong length"}, 263{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
258{SSL_R_CIPHER_OR_HASH_UNAVAILABLE ,"cipher or hash unavailable"}, 264{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
259{SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"}, 265{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
260{SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"}, 266{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
261{SSL_R_COMPRESSION_FAILURE ,"compression failure"}, 267{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
262{SSL_R_COMPRESSION_LIBRARY_ERROR ,"compression library error"}, 268{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
263{SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"}, 269{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
264{SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"}, 270{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
265{SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"}, 271{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
266{SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"}, 272{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
267{SSL_R_DECRYPTION_FAILED ,"decryption failed"}, 273{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
268{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"}, 274{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
269{SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, 275{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
270{SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, 276{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
271{SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, 277{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
272{SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"}, 278{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
273{SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"}, 279{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
274{SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"}, 280{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
275{SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"}, 281{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
276{SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"}, 282{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
277{SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"}, 283{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
278{SSL_R_HTTP_REQUEST ,"http request"}, 284{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
279{SSL_R_ILLEGAL_PADDING ,"illegal padding"}, 285{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
280{SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"}, 286{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
281{SSL_R_INVALID_COMMAND ,"invalid command"}, 287{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
282{SSL_R_INVALID_PURPOSE ,"invalid purpose"}, 288{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
283{SSL_R_INVALID_TRUST ,"invalid trust"}, 289{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
284{SSL_R_KEY_ARG_TOO_LONG ,"key arg too long"}, 290{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
285{SSL_R_KRB5 ,"krb5"}, 291{ERR_REASON(SSL_R_KRB5) ,"krb5"},
286{SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"}, 292{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
287{SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"}, 293{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
288{SSL_R_KRB5_C_INIT ,"krb5 client init"}, 294{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
289{SSL_R_KRB5_C_MK_REQ ,"krb5 client mk_req (expired tkt?)"}, 295{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
290{SSL_R_KRB5_S_BAD_TICKET ,"krb5 server bad ticket"}, 296{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
291{SSL_R_KRB5_S_INIT ,"krb5 server init"}, 297{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
292{SSL_R_KRB5_S_RD_REQ ,"krb5 server rd_req (keytab perms?)"}, 298{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
293{SSL_R_KRB5_S_TKT_EXPIRED ,"krb5 server tkt expired"}, 299{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
294{SSL_R_KRB5_S_TKT_NYV ,"krb5 server tkt not yet valid"}, 300{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
295{SSL_R_KRB5_S_TKT_SKEW ,"krb5 server tkt skew"}, 301{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
296{SSL_R_LENGTH_MISMATCH ,"length mismatch"}, 302{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
297{SSL_R_LENGTH_TOO_SHORT ,"length too short"}, 303{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
298{SSL_R_LIBRARY_BUG ,"library bug"}, 304{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
299{SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, 305{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
300{SSL_R_MASTER_KEY_TOO_LONG ,"master key too long"}, 306{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
301{SSL_R_MESSAGE_TOO_LONG ,"message too long"}, 307{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
302{SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, 308{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
303{SSL_R_MISSING_DH_KEY ,"missing dh key"}, 309{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
304{SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"}, 310{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
305{SSL_R_MISSING_DSA_SIGNING_CERT ,"missing dsa signing cert"}, 311{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
306{SSL_R_MISSING_EXPORT_TMP_DH_KEY ,"missing export tmp dh key"}, 312{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
307{SSL_R_MISSING_EXPORT_TMP_RSA_KEY ,"missing export tmp rsa key"}, 313{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
308{SSL_R_MISSING_RSA_CERTIFICATE ,"missing rsa certificate"}, 314{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
309{SSL_R_MISSING_RSA_ENCRYPTING_CERT ,"missing rsa encrypting cert"}, 315{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
310{SSL_R_MISSING_RSA_SIGNING_CERT ,"missing rsa signing cert"}, 316{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
311{SSL_R_MISSING_TMP_DH_KEY ,"missing tmp dh key"}, 317{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
312{SSL_R_MISSING_TMP_RSA_KEY ,"missing tmp rsa key"}, 318{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
313{SSL_R_MISSING_TMP_RSA_PKEY ,"missing tmp rsa pkey"}, 319{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
314{SSL_R_MISSING_VERIFY_MESSAGE ,"missing verify message"}, 320{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
315{SSL_R_NON_SSLV2_INITIAL_PACKET ,"non sslv2 initial packet"}, 321{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
316{SSL_R_NO_CERTIFICATES_RETURNED ,"no certificates returned"}, 322{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
317{SSL_R_NO_CERTIFICATE_ASSIGNED ,"no certificate assigned"}, 323{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
318{SSL_R_NO_CERTIFICATE_RETURNED ,"no certificate returned"}, 324{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
319{SSL_R_NO_CERTIFICATE_SET ,"no certificate set"}, 325{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
320{SSL_R_NO_CERTIFICATE_SPECIFIED ,"no certificate specified"}, 326{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
321{SSL_R_NO_CIPHERS_AVAILABLE ,"no ciphers available"}, 327{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
322{SSL_R_NO_CIPHERS_PASSED ,"no ciphers passed"}, 328{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
323{SSL_R_NO_CIPHERS_SPECIFIED ,"no ciphers specified"}, 329{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
324{SSL_R_NO_CIPHER_LIST ,"no cipher list"}, 330{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
325{SSL_R_NO_CIPHER_MATCH ,"no cipher match"}, 331{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
326{SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"}, 332{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
327{SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"}, 333{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
328{SSL_R_NO_METHOD_SPECIFIED ,"no method specified"}, 334{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
329{SSL_R_NO_PRIVATEKEY ,"no privatekey"}, 335{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
330{SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"}, 336{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
331{SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"}, 337{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
332{SSL_R_NO_PUBLICKEY ,"no publickey"}, 338{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
333{SSL_R_NO_SHARED_CIPHER ,"no shared cipher"}, 339{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
334{SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"}, 340{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
335{SSL_R_NULL_SSL_CTX ,"null ssl ctx"}, 341{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
336{SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"}, 342{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
337{SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"}, 343{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
338{SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE ,"only tls allowed in fips mode"}, 344{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
339{SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"}, 345{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
340{SSL_R_PATH_TOO_LONG ,"path too long"}, 346{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
341{SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"}, 347{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
342{SSL_R_PEER_ERROR ,"peer error"}, 348{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
343{SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"}, 349{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
344{SSL_R_PEER_ERROR_NO_CERTIFICATE ,"peer error no certificate"}, 350{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
345{SSL_R_PEER_ERROR_NO_CIPHER ,"peer error no cipher"}, 351{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
346{SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"peer error unsupported certificate type"}, 352{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
347{SSL_R_PRE_MAC_LENGTH_TOO_LONG ,"pre mac length too long"}, 353{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
348{SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS ,"problems mapping cipher functions"}, 354{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
349{SSL_R_PROTOCOL_IS_SHUTDOWN ,"protocol is shutdown"}, 355{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
350{SSL_R_PUBLIC_KEY_ENCRYPT_ERROR ,"public key encrypt error"}, 356{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
351{SSL_R_PUBLIC_KEY_IS_NOT_RSA ,"public key is not rsa"}, 357{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
352{SSL_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, 358{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
353{SSL_R_READ_BIO_NOT_SET ,"read bio not set"}, 359{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
354{SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, 360{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
355{SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, 361{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
356{SSL_R_RECORD_TOO_LARGE ,"record too large"}, 362{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
357{SSL_R_RECORD_TOO_SMALL ,"record too small"}, 363{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
358{SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, 364{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
359{SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, 365{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
360{SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, 366{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
361{SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"}, 367{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
362{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"}, 368{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
363{SSL_R_SHORT_READ ,"short read"}, 369{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
364{SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, 370{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
365{SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, 371{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
366{SSL_R_SSL2_CONNECTION_ID_TOO_LONG ,"ssl2 connection id too long"}, 372{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
367{SSL_R_SSL3_SESSION_ID_TOO_LONG ,"ssl3 session id too long"}, 373{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
368{SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, 374{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
369{SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, 375{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
370{SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, 376{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
371{SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED ,"sslv3 alert certificate expired"}, 377{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
372{SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED ,"sslv3 alert certificate revoked"}, 378{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
373{SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ,"sslv3 alert certificate unknown"}, 379{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
374{SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE ,"sslv3 alert decompression failure"}, 380{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
375{SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ,"sslv3 alert handshake failure"}, 381{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
376{SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER ,"sslv3 alert illegal parameter"}, 382{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
377{SSL_R_SSLV3_ALERT_NO_CERTIFICATE ,"sslv3 alert no certificate"}, 383{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
378{SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE,"sslv3 alert peer error certificate"}, 384{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
379{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE,"sslv3 alert peer error no certificate"}, 385{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
380{SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER ,"sslv3 alert peer error no cipher"}, 386{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
381{SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,"sslv3 alert peer error unsupported certificate type"}, 387{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
382{SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE ,"sslv3 alert unexpected message"}, 388{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
383{SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE,"sslv3 alert unknown remote error type"}, 389{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
384{SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE,"sslv3 alert unsupported certificate"}, 390{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
385{SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"}, 391{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
386{SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"}, 392{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
387{SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"}, 393{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
388{SSL_R_SSL_SESSION_ID_CALLBACK_FAILED ,"ssl session id callback failed"}, 394{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
389{SSL_R_SSL_SESSION_ID_CONFLICT ,"ssl session id conflict"}, 395{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
390{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ,"ssl session id context too long"}, 396{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
391{SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH ,"ssl session id has bad length"}, 397{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
392{SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"}, 398{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
393{SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"}, 399{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
394{SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"}, 400{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
395{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"}, 401{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
396{SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"}, 402{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
397{SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ,"tlsv1 alert export restriction"}, 403{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
398{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"}, 404{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
399{SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"}, 405{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
400{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"}, 406{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
401{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"}, 407{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
402{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"}, 408{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
403{SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"}, 409{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
404{SSL_R_TLSV1_ALERT_USER_CANCELLED ,"tlsv1 alert user cancelled"}, 410{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
405{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"}, 411{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
406{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"}, 412{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
407{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"}, 413{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
408{SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER ,"tried to use unsupported cipher"}, 414{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
409{SSL_R_UNABLE_TO_DECODE_DH_CERTS ,"unable to decode dh certs"}, 415{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
410{SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY ,"unable to extract public key"}, 416{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
411{SSL_R_UNABLE_TO_FIND_DH_PARAMETERS ,"unable to find dh parameters"}, 417{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
412{SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"}, 418{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
413{SSL_R_UNABLE_TO_FIND_SSL_METHOD ,"unable to find ssl method"}, 419{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
414{SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES ,"unable to load ssl2 md5 routines"}, 420{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
415{SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES ,"unable to load ssl3 md5 routines"}, 421{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
416{SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"}, 422{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
417{SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"}, 423{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
418{SSL_R_UNEXPECTED_RECORD ,"unexpected record"}, 424{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
419{SSL_R_UNINITIALIZED ,"uninitialized"}, 425{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
420{SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"}, 426{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
421{SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"}, 427{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
422{SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"}, 428{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
423{SSL_R_UNKNOWN_CIPHER_TYPE ,"unknown cipher type"}, 429{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
424{SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE ,"unknown key exchange type"}, 430{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
425{SSL_R_UNKNOWN_PKEY_TYPE ,"unknown pkey type"}, 431{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
426{SSL_R_UNKNOWN_PROTOCOL ,"unknown protocol"}, 432{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
427{SSL_R_UNKNOWN_REMOTE_ERROR_TYPE ,"unknown remote error type"}, 433{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
428{SSL_R_UNKNOWN_SSL_VERSION ,"unknown ssl version"}, 434{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
429{SSL_R_UNKNOWN_STATE ,"unknown state"}, 435{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
430{SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, 436{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
431{SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"}, 437{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
432{SSL_R_UNSUPPORTED_OPTION ,"unsupported option"}, 438{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
433{SSL_R_UNSUPPORTED_PROTOCOL ,"unsupported protocol"}, 439{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
434{SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"}, 440{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
435{SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"}, 441{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
436{SSL_R_WRONG_CIPHER_RETURNED ,"wrong cipher returned"}, 442{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
437{SSL_R_WRONG_MESSAGE_TYPE ,"wrong message type"}, 443{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
438{SSL_R_WRONG_NUMBER_OF_KEY_BITS ,"wrong number of key bits"},
439{SSL_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
440{SSL_R_WRONG_SIGNATURE_SIZE ,"wrong signature size"},
441{SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"},
442{SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"},
443{SSL_R_X509_LIB ,"x509 lib"},
444{SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ,"x509 verification setup problems"},
445{0,NULL} 444{0,NULL}
446 }; 445 };
447 446
@@ -455,8 +454,8 @@ void ERR_load_SSL_strings(void)
455 { 454 {
456 init=0; 455 init=0;
457#ifndef OPENSSL_NO_ERR 456#ifndef OPENSSL_NO_ERR
458 ERR_load_strings(ERR_LIB_SSL,SSL_str_functs); 457 ERR_load_strings(0,SSL_str_functs);
459 ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons); 458 ERR_load_strings(0,SSL_str_reasons);
460#endif 459#endif
461 460
462 } 461 }
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 631229558f..2bd9a5af86 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -125,7 +125,7 @@
125 125
126const char *SSL_version_str=OPENSSL_VERSION_TEXT; 126const char *SSL_version_str=OPENSSL_VERSION_TEXT;
127 127
128OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ 128SSL3_ENC_METHOD ssl3_undef_enc_method={
129 /* evil casts, but these functions are only called if there's a library bug */ 129 /* evil casts, but these functions are only called if there's a library bug */
130 (int (*)(SSL *,int))ssl_undefined_function, 130 (int (*)(SSL *,int))ssl_undefined_function,
131 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, 131 (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
@@ -1130,8 +1130,21 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
1130 1130
1131 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, 1131 sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
1132 &ctx->cipher_list_by_id,str); 1132 &ctx->cipher_list_by_id,str);
1133/* XXXX */ 1133 /* ssl_create_cipher_list may return an empty stack if it
1134 return((sk == NULL)?0:1); 1134 * was unable to find a cipher matching the given rule string
1135 * (for example if the rule string specifies a cipher which
1136 * has been disabled). This is not an error as far as
1137 * ssl_create_cipher_list is concerned, and hence
1138 * ctx->cipher_list and ctx->cipher_list_by_id has been
1139 * updated. */
1140 if (sk == NULL)
1141 return 0;
1142 else if (sk_SSL_CIPHER_num(sk) == 0)
1143 {
1144 SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1145 return 0;
1146 }
1147 return 1;
1135 } 1148 }
1136 1149
1137/** specify the ciphers to be used by the SSL */ 1150/** specify the ciphers to be used by the SSL */
@@ -1141,8 +1154,15 @@ int SSL_set_cipher_list(SSL *s,const char *str)
1141 1154
1142 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, 1155 sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
1143 &s->cipher_list_by_id,str); 1156 &s->cipher_list_by_id,str);
1144/* XXXX */ 1157 /* see comment in SSL_CTX_set_cipher_list */
1145 return((sk == NULL)?0:1); 1158 if (sk == NULL)
1159 return 0;
1160 else if (sk_SSL_CIPHER_num(sk) == 0)
1161 {
1162 SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
1163 return 0;
1164 }
1165 return 1;
1146 } 1166 }
1147 1167
1148/* works well for SSLv2, not so good for SSLv3 */ 1168/* works well for SSLv2, not so good for SSLv3 */
@@ -1181,7 +1201,8 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
1181 return(buf); 1201 return(buf);
1182 } 1202 }
1183 1203
1184int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p) 1204int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
1205 int (*put_cb)(const SSL_CIPHER *, unsigned char *))
1185 { 1206 {
1186 int i,j=0; 1207 int i,j=0;
1187 SSL_CIPHER *c; 1208 SSL_CIPHER *c;
@@ -1200,7 +1221,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
1200 if ((c->algorithms & SSL_KRB5) && nokrb5) 1221 if ((c->algorithms & SSL_KRB5) && nokrb5)
1201 continue; 1222 continue;
1202#endif /* OPENSSL_NO_KRB5 */ 1223#endif /* OPENSSL_NO_KRB5 */
1203 j=ssl_put_cipher_by_char(s,c,p); 1224
1225 j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
1204 p+=j; 1226 p+=j;
1205 } 1227 }
1206 return(p-q); 1228 return(p-q);
@@ -1694,7 +1716,7 @@ void ssl_update_cache(SSL *s,int mode)
1694 ?s->ctx->stats.sess_connect_good 1716 ?s->ctx->stats.sess_connect_good
1695 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff) 1717 :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
1696 { 1718 {
1697 SSL_CTX_flush_sessions(s->ctx,time(NULL)); 1719 SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));
1698 } 1720 }
1699 } 1721 }
1700 } 1722 }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 25a144a0d0..6a0b7595f4 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -462,7 +462,7 @@ typedef struct ssl3_comp_st
462 COMP_METHOD *method; /* The method :-) */ 462 COMP_METHOD *method; /* The method :-) */
463 } SSL3_COMP; 463 } SSL3_COMP;
464 464
465OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method; 465extern SSL3_ENC_METHOD ssl3_undef_enc_method;
466OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; 466OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
467OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; 467OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
468 468
@@ -493,7 +493,8 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
493 const SSL_CIPHER * const *bp); 493 const SSL_CIPHER * const *bp);
494STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, 494STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
495 STACK_OF(SSL_CIPHER) **skp); 495 STACK_OF(SSL_CIPHER) **skp);
496int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p); 496int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
497 int (*put_cb)(const SSL_CIPHER *, unsigned char *));
497STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, 498STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
498 STACK_OF(SSL_CIPHER) **pref, 499 STACK_OF(SSL_CIPHER) **pref,
499 STACK_OF(SSL_CIPHER) **sorted, 500 STACK_OF(SSL_CIPHER) **sorted,
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 5f12aa361c..2ba8b9612e 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -118,7 +118,7 @@ SSL_SESSION *SSL_SESSION_new(void)
118 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ 118 ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
119 ss->references=1; 119 ss->references=1;
120 ss->timeout=60*5+4; /* 5 minute timeout by default */ 120 ss->timeout=60*5+4; /* 5 minute timeout by default */
121 ss->time=time(NULL); 121 ss->time=(unsigned long)time(NULL);
122 ss->prev=NULL; 122 ss->prev=NULL;
123 ss->next=NULL; 123 ss->next=NULL;
124 ss->compress_meth=0; 124 ss->compress_meth=0;
@@ -377,7 +377,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
377 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); 377 CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
378#endif 378#endif
379 379
380 if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */ 380 if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
381 { 381 {
382 s->ctx->stats.sess_timeout++; 382 s->ctx->stats.sess_timeout++;
383 /* remove it from the cache */ 383 /* remove it from the cache */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 00:51:46 +0000