LTKCPP-- LLRP Toolkit C Plus Plus Library
|
00001 /* ssl/ssl.h */ 00002 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 00003 * All rights reserved. 00004 * 00005 * This package is an SSL implementation written 00006 * by Eric Young (eay@cryptsoft.com). 00007 * The implementation was written so as to conform with Netscapes SSL. 00008 * 00009 * This library is free for commercial and non-commercial use as long as 00010 * the following conditions are aheared to. The following conditions 00011 * apply to all code found in this distribution, be it the RC4, RSA, 00012 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 00013 * included with this distribution is covered by the same copyright terms 00014 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 00015 * 00016 * Copyright remains Eric Young's, and as such any Copyright notices in 00017 * the code are not to be removed. 00018 * If this package is used in a product, Eric Young should be given attribution 00019 * as the author of the parts of the library used. 00020 * This can be in the form of a textual message at program startup or 00021 * in documentation (online or textual) provided with the package. 00022 * 00023 * Redistribution and use in source and binary forms, with or without 00024 * modification, are permitted provided that the following conditions 00025 * are met: 00026 * 1. Redistributions of source code must retain the copyright 00027 * notice, this list of conditions and the following disclaimer. 00028 * 2. Redistributions in binary form must reproduce the above copyright 00029 * notice, this list of conditions and the following disclaimer in the 00030 * documentation and/or other materials provided with the distribution. 00031 * 3. All advertising materials mentioning features or use of this software 00032 * must display the following acknowledgement: 00033 * "This product includes cryptographic software written by 00034 * Eric Young (eay@cryptsoft.com)" 00035 * The word 'cryptographic' can be left out if the rouines from the library 00036 * being used are not cryptographic related :-). 00037 * 4. If you include any Windows specific code (or a derivative thereof) from 00038 * the apps directory (application code) you must include an acknowledgement: 00039 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 00040 * 00041 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 00042 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00043 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00044 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 00045 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00046 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 00047 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00048 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 00049 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 00050 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 00051 * SUCH DAMAGE. 00052 * 00053 * The licence and distribution terms for any publically available version or 00054 * derivative of this code cannot be changed. i.e. this code cannot simply be 00055 * copied and put under another distribution licence 00056 * [including the GNU Public Licence.] 00057 */ 00058 /* ==================================================================== 00059 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. 00060 * 00061 * Redistribution and use in source and binary forms, with or without 00062 * modification, are permitted provided that the following conditions 00063 * are met: 00064 * 00065 * 1. Redistributions of source code must retain the above copyright 00066 * notice, this list of conditions and the following disclaimer. 00067 * 00068 * 2. Redistributions in binary form must reproduce the above copyright 00069 * notice, this list of conditions and the following disclaimer in 00070 * the documentation and/or other materials provided with the 00071 * distribution. 00072 * 00073 * 3. All advertising materials mentioning features or use of this 00074 * software must display the following acknowledgment: 00075 * "This product includes software developed by the OpenSSL Project 00076 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 00077 * 00078 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 00079 * endorse or promote products derived from this software without 00080 * prior written permission. For written permission, please contact 00081 * openssl-core@openssl.org. 00082 * 00083 * 5. Products derived from this software may not be called "OpenSSL" 00084 * nor may "OpenSSL" appear in their names without prior written 00085 * permission of the OpenSSL Project. 00086 * 00087 * 6. Redistributions of any form whatsoever must retain the following 00088 * acknowledgment: 00089 * "This product includes software developed by the OpenSSL Project 00090 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 00091 * 00092 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 00093 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00094 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 00095 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 00096 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00097 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 00098 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 00099 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 00101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 00102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 00103 * OF THE POSSIBILITY OF SUCH DAMAGE. 00104 * ==================================================================== 00105 * 00106 * This product includes cryptographic software written by Eric Young 00107 * (eay@cryptsoft.com). This product includes software written by Tim 00108 * Hudson (tjh@cryptsoft.com). 00109 * 00110 */ 00111 /* ==================================================================== 00112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 00113 * ECC cipher suite support in OpenSSL originally developed by 00114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 00115 */ 00116 /* ==================================================================== 00117 * Copyright 2005 Nokia. All rights reserved. 00118 * 00119 * The portions of the attached software ("Contribution") is developed by 00120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 00121 * license. 00122 * 00123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 00124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 00125 * support (see RFC 4279) to OpenSSL. 00126 * 00127 * No patent licenses or other rights except those expressly stated in 00128 * the OpenSSL open source license shall be deemed granted or received 00129 * expressly, by implication, estoppel, or otherwise. 00130 * 00131 * No assurances are provided by Nokia that the Contribution does not 00132 * infringe the patent or other intellectual property rights of any third 00133 * party or that the license provides you with all the necessary rights 00134 * to make use of the Contribution. 00135 * 00136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 00137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 00138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 00139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 00140 * OTHERWISE. 00141 */ 00142 00143 #ifndef HEADER_SSL_H 00144 # define HEADER_SSL_H 00145 00146 # include <openssl/e_os2.h> 00147 00148 # ifndef OPENSSL_NO_COMP 00149 # include <openssl/comp.h> 00150 # endif 00151 # ifndef OPENSSL_NO_BIO 00152 # include <openssl/bio.h> 00153 # endif 00154 # ifndef OPENSSL_NO_DEPRECATED 00155 # ifndef OPENSSL_NO_X509 00156 # include <openssl/x509.h> 00157 # endif 00158 # include <openssl/crypto.h> 00159 # include <openssl/lhash.h> 00160 # include <openssl/buffer.h> 00161 # endif 00162 # include <openssl/pem.h> 00163 # include <openssl/hmac.h> 00164 00165 # include <openssl/kssl.h> 00166 # include <openssl/safestack.h> 00167 # include <openssl/symhacks.h> 00168 00169 #ifdef __cplusplus 00170 extern "C" { 00171 #endif 00172 00173 /* SSLeay version number for ASN.1 encoding of the session information */ 00174 /*- 00175 * Version 0 - initial version 00176 * Version 1 - added the optional peer certificate 00177 */ 00178 # define SSL_SESSION_ASN1_VERSION 0x0001 00179 00180 /* text strings for the ciphers */ 00181 # define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 00182 # define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 00183 # define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 00184 # define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 00185 # define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 00186 # define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 00187 # define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 00188 # define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA 00189 # define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 00190 # define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA 00191 00192 /* 00193 * VRS Additional Kerberos5 entries 00194 */ 00195 # define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA 00196 # define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA 00197 # define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA 00198 # define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA 00199 # define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 00200 # define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 00201 # define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 00202 # define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 00203 00204 # define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA 00205 # define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA 00206 # define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA 00207 # define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 00208 # define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 00209 # define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 00210 00211 # define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA 00212 # define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 00213 # define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA 00214 # define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 00215 # define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA 00216 # define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 00217 # define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 00218 00219 # define SSL_MAX_SSL_SESSION_ID_LENGTH 32 00220 # define SSL_MAX_SID_CTX_LENGTH 32 00221 00222 # define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) 00223 # define SSL_MAX_KEY_ARG_LENGTH 8 00224 # define SSL_MAX_MASTER_KEY_LENGTH 48 00225 00226 /* These are used to specify which ciphers to use and not to use */ 00227 00228 # define SSL_TXT_EXP40 "EXPORT40" 00229 # define SSL_TXT_EXP56 "EXPORT56" 00230 # define SSL_TXT_LOW "LOW" 00231 # define SSL_TXT_MEDIUM "MEDIUM" 00232 # define SSL_TXT_HIGH "HIGH" 00233 # define SSL_TXT_FIPS "FIPS" 00234 00235 # define SSL_TXT_kFZA "kFZA"/* unused! */ 00236 # define SSL_TXT_aFZA "aFZA"/* unused! */ 00237 # define SSL_TXT_eFZA "eFZA"/* unused! */ 00238 # define SSL_TXT_FZA "FZA"/* unused! */ 00239 00240 # define SSL_TXT_aNULL "aNULL" 00241 # define SSL_TXT_eNULL "eNULL" 00242 # define SSL_TXT_NULL "NULL" 00243 00244 # define SSL_TXT_kRSA "kRSA" 00245 # define SSL_TXT_kDHr "kDHr" 00246 # define SSL_TXT_kDHd "kDHd" 00247 # define SSL_TXT_kDH "kDH" 00248 # define SSL_TXT_kEDH "kEDH" 00249 # define SSL_TXT_kDHE "kDHE"/* alias for kEDH */ 00250 # define SSL_TXT_kKRB5 "kKRB5" 00251 # define SSL_TXT_kECDHr "kECDHr" 00252 # define SSL_TXT_kECDHe "kECDHe" 00253 # define SSL_TXT_kECDH "kECDH" 00254 # define SSL_TXT_kEECDH "kEECDH" 00255 # define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */ 00256 # define SSL_TXT_kPSK "kPSK" 00257 # define SSL_TXT_kGOST "kGOST" 00258 # define SSL_TXT_kSRP "kSRP" 00259 00260 # define SSL_TXT_aRSA "aRSA" 00261 # define SSL_TXT_aDSS "aDSS" 00262 # define SSL_TXT_aDH "aDH" 00263 # define SSL_TXT_aECDH "aECDH" 00264 # define SSL_TXT_aKRB5 "aKRB5" 00265 # define SSL_TXT_aECDSA "aECDSA" 00266 # define SSL_TXT_aPSK "aPSK" 00267 # define SSL_TXT_aGOST94 "aGOST94" 00268 # define SSL_TXT_aGOST01 "aGOST01" 00269 # define SSL_TXT_aGOST "aGOST" 00270 # define SSL_TXT_aSRP "aSRP" 00271 00272 # define SSL_TXT_DSS "DSS" 00273 # define SSL_TXT_DH "DH" 00274 # define SSL_TXT_EDH "EDH"/* same as "kEDH:-ADH" */ 00275 # define SSL_TXT_DHE "DHE"/* alias for EDH */ 00276 # define SSL_TXT_ADH "ADH" 00277 # define SSL_TXT_RSA "RSA" 00278 # define SSL_TXT_ECDH "ECDH" 00279 # define SSL_TXT_EECDH "EECDH"/* same as "kEECDH:-AECDH" */ 00280 # define SSL_TXT_ECDHE "ECDHE"/* alias for ECDHE" */ 00281 # define SSL_TXT_AECDH "AECDH" 00282 # define SSL_TXT_ECDSA "ECDSA" 00283 # define SSL_TXT_KRB5 "KRB5" 00284 # define SSL_TXT_PSK "PSK" 00285 # define SSL_TXT_SRP "SRP" 00286 00287 # define SSL_TXT_DES "DES" 00288 # define SSL_TXT_3DES "3DES" 00289 # define SSL_TXT_RC4 "RC4" 00290 # define SSL_TXT_RC2 "RC2" 00291 # define SSL_TXT_IDEA "IDEA" 00292 # define SSL_TXT_SEED "SEED" 00293 # define SSL_TXT_AES128 "AES128" 00294 # define SSL_TXT_AES256 "AES256" 00295 # define SSL_TXT_AES "AES" 00296 # define SSL_TXT_AES_GCM "AESGCM" 00297 # define SSL_TXT_CAMELLIA128 "CAMELLIA128" 00298 # define SSL_TXT_CAMELLIA256 "CAMELLIA256" 00299 # define SSL_TXT_CAMELLIA "CAMELLIA" 00300 00301 # define SSL_TXT_MD5 "MD5" 00302 # define SSL_TXT_SHA1 "SHA1" 00303 # define SSL_TXT_SHA "SHA"/* same as "SHA1" */ 00304 # define SSL_TXT_GOST94 "GOST94" 00305 # define SSL_TXT_GOST89MAC "GOST89MAC" 00306 # define SSL_TXT_SHA256 "SHA256" 00307 # define SSL_TXT_SHA384 "SHA384" 00308 00309 # define SSL_TXT_SSLV2 "SSLv2" 00310 # define SSL_TXT_SSLV3 "SSLv3" 00311 # define SSL_TXT_TLSV1 "TLSv1" 00312 # define SSL_TXT_TLSV1_1 "TLSv1.1" 00313 # define SSL_TXT_TLSV1_2 "TLSv1.2" 00314 00315 # define SSL_TXT_EXP "EXP" 00316 # define SSL_TXT_EXPORT "EXPORT" 00317 00318 # define SSL_TXT_ALL "ALL" 00319 00320 /*- 00321 * COMPLEMENTOF* definitions. These identifiers are used to (de-select) 00322 * ciphers normally not being used. 00323 * Example: "RC4" will activate all ciphers using RC4 including ciphers 00324 * without authentication, which would normally disabled by DEFAULT (due 00325 * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" 00326 * will make sure that it is also disabled in the specific selection. 00327 * COMPLEMENTOF* identifiers are portable between version, as adjustments 00328 * to the default cipher setup will also be included here. 00329 * 00330 * COMPLEMENTOFDEFAULT does not experience the same special treatment that 00331 * DEFAULT gets, as only selection is being done and no sorting as needed 00332 * for DEFAULT. 00333 */ 00334 # define SSL_TXT_CMPALL "COMPLEMENTOFALL" 00335 # define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" 00336 00337 /* 00338 * The following cipher list is used by default. It also is substituted when 00339 * an application-defined cipher list string starts with 'DEFAULT'. 00340 */ 00341 # define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" 00342 /* 00343 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always 00344 * starts with a reasonable order, and all we have to do for DEFAULT is 00345 * throwing out anonymous and unencrypted ciphersuites! (The latter are not 00346 * actually enabled by ALL, but "ALL:RSA" would enable some of them.) 00347 */ 00348 00349 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ 00350 # define SSL_SENT_SHUTDOWN 1 00351 # define SSL_RECEIVED_SHUTDOWN 2 00352 00353 #ifdef __cplusplus 00354 } 00355 #endif 00356 00357 #ifdef __cplusplus 00358 extern "C" { 00359 #endif 00360 00361 # if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) 00362 # define OPENSSL_NO_SSL2 00363 # endif 00364 00365 # define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 00366 # define SSL_FILETYPE_PEM X509_FILETYPE_PEM 00367 00368 /* 00369 * This is needed to stop compilers complaining about the 'struct ssl_st *' 00370 * function parameters used to prototype callbacks in SSL_CTX. 00371 */ 00372 typedef struct ssl_st *ssl_crock_st; 00373 typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT; 00374 typedef struct ssl_method_st SSL_METHOD; 00375 typedef struct ssl_cipher_st SSL_CIPHER; 00376 typedef struct ssl_session_st SSL_SESSION; 00377 typedef struct tls_sigalgs_st TLS_SIGALGS; 00378 typedef struct ssl_conf_ctx_st SSL_CONF_CTX; 00379 00380 DECLARE_STACK_OF(SSL_CIPHER) 00381 00382 /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ 00383 typedef struct srtp_protection_profile_st { 00384 const char *name; 00385 unsigned long id; 00386 } SRTP_PROTECTION_PROFILE; 00387 00388 DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) 00389 00390 typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, 00391 const unsigned char *data, 00392 int len, void *arg); 00393 typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, 00394 int *secret_len, 00395 STACK_OF(SSL_CIPHER) *peer_ciphers, 00396 SSL_CIPHER **cipher, void *arg); 00397 00398 # ifndef OPENSSL_NO_TLSEXT 00399 00400 /* Typedefs for handling custom extensions */ 00401 00402 typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type, 00403 const unsigned char **out, 00404 size_t *outlen, int *al, void *add_arg); 00405 00406 typedef void (*custom_ext_free_cb) (SSL *s, unsigned int ext_type, 00407 const unsigned char *out, void *add_arg); 00408 00409 typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, 00410 const unsigned char *in, 00411 size_t inlen, int *al, void *parse_arg); 00412 00413 # endif 00414 00415 # ifndef OPENSSL_NO_SSL_INTERN 00416 00417 /* used to hold info on the particular ciphers used */ 00418 struct ssl_cipher_st { 00419 int valid; 00420 const char *name; /* text name */ 00421 unsigned long id; /* id, 4 bytes, first is version */ 00422 /* 00423 * changed in 0.9.9: these four used to be portions of a single value 00424 * 'algorithms' 00425 */ 00426 unsigned long algorithm_mkey; /* key exchange algorithm */ 00427 unsigned long algorithm_auth; /* server authentication */ 00428 unsigned long algorithm_enc; /* symmetric encryption */ 00429 unsigned long algorithm_mac; /* symmetric authentication */ 00430 unsigned long algorithm_ssl; /* (major) protocol version */ 00431 unsigned long algo_strength; /* strength and export flags */ 00432 unsigned long algorithm2; /* Extra flags */ 00433 int strength_bits; /* Number of bits really used */ 00434 int alg_bits; /* Number of bits for algorithm */ 00435 }; 00436 00437 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 00438 struct ssl_method_st { 00439 int version; 00440 int (*ssl_new) (SSL *s); 00441 void (*ssl_clear) (SSL *s); 00442 void (*ssl_free) (SSL *s); 00443 int (*ssl_accept) (SSL *s); 00444 int (*ssl_connect) (SSL *s); 00445 int (*ssl_read) (SSL *s, void *buf, int len); 00446 int (*ssl_peek) (SSL *s, void *buf, int len); 00447 int (*ssl_write) (SSL *s, const void *buf, int len); 00448 int (*ssl_shutdown) (SSL *s); 00449 int (*ssl_renegotiate) (SSL *s); 00450 int (*ssl_renegotiate_check) (SSL *s); 00451 long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long 00452 max, int *ok); 00453 int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, 00454 int peek); 00455 int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); 00456 int (*ssl_dispatch_alert) (SSL *s); 00457 long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); 00458 long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); 00459 const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); 00460 int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); 00461 int (*ssl_pending) (const SSL *s); 00462 int (*num_ciphers) (void); 00463 const SSL_CIPHER *(*get_cipher) (unsigned ncipher); 00464 const struct ssl_method_st *(*get_ssl_method) (int version); 00465 long (*get_timeout) (void); 00466 struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ 00467 int (*ssl_version) (void); 00468 long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); 00469 long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); 00470 }; 00471 00472 /*- 00473 * Lets make this into an ASN.1 type structure as follows 00474 * SSL_SESSION_ID ::= SEQUENCE { 00475 * version INTEGER, -- structure version number 00476 * SSLversion INTEGER, -- SSL version number 00477 * Cipher OCTET STRING, -- the 3 byte cipher ID 00478 * Session_ID OCTET STRING, -- the Session ID 00479 * Master_key OCTET STRING, -- the master key 00480 * KRB5_principal OCTET STRING -- optional Kerberos principal 00481 * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument 00482 * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time 00483 * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds 00484 * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate 00485 * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context 00486 * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' 00487 * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension 00488 * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint 00489 * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity 00490 * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket 00491 * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) 00492 * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method 00493 * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username 00494 * } 00495 * Look in ssl/ssl_asn1.c for more details 00496 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). 00497 */ 00498 struct ssl_session_st { 00499 int ssl_version; /* what ssl version session info is being 00500 * kept in here? */ 00501 /* only really used in SSLv2 */ 00502 unsigned int key_arg_length; 00503 unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; 00504 int master_key_length; 00505 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; 00506 /* session_id - valid? */ 00507 unsigned int session_id_length; 00508 unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; 00509 /* 00510 * this is used to determine whether the session is being reused in the 00511 * appropriate context. It is up to the application to set this, via 00512 * SSL_new 00513 */ 00514 unsigned int sid_ctx_length; 00515 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 00516 # ifndef OPENSSL_NO_KRB5 00517 unsigned int krb5_client_princ_len; 00518 unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; 00519 # endif /* OPENSSL_NO_KRB5 */ 00520 # ifndef OPENSSL_NO_PSK 00521 char *psk_identity_hint; 00522 char *psk_identity; 00523 # endif 00524 /* 00525 * Used to indicate that session resumption is not allowed. Applications 00526 * can also set this bit for a new session via not_resumable_session_cb 00527 * to disable session caching and tickets. 00528 */ 00529 int not_resumable; 00530 /* The cert is the certificate used to establish this connection */ 00531 struct sess_cert_st /* SESS_CERT */ *sess_cert; 00532 /* 00533 * This is the cert for the other end. On clients, it will be the same as 00534 * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is 00535 * not retained in the external representation of sessions, see 00536 * ssl_asn1.c). 00537 */ 00538 X509 *peer; 00539 /* 00540 * when app_verify_callback accepts a session where the peer's 00541 * certificate is not ok, we must remember the error for session reuse: 00542 */ 00543 long verify_result; /* only for servers */ 00544 int references; 00545 long timeout; 00546 long time; 00547 unsigned int compress_meth; /* Need to lookup the method */ 00548 const SSL_CIPHER *cipher; 00549 unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used 00550 * to load the 'cipher' structure */ 00551 STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ 00552 CRYPTO_EX_DATA ex_data; /* application specific data */ 00553 /* 00554 * These are used to make removal of session-ids more efficient and to 00555 * implement a maximum cache size. 00556 */ 00557 struct ssl_session_st *prev, *next; 00558 # ifndef OPENSSL_NO_TLSEXT 00559 char *tlsext_hostname; 00560 # ifndef OPENSSL_NO_EC 00561 size_t tlsext_ecpointformatlist_length; 00562 unsigned char *tlsext_ecpointformatlist; /* peer's list */ 00563 size_t tlsext_ellipticcurvelist_length; 00564 unsigned char *tlsext_ellipticcurvelist; /* peer's list */ 00565 # endif /* OPENSSL_NO_EC */ 00566 /* RFC4507 info */ 00567 unsigned char *tlsext_tick; /* Session ticket */ 00568 size_t tlsext_ticklen; /* Session ticket length */ 00569 long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ 00570 # endif 00571 # ifndef OPENSSL_NO_SRP 00572 char *srp_username; 00573 # endif 00574 }; 00575 00576 # endif 00577 00578 # define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L 00579 # define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L 00580 /* Allow initial connection to servers that don't support RI */ 00581 # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L 00582 # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L 00583 # define SSL_OP_TLSEXT_PADDING 0x00000010L 00584 # define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L 00585 # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L 00586 # define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L 00587 # define SSL_OP_TLS_D5_BUG 0x00000100L 00588 # define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L 00589 00590 /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ 00591 # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 00592 /* Refers to ancient SSLREF and SSLv2, retained for compatibility */ 00593 # define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 00594 00595 /* 00596 * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in 00597 * OpenSSL 0.9.6d. Usually (depending on the application protocol) the 00598 * workaround is not needed. Unfortunately some broken SSL/TLS 00599 * implementations cannot handle it at all, which is why we include it in 00600 * SSL_OP_ALL. 00601 */ 00602 /* added in 0.9.6e */ 00603 # define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L 00604 00605 /* 00606 * SSL_OP_ALL: various bug workarounds that should be rather harmless. This 00607 * used to be 0x000FFFFFL before 0.9.7. 00608 */ 00609 # define SSL_OP_ALL 0x80000BFFL 00610 00611 /* DTLS options */ 00612 # define SSL_OP_NO_QUERY_MTU 0x00001000L 00613 /* Turn on Cookie Exchange (on relevant for servers) */ 00614 # define SSL_OP_COOKIE_EXCHANGE 0x00002000L 00615 /* Don't use RFC4507 ticket extension */ 00616 # define SSL_OP_NO_TICKET 0x00004000L 00617 /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ 00618 # define SSL_OP_CISCO_ANYCONNECT 0x00008000L 00619 00620 /* As server, disallow session resumption on renegotiation */ 00621 # define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L 00622 /* Don't use compression even if supported */ 00623 # define SSL_OP_NO_COMPRESSION 0x00020000L 00624 /* Permit unsafe legacy renegotiation */ 00625 # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L 00626 /* If set, always create a new key when using tmp_ecdh parameters */ 00627 # define SSL_OP_SINGLE_ECDH_USE 0x00080000L 00628 /* If set, always create a new key when using tmp_dh parameters */ 00629 # define SSL_OP_SINGLE_DH_USE 0x00100000L 00630 /* Does nothing: retained for compatibiity */ 00631 # define SSL_OP_EPHEMERAL_RSA 0x0 00632 /* 00633 * Set on servers to choose the cipher according to the server's preferences 00634 */ 00635 # define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L 00636 /* 00637 * If set, a server will allow a client to issue a SSLv3.0 version number as 00638 * latest version supported in the premaster secret, even when TLSv1.0 00639 * (version 3.1) was announced in the client hello. Normally this is 00640 * forbidden to prevent version rollback attacks. 00641 */ 00642 # define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L 00643 00644 # define SSL_OP_NO_SSLv2 0x01000000L 00645 # define SSL_OP_NO_SSLv3 0x02000000L 00646 # define SSL_OP_NO_TLSv1 0x04000000L 00647 # define SSL_OP_NO_TLSv1_2 0x08000000L 00648 # define SSL_OP_NO_TLSv1_1 0x10000000L 00649 00650 # define SSL_OP_NO_DTLSv1 0x04000000L 00651 # define SSL_OP_NO_DTLSv1_2 0x08000000L 00652 00653 # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ 00654 SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) 00655 00656 /* 00657 * These next two were never actually used for anything since SSLeay zap so 00658 * we have some more flags. 00659 */ 00660 /* 00661 * The next flag deliberately changes the ciphertest, this is a check for the 00662 * PKCS#1 attack 00663 */ 00664 # define SSL_OP_PKCS1_CHECK_1 0x0 00665 # define SSL_OP_PKCS1_CHECK_2 0x0 00666 00667 # define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L 00668 # define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L 00669 /* 00670 * Make server add server-hello extension from early version of cryptopro 00671 * draft, when GOST ciphersuite is negotiated. Required for interoperability 00672 * with CryptoPro CSP 3.x 00673 */ 00674 # define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L 00675 00676 /* 00677 * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success 00678 * when just a single record has been written): 00679 */ 00680 # define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L 00681 /* 00682 * Make it possible to retry SSL_write() with changed buffer location (buffer 00683 * contents must stay the same!); this is not the default to avoid the 00684 * misconception that non-blocking SSL_write() behaves like non-blocking 00685 * write(): 00686 */ 00687 # define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L 00688 /* 00689 * Never bother the application with retries if the transport is blocking: 00690 */ 00691 # define SSL_MODE_AUTO_RETRY 0x00000004L 00692 /* Don't attempt to automatically build certificate chain */ 00693 # define SSL_MODE_NO_AUTO_CHAIN 0x00000008L 00694 /* 00695 * Save RAM by releasing read and write buffers when they're empty. (SSL3 and 00696 * TLS only.) "Released" buffers are put onto a free-list in the context or 00697 * just freed (depending on the context's setting for freelist_max_len). 00698 */ 00699 # define SSL_MODE_RELEASE_BUFFERS 0x00000010L 00700 /* 00701 * Send the current time in the Random fields of the ClientHello and 00702 * ServerHello records for compatibility with hypothetical implementations 00703 * that require it. 00704 */ 00705 # define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L 00706 # define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L 00707 /* 00708 * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications 00709 * that reconnect with a downgraded protocol version; see 00710 * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your 00711 * application attempts a normal handshake. Only use this in explicit 00712 * fallback retries, following the guidance in 00713 * draft-ietf-tls-downgrade-scsv-00. 00714 */ 00715 # define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L 00716 00717 /* Cert related flags */ 00718 /* 00719 * Many implementations ignore some aspects of the TLS standards such as 00720 * enforcing certifcate chain algorithms. When this is set we enforce them. 00721 */ 00722 # define SSL_CERT_FLAG_TLS_STRICT 0x00000001L 00723 00724 /* Suite B modes, takes same values as certificate verify flags */ 00725 # define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 00726 /* Suite B 192 bit only mode */ 00727 # define SSL_CERT_FLAG_SUITEB_192_LOS 0x20000 00728 /* Suite B 128 bit mode allowing 192 bit algorithms */ 00729 # define SSL_CERT_FLAG_SUITEB_128_LOS 0x30000 00730 00731 /* Perform all sorts of protocol violations for testing purposes */ 00732 # define SSL_CERT_FLAG_BROKEN_PROTOCOL 0x10000000 00733 00734 /* Flags for building certificate chains */ 00735 /* Treat any existing certificates as untrusted CAs */ 00736 # define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 00737 /* Don't include root CA in chain */ 00738 # define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 00739 /* Just check certificates already there */ 00740 # define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 00741 /* Ignore verification errors */ 00742 # define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 00743 /* Clear verification errors from queue */ 00744 # define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 00745 00746 /* Flags returned by SSL_check_chain */ 00747 /* Certificate can be used with this session */ 00748 # define CERT_PKEY_VALID 0x1 00749 /* Certificate can also be used for signing */ 00750 # define CERT_PKEY_SIGN 0x2 00751 /* EE certificate signing algorithm OK */ 00752 # define CERT_PKEY_EE_SIGNATURE 0x10 00753 /* CA signature algorithms OK */ 00754 # define CERT_PKEY_CA_SIGNATURE 0x20 00755 /* EE certificate parameters OK */ 00756 # define CERT_PKEY_EE_PARAM 0x40 00757 /* CA certificate parameters OK */ 00758 # define CERT_PKEY_CA_PARAM 0x80 00759 /* Signing explicitly allowed as opposed to SHA1 fallback */ 00760 # define CERT_PKEY_EXPLICIT_SIGN 0x100 00761 /* Client CA issuer names match (always set for server cert) */ 00762 # define CERT_PKEY_ISSUER_NAME 0x200 00763 /* Cert type matches client types (always set for server cert) */ 00764 # define CERT_PKEY_CERT_TYPE 0x400 00765 /* Cert chain suitable to Suite B */ 00766 # define CERT_PKEY_SUITEB 0x800 00767 00768 # define SSL_CONF_FLAG_CMDLINE 0x1 00769 # define SSL_CONF_FLAG_FILE 0x2 00770 # define SSL_CONF_FLAG_CLIENT 0x4 00771 # define SSL_CONF_FLAG_SERVER 0x8 00772 # define SSL_CONF_FLAG_SHOW_ERRORS 0x10 00773 # define SSL_CONF_FLAG_CERTIFICATE 0x20 00774 /* Configuration value types */ 00775 # define SSL_CONF_TYPE_UNKNOWN 0x0 00776 # define SSL_CONF_TYPE_STRING 0x1 00777 # define SSL_CONF_TYPE_FILE 0x2 00778 # define SSL_CONF_TYPE_DIR 0x3 00779 00780 /* 00781 * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they 00782 * cannot be used to clear bits. 00783 */ 00784 00785 # define SSL_CTX_set_options(ctx,op) \ 00786 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) 00787 # define SSL_CTX_clear_options(ctx,op) \ 00788 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) 00789 # define SSL_CTX_get_options(ctx) \ 00790 SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) 00791 # define SSL_set_options(ssl,op) \ 00792 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) 00793 # define SSL_clear_options(ssl,op) \ 00794 SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) 00795 # define SSL_get_options(ssl) \ 00796 SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) 00797 00798 # define SSL_CTX_set_mode(ctx,op) \ 00799 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) 00800 # define SSL_CTX_clear_mode(ctx,op) \ 00801 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) 00802 # define SSL_CTX_get_mode(ctx) \ 00803 SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) 00804 # define SSL_clear_mode(ssl,op) \ 00805 SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) 00806 # define SSL_set_mode(ssl,op) \ 00807 SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) 00808 # define SSL_get_mode(ssl) \ 00809 SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) 00810 # define SSL_set_mtu(ssl, mtu) \ 00811 SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) 00812 # define DTLS_set_link_mtu(ssl, mtu) \ 00813 SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL) 00814 # define DTLS_get_link_min_mtu(ssl) \ 00815 SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL) 00816 00817 # define SSL_get_secure_renegotiation_support(ssl) \ 00818 SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) 00819 00820 # ifndef OPENSSL_NO_HEARTBEATS 00821 # define SSL_heartbeat(ssl) \ 00822 SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) 00823 # endif 00824 00825 # define SSL_CTX_set_cert_flags(ctx,op) \ 00826 SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL) 00827 # define SSL_set_cert_flags(s,op) \ 00828 SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL) 00829 # define SSL_CTX_clear_cert_flags(ctx,op) \ 00830 SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) 00831 # define SSL_clear_cert_flags(s,op) \ 00832 SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL) 00833 00834 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, 00835 void (*cb) (int write_p, int version, 00836 int content_type, const void *buf, 00837 size_t len, SSL *ssl, void *arg)); 00838 void SSL_set_msg_callback(SSL *ssl, 00839 void (*cb) (int write_p, int version, 00840 int content_type, const void *buf, 00841 size_t len, SSL *ssl, void *arg)); 00842 # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 00843 # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) 00844 00845 # ifndef OPENSSL_NO_SRP 00846 00847 # ifndef OPENSSL_NO_SSL_INTERN 00848 00849 typedef struct srp_ctx_st { 00850 /* param for all the callbacks */ 00851 void *SRP_cb_arg; 00852 /* set client Hello login callback */ 00853 int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); 00854 /* set SRP N/g param callback for verification */ 00855 int (*SRP_verify_param_callback) (SSL *, void *); 00856 /* set SRP client passwd callback */ 00857 char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); 00858 char *login; 00859 BIGNUM *N, *g, *s, *B, *A; 00860 BIGNUM *a, *b, *v; 00861 char *info; 00862 int strength; 00863 unsigned long srp_Mask; 00864 } SRP_CTX; 00865 00866 # endif 00867 00868 /* see tls_srp.c */ 00869 int SSL_SRP_CTX_init(SSL *s); 00870 int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); 00871 int SSL_SRP_CTX_free(SSL *ctx); 00872 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); 00873 int SSL_srp_server_param_with_username(SSL *s, int *ad); 00874 int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); 00875 int SRP_Calc_A_param(SSL *s); 00876 int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); 00877 00878 # endif 00879 00880 # if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) 00881 # define SSL_MAX_CERT_LIST_DEFAULT 1024*30 00882 /* 30k max cert list :-) */ 00883 # else 00884 # define SSL_MAX_CERT_LIST_DEFAULT 1024*100 00885 /* 100k max cert list :-) */ 00886 # endif 00887 00888 # define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) 00889 00890 /* 00891 * This callback type is used inside SSL_CTX, SSL, and in the functions that 00892 * set them. It is used to override the generation of SSL/TLS session IDs in 00893 * a server. Return value should be zero on an error, non-zero to proceed. 00894 * Also, callbacks should themselves check if the id they generate is unique 00895 * otherwise the SSL handshake will fail with an error - callbacks can do 00896 * this using the 'ssl' value they're passed by; 00897 * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in 00898 * is set at the maximum size the session ID can be. In SSLv2 this is 16 00899 * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this 00900 * length to be less if desired, but under SSLv2 session IDs are supposed to 00901 * be fixed at 16 bytes so the id will be padded after the callback returns 00902 * in this case. It is also an error for the callback to set the size to 00903 * zero. 00904 */ 00905 typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, 00906 unsigned int *id_len); 00907 00908 typedef struct ssl_comp_st SSL_COMP; 00909 00910 # ifndef OPENSSL_NO_SSL_INTERN 00911 00912 struct ssl_comp_st { 00913 int id; 00914 const char *name; 00915 # ifndef OPENSSL_NO_COMP 00916 COMP_METHOD *method; 00917 # else 00918 char *method; 00919 # endif 00920 }; 00921 00922 DECLARE_STACK_OF(SSL_COMP) 00923 DECLARE_LHASH_OF(SSL_SESSION); 00924 00925 struct ssl_ctx_st { 00926 const SSL_METHOD *method; 00927 STACK_OF(SSL_CIPHER) *cipher_list; 00928 /* same as above but sorted for lookup */ 00929 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 00930 struct x509_store_st /* X509_STORE */ *cert_store; 00931 LHASH_OF(SSL_SESSION) *sessions; 00932 /* 00933 * Most session-ids that will be cached, default is 00934 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. 00935 */ 00936 unsigned long session_cache_size; 00937 struct ssl_session_st *session_cache_head; 00938 struct ssl_session_st *session_cache_tail; 00939 /* 00940 * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, 00941 * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which 00942 * means only SSL_accept which cache SSL_SESSIONS. 00943 */ 00944 int session_cache_mode; 00945 /* 00946 * If timeout is not 0, it is the default timeout value set when 00947 * SSL_new() is called. This has been put in to make life easier to set 00948 * things up 00949 */ 00950 long session_timeout; 00951 /* 00952 * If this callback is not null, it will be called each time a session id 00953 * is added to the cache. If this function returns 1, it means that the 00954 * callback will do a SSL_SESSION_free() when it has finished using it. 00955 * Otherwise, on 0, it means the callback has finished with it. If 00956 * remove_session_cb is not null, it will be called when a session-id is 00957 * removed from the cache. After the call, OpenSSL will 00958 * SSL_SESSION_free() it. 00959 */ 00960 int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); 00961 void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); 00962 SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, 00963 unsigned char *data, int len, int *copy); 00964 struct { 00965 int sess_connect; /* SSL new conn - started */ 00966 int sess_connect_renegotiate; /* SSL reneg - requested */ 00967 int sess_connect_good; /* SSL new conne/reneg - finished */ 00968 int sess_accept; /* SSL new accept - started */ 00969 int sess_accept_renegotiate; /* SSL reneg - requested */ 00970 int sess_accept_good; /* SSL accept/reneg - finished */ 00971 int sess_miss; /* session lookup misses */ 00972 int sess_timeout; /* reuse attempt on timeouted session */ 00973 int sess_cache_full; /* session removed due to full cache */ 00974 int sess_hit; /* session reuse actually done */ 00975 int sess_cb_hit; /* session-id that was not in the cache was 00976 * passed back via the callback. This 00977 * indicates that the application is 00978 * supplying session-id's from other 00979 * processes - spooky :-) */ 00980 } stats; 00981 00982 int references; 00983 00984 /* if defined, these override the X509_verify_cert() calls */ 00985 int (*app_verify_callback) (X509_STORE_CTX *, void *); 00986 void *app_verify_arg; 00987 /* 00988 * before OpenSSL 0.9.7, 'app_verify_arg' was ignored 00989 * ('app_verify_callback' was called with just one argument) 00990 */ 00991 00992 /* Default password callback. */ 00993 pem_password_cb *default_passwd_callback; 00994 00995 /* Default password callback user data. */ 00996 void *default_passwd_callback_userdata; 00997 00998 /* get client cert callback */ 00999 int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); 01000 01001 /* cookie generate callback */ 01002 int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, 01003 unsigned int *cookie_len); 01004 01005 /* verify cookie callback */ 01006 int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, 01007 unsigned int cookie_len); 01008 01009 CRYPTO_EX_DATA ex_data; 01010 01011 const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ 01012 const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ 01013 const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ 01014 01015 STACK_OF(X509) *extra_certs; 01016 STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ 01017 01018 /* Default values used when no per-SSL value is defined follow */ 01019 01020 /* used if SSL's info_callback is NULL */ 01021 void (*info_callback) (const SSL *ssl, int type, int val); 01022 01023 /* what we put in client cert requests */ 01024 STACK_OF(X509_NAME) *client_CA; 01025 01026 /* 01027 * Default values to use in SSL structures follow (these are copied by 01028 * SSL_new) 01029 */ 01030 01031 unsigned long options; 01032 unsigned long mode; 01033 long max_cert_list; 01034 01035 struct cert_st /* CERT */ *cert; 01036 int read_ahead; 01037 01038 /* callback that allows applications to peek at protocol messages */ 01039 void (*msg_callback) (int write_p, int version, int content_type, 01040 const void *buf, size_t len, SSL *ssl, void *arg); 01041 void *msg_callback_arg; 01042 01043 int verify_mode; 01044 unsigned int sid_ctx_length; 01045 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 01046 /* called 'verify_callback' in the SSL */ 01047 int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); 01048 01049 /* Default generate session ID callback. */ 01050 GEN_SESSION_CB generate_session_id; 01051 01052 X509_VERIFY_PARAM *param; 01053 01054 # if 0 01055 int purpose; /* Purpose setting */ 01056 int trust; /* Trust setting */ 01057 # endif 01058 01059 int quiet_shutdown; 01060 01061 /* 01062 * Maximum amount of data to send in one fragment. actual record size can 01063 * be more than this due to padding and MAC overheads. 01064 */ 01065 unsigned int max_send_fragment; 01066 01067 # ifndef OPENSSL_NO_ENGINE 01068 /* 01069 * Engine to pass requests for client certs to 01070 */ 01071 ENGINE *client_cert_engine; 01072 # endif 01073 01074 # ifndef OPENSSL_NO_TLSEXT 01075 /* TLS extensions servername callback */ 01076 int (*tlsext_servername_callback) (SSL *, int *, void *); 01077 void *tlsext_servername_arg; 01078 /* RFC 4507 session ticket keys */ 01079 unsigned char tlsext_tick_key_name[16]; 01080 unsigned char tlsext_tick_hmac_key[16]; 01081 unsigned char tlsext_tick_aes_key[16]; 01082 /* Callback to support customisation of ticket key setting */ 01083 int (*tlsext_ticket_key_cb) (SSL *ssl, 01084 unsigned char *name, unsigned char *iv, 01085 EVP_CIPHER_CTX *ectx, 01086 HMAC_CTX *hctx, int enc); 01087 01088 /* certificate status request info */ 01089 /* Callback for status request */ 01090 int (*tlsext_status_cb) (SSL *ssl, void *arg); 01091 void *tlsext_status_arg; 01092 01093 /* draft-rescorla-tls-opaque-prf-input-00.txt information */ 01094 int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, 01095 size_t len, void *arg); 01096 void *tlsext_opaque_prf_input_callback_arg; 01097 # endif 01098 01099 # ifndef OPENSSL_NO_PSK 01100 char *psk_identity_hint; 01101 unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, 01102 char *identity, 01103 unsigned int max_identity_len, 01104 unsigned char *psk, 01105 unsigned int max_psk_len); 01106 unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, 01107 unsigned char *psk, 01108 unsigned int max_psk_len); 01109 # endif 01110 01111 # ifndef OPENSSL_NO_BUF_FREELISTS 01112 # define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 01113 unsigned int freelist_max_len; 01114 struct ssl3_buf_freelist_st *wbuf_freelist; 01115 struct ssl3_buf_freelist_st *rbuf_freelist; 01116 # endif 01117 # ifndef OPENSSL_NO_SRP 01118 SRP_CTX srp_ctx; /* ctx for SRP authentication */ 01119 # endif 01120 01121 # ifndef OPENSSL_NO_TLSEXT 01122 01123 # ifndef OPENSSL_NO_NEXTPROTONEG 01124 /* Next protocol negotiation information */ 01125 /* (for experimental NPN extension). */ 01126 01127 /* 01128 * For a server, this contains a callback function by which the set of 01129 * advertised protocols can be provided. 01130 */ 01131 int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, 01132 unsigned int *len, void *arg); 01133 void *next_protos_advertised_cb_arg; 01134 /* 01135 * For a client, this contains a callback function that selects the next 01136 * protocol from the list provided by the server. 01137 */ 01138 int (*next_proto_select_cb) (SSL *s, unsigned char **out, 01139 unsigned char *outlen, 01140 const unsigned char *in, 01141 unsigned int inlen, void *arg); 01142 void *next_proto_select_cb_arg; 01143 # endif 01144 /* SRTP profiles we are willing to do from RFC 5764 */ 01145 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 01146 01147 /* 01148 * ALPN information (we are in the process of transitioning from NPN to 01149 * ALPN.) 01150 */ 01151 01152 /*- 01153 * For a server, this contains a callback function that allows the 01154 * server to select the protocol for the connection. 01155 * out: on successful return, this must point to the raw protocol 01156 * name (without the length prefix). 01157 * outlen: on successful return, this contains the length of |*out|. 01158 * in: points to the client's list of supported protocols in 01159 * wire-format. 01160 * inlen: the length of |in|. 01161 */ 01162 int (*alpn_select_cb) (SSL *s, 01163 const unsigned char **out, 01164 unsigned char *outlen, 01165 const unsigned char *in, 01166 unsigned int inlen, void *arg); 01167 void *alpn_select_cb_arg; 01168 01169 /* 01170 * For a client, this contains the list of supported protocols in wire 01171 * format. 01172 */ 01173 unsigned char *alpn_client_proto_list; 01174 unsigned alpn_client_proto_list_len; 01175 01176 # ifndef OPENSSL_NO_EC 01177 /* EC extension values inherited by SSL structure */ 01178 size_t tlsext_ecpointformatlist_length; 01179 unsigned char *tlsext_ecpointformatlist; 01180 size_t tlsext_ellipticcurvelist_length; 01181 unsigned char *tlsext_ellipticcurvelist; 01182 # endif /* OPENSSL_NO_EC */ 01183 # endif 01184 }; 01185 01186 # endif 01187 01188 # define SSL_SESS_CACHE_OFF 0x0000 01189 # define SSL_SESS_CACHE_CLIENT 0x0001 01190 # define SSL_SESS_CACHE_SERVER 0x0002 01191 # define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) 01192 # define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 01193 /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ 01194 # define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 01195 # define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 01196 # define SSL_SESS_CACHE_NO_INTERNAL \ 01197 (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) 01198 01199 LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx); 01200 # define SSL_CTX_sess_number(ctx) \ 01201 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) 01202 # define SSL_CTX_sess_connect(ctx) \ 01203 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) 01204 # define SSL_CTX_sess_connect_good(ctx) \ 01205 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) 01206 # define SSL_CTX_sess_connect_renegotiate(ctx) \ 01207 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) 01208 # define SSL_CTX_sess_accept(ctx) \ 01209 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) 01210 # define SSL_CTX_sess_accept_renegotiate(ctx) \ 01211 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) 01212 # define SSL_CTX_sess_accept_good(ctx) \ 01213 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) 01214 # define SSL_CTX_sess_hits(ctx) \ 01215 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) 01216 # define SSL_CTX_sess_cb_hits(ctx) \ 01217 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) 01218 # define SSL_CTX_sess_misses(ctx) \ 01219 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) 01220 # define SSL_CTX_sess_timeouts(ctx) \ 01221 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) 01222 # define SSL_CTX_sess_cache_full(ctx) \ 01223 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) 01224 01225 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, 01226 int (*new_session_cb) (struct ssl_st *ssl, 01227 SSL_SESSION *sess)); 01228 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, 01229 SSL_SESSION *sess); 01230 void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, 01231 void (*remove_session_cb) (struct ssl_ctx_st 01232 *ctx, 01233 SSL_SESSION 01234 *sess)); 01235 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, 01236 SSL_SESSION *sess); 01237 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, 01238 SSL_SESSION *(*get_session_cb) (struct ssl_st 01239 *ssl, 01240 unsigned char 01241 *data, int len, 01242 int *copy)); 01243 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, 01244 unsigned char *Data, 01245 int len, int *copy); 01246 void SSL_CTX_set_info_callback(SSL_CTX *ctx, 01247 void (*cb) (const SSL *ssl, int type, 01248 int val)); 01249 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, 01250 int val); 01251 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, 01252 int (*client_cert_cb) (SSL *ssl, X509 **x509, 01253 EVP_PKEY **pkey)); 01254 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, 01255 EVP_PKEY **pkey); 01256 # ifndef OPENSSL_NO_ENGINE 01257 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); 01258 # endif 01259 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 01260 int (*app_gen_cookie_cb) (SSL *ssl, 01261 unsigned char 01262 *cookie, 01263 unsigned int 01264 *cookie_len)); 01265 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, 01266 int (*app_verify_cookie_cb) (SSL *ssl, 01267 unsigned char 01268 *cookie, 01269 unsigned int 01270 cookie_len)); 01271 # ifndef OPENSSL_NO_NEXTPROTONEG 01272 void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, 01273 int (*cb) (SSL *ssl, 01274 const unsigned char 01275 **out, 01276 unsigned int *outlen, 01277 void *arg), void *arg); 01278 void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, 01279 int (*cb) (SSL *ssl, 01280 unsigned char **out, 01281 unsigned char *outlen, 01282 const unsigned char *in, 01283 unsigned int inlen, 01284 void *arg), void *arg); 01285 void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, 01286 unsigned *len); 01287 # endif 01288 01289 # ifndef OPENSSL_NO_TLSEXT 01290 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, 01291 const unsigned char *in, unsigned int inlen, 01292 const unsigned char *client, 01293 unsigned int client_len); 01294 # endif 01295 01296 # define OPENSSL_NPN_UNSUPPORTED 0 01297 # define OPENSSL_NPN_NEGOTIATED 1 01298 # define OPENSSL_NPN_NO_OVERLAP 2 01299 01300 int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, 01301 unsigned protos_len); 01302 int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, 01303 unsigned protos_len); 01304 void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, 01305 int (*cb) (SSL *ssl, 01306 const unsigned char **out, 01307 unsigned char *outlen, 01308 const unsigned char *in, 01309 unsigned int inlen, 01310 void *arg), void *arg); 01311 void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, 01312 unsigned *len); 01313 01314 # ifndef OPENSSL_NO_PSK 01315 /* 01316 * the maximum length of the buffer given to callbacks containing the 01317 * resulting identity/psk 01318 */ 01319 # define PSK_MAX_IDENTITY_LEN 128 01320 # define PSK_MAX_PSK_LEN 256 01321 void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 01322 unsigned int (*psk_client_callback) (SSL 01323 *ssl, 01324 const 01325 char 01326 *hint, 01327 char 01328 *identity, 01329 unsigned 01330 int 01331 max_identity_len, 01332 unsigned 01333 char 01334 *psk, 01335 unsigned 01336 int 01337 max_psk_len)); 01338 void SSL_set_psk_client_callback(SSL *ssl, 01339 unsigned int (*psk_client_callback) (SSL 01340 *ssl, 01341 const 01342 char 01343 *hint, 01344 char 01345 *identity, 01346 unsigned 01347 int 01348 max_identity_len, 01349 unsigned 01350 char 01351 *psk, 01352 unsigned 01353 int 01354 max_psk_len)); 01355 void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 01356 unsigned int (*psk_server_callback) (SSL 01357 *ssl, 01358 const 01359 char 01360 *identity, 01361 unsigned 01362 char 01363 *psk, 01364 unsigned 01365 int 01366 max_psk_len)); 01367 void SSL_set_psk_server_callback(SSL *ssl, 01368 unsigned int (*psk_server_callback) (SSL 01369 *ssl, 01370 const 01371 char 01372 *identity, 01373 unsigned 01374 char 01375 *psk, 01376 unsigned 01377 int 01378 max_psk_len)); 01379 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); 01380 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); 01381 const char *SSL_get_psk_identity_hint(const SSL *s); 01382 const char *SSL_get_psk_identity(const SSL *s); 01383 # endif 01384 01385 # ifndef OPENSSL_NO_TLSEXT 01386 /* Register callbacks to handle custom TLS Extensions for client or server. */ 01387 01388 int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, 01389 custom_ext_add_cb add_cb, 01390 custom_ext_free_cb free_cb, 01391 void *add_arg, 01392 custom_ext_parse_cb parse_cb, 01393 void *parse_arg); 01394 01395 int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, 01396 custom_ext_add_cb add_cb, 01397 custom_ext_free_cb free_cb, 01398 void *add_arg, 01399 custom_ext_parse_cb parse_cb, 01400 void *parse_arg); 01401 01402 int SSL_extension_supported(unsigned int ext_type); 01403 01404 # endif 01405 01406 # define SSL_NOTHING 1 01407 # define SSL_WRITING 2 01408 # define SSL_READING 3 01409 # define SSL_X509_LOOKUP 4 01410 01411 /* These will only be used when doing non-blocking IO */ 01412 # define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) 01413 # define SSL_want_read(s) (SSL_want(s) == SSL_READING) 01414 # define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) 01415 # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) 01416 01417 # define SSL_MAC_FLAG_READ_MAC_STREAM 1 01418 # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 01419 01420 # ifndef OPENSSL_NO_SSL_INTERN 01421 01422 struct ssl_st { 01423 /* 01424 * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, 01425 * DTLS1_VERSION) 01426 */ 01427 int version; 01428 /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ 01429 int type; 01430 /* SSLv3 */ 01431 const SSL_METHOD *method; 01432 /* 01433 * There are 2 BIO's even though they are normally both the same. This 01434 * is so data can be read and written to different handlers 01435 */ 01436 # ifndef OPENSSL_NO_BIO 01437 /* used by SSL_read */ 01438 BIO *rbio; 01439 /* used by SSL_write */ 01440 BIO *wbio; 01441 /* used during session-id reuse to concatenate messages */ 01442 BIO *bbio; 01443 # else 01444 /* used by SSL_read */ 01445 char *rbio; 01446 /* used by SSL_write */ 01447 char *wbio; 01448 char *bbio; 01449 # endif 01450 /* 01451 * This holds a variable that indicates what we were doing when a 0 or -1 01452 * is returned. This is needed for non-blocking IO so we know what 01453 * request needs re-doing when in SSL_accept or SSL_connect 01454 */ 01455 int rwstate; 01456 /* true when we are actually in SSL_accept() or SSL_connect() */ 01457 int in_handshake; 01458 int (*handshake_func) (SSL *); 01459 /* 01460 * Imagine that here's a boolean member "init" that is switched as soon 01461 * as SSL_set_{accept/connect}_state is called for the first time, so 01462 * that "state" and "handshake_func" are properly initialized. But as 01463 * handshake_func is == 0 until then, we use this test instead of an 01464 * "init" member. 01465 */ 01466 /* are we the server side? - mostly used by SSL_clear */ 01467 int server; 01468 /* 01469 * Generate a new session or reuse an old one. 01470 * NB: For servers, the 'new' session may actually be a previously 01471 * cached session or even the previous session unless 01472 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set 01473 */ 01474 int new_session; 01475 /* don't send shutdown packets */ 01476 int quiet_shutdown; 01477 /* we have shut things down, 0x01 sent, 0x02 for received */ 01478 int shutdown; 01479 /* where we are */ 01480 int state; 01481 /* where we are when reading */ 01482 int rstate; 01483 BUF_MEM *init_buf; /* buffer used during init */ 01484 void *init_msg; /* pointer to handshake message body, set by 01485 * ssl3_get_message() */ 01486 int init_num; /* amount read/written */ 01487 int init_off; /* amount read/written */ 01488 /* used internally to point at a raw packet */ 01489 unsigned char *packet; 01490 unsigned int packet_length; 01491 struct ssl2_state_st *s2; /* SSLv2 variables */ 01492 struct ssl3_state_st *s3; /* SSLv3 variables */ 01493 struct dtls1_state_st *d1; /* DTLSv1 variables */ 01494 int read_ahead; /* Read as many input bytes as possible (for 01495 * non-blocking reads) */ 01496 /* callback that allows applications to peek at protocol messages */ 01497 void (*msg_callback) (int write_p, int version, int content_type, 01498 const void *buf, size_t len, SSL *ssl, void *arg); 01499 void *msg_callback_arg; 01500 int hit; /* reusing a previous session */ 01501 X509_VERIFY_PARAM *param; 01502 # if 0 01503 int purpose; /* Purpose setting */ 01504 int trust; /* Trust setting */ 01505 # endif 01506 /* crypto */ 01507 STACK_OF(SSL_CIPHER) *cipher_list; 01508 STACK_OF(SSL_CIPHER) *cipher_list_by_id; 01509 /* 01510 * These are the ones being used, the ones in SSL_SESSION are the ones to 01511 * be 'copied' into these ones 01512 */ 01513 int mac_flags; 01514 EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ 01515 EVP_MD_CTX *read_hash; /* used for mac generation */ 01516 # ifndef OPENSSL_NO_COMP 01517 COMP_CTX *expand; /* uncompress */ 01518 # else 01519 char *expand; 01520 # endif 01521 EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ 01522 EVP_MD_CTX *write_hash; /* used for mac generation */ 01523 # ifndef OPENSSL_NO_COMP 01524 COMP_CTX *compress; /* compression */ 01525 # else 01526 char *compress; 01527 # endif 01528 /* session info */ 01529 /* client cert? */ 01530 /* This is used to hold the server certificate used */ 01531 struct cert_st /* CERT */ *cert; 01532 /* 01533 * the session_id_context is used to ensure sessions are only reused in 01534 * the appropriate context 01535 */ 01536 unsigned int sid_ctx_length; 01537 unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; 01538 /* This can also be in the session once a session is established */ 01539 SSL_SESSION *session; 01540 /* Default generate session ID callback. */ 01541 GEN_SESSION_CB generate_session_id; 01542 /* Used in SSL2 and SSL3 */ 01543 /* 01544 * 0 don't care about verify failure. 01545 * 1 fail if verify fails 01546 */ 01547 int verify_mode; 01548 /* fail if callback returns 0 */ 01549 int (*verify_callback) (int ok, X509_STORE_CTX *ctx); 01550 /* optional informational callback */ 01551 void (*info_callback) (const SSL *ssl, int type, int val); 01552 /* error bytes to be written */ 01553 int error; 01554 /* actual code */ 01555 int error_code; 01556 # ifndef OPENSSL_NO_KRB5 01557 /* Kerberos 5 context */ 01558 KSSL_CTX *kssl_ctx; 01559 # endif /* OPENSSL_NO_KRB5 */ 01560 # ifndef OPENSSL_NO_PSK 01561 unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, 01562 char *identity, 01563 unsigned int max_identity_len, 01564 unsigned char *psk, 01565 unsigned int max_psk_len); 01566 unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, 01567 unsigned char *psk, 01568 unsigned int max_psk_len); 01569 # endif 01570 SSL_CTX *ctx; 01571 /* 01572 * set this flag to 1 and a sleep(1) is put into all SSL_read() and 01573 * SSL_write() calls, good for nbio debuging :-) 01574 */ 01575 int debug; 01576 /* extra application data */ 01577 long verify_result; 01578 CRYPTO_EX_DATA ex_data; 01579 /* for server side, keep the list of CA_dn we can use */ 01580 STACK_OF(X509_NAME) *client_CA; 01581 int references; 01582 /* protocol behaviour */ 01583 unsigned long options; 01584 /* API behaviour */ 01585 unsigned long mode; 01586 long max_cert_list; 01587 int first_packet; 01588 /* what was passed, used for SSLv3/TLS rollback check */ 01589 int client_version; 01590 unsigned int max_send_fragment; 01591 # ifndef OPENSSL_NO_TLSEXT 01592 /* TLS extension debug callback */ 01593 void (*tlsext_debug_cb) (SSL *s, int client_server, int type, 01594 unsigned char *data, int len, void *arg); 01595 void *tlsext_debug_arg; 01596 char *tlsext_hostname; 01597 /*- 01598 * no further mod of servername 01599 * 0 : call the servername extension callback. 01600 * 1 : prepare 2, allow last ack just after in server callback. 01601 * 2 : don't call servername callback, no ack in server hello 01602 */ 01603 int servername_done; 01604 /* certificate status request info */ 01605 /* Status type or -1 if no status type */ 01606 int tlsext_status_type; 01607 /* Expect OCSP CertificateStatus message */ 01608 int tlsext_status_expected; 01609 /* OCSP status request only */ 01610 STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; 01611 X509_EXTENSIONS *tlsext_ocsp_exts; 01612 /* OCSP response received or to be sent */ 01613 unsigned char *tlsext_ocsp_resp; 01614 int tlsext_ocsp_resplen; 01615 /* RFC4507 session ticket expected to be received or sent */ 01616 int tlsext_ticket_expected; 01617 # ifndef OPENSSL_NO_EC 01618 size_t tlsext_ecpointformatlist_length; 01619 /* our list */ 01620 unsigned char *tlsext_ecpointformatlist; 01621 size_t tlsext_ellipticcurvelist_length; 01622 /* our list */ 01623 unsigned char *tlsext_ellipticcurvelist; 01624 # endif /* OPENSSL_NO_EC */ 01625 /* 01626 * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for 01627 * handshakes 01628 */ 01629 void *tlsext_opaque_prf_input; 01630 size_t tlsext_opaque_prf_input_len; 01631 /* TLS Session Ticket extension override */ 01632 TLS_SESSION_TICKET_EXT *tlsext_session_ticket; 01633 /* TLS Session Ticket extension callback */ 01634 tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; 01635 void *tls_session_ticket_ext_cb_arg; 01636 /* TLS pre-shared secret session resumption */ 01637 tls_session_secret_cb_fn tls_session_secret_cb; 01638 void *tls_session_secret_cb_arg; 01639 SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ 01640 # ifndef OPENSSL_NO_NEXTPROTONEG 01641 /* 01642 * Next protocol negotiation. For the client, this is the protocol that 01643 * we sent in NextProtocol and is set when handling ServerHello 01644 * extensions. For a server, this is the client's selected_protocol from 01645 * NextProtocol and is set when handling the NextProtocol message, before 01646 * the Finished message. 01647 */ 01648 unsigned char *next_proto_negotiated; 01649 unsigned char next_proto_negotiated_len; 01650 # endif 01651 # define session_ctx initial_ctx 01652 /* What we'll do */ 01653 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 01654 /* What's been chosen */ 01655 SRTP_PROTECTION_PROFILE *srtp_profile; 01656 /*- 01657 * Is use of the Heartbeat extension negotiated? 01658 * 0: disabled 01659 * 1: enabled 01660 * 2: enabled, but not allowed to send Requests 01661 */ 01662 unsigned int tlsext_heartbeat; 01663 /* Indicates if a HeartbeatRequest is in flight */ 01664 unsigned int tlsext_hb_pending; 01665 /* HeartbeatRequest sequence number */ 01666 unsigned int tlsext_hb_seq; 01667 # else 01668 # define session_ctx ctx 01669 # endif /* OPENSSL_NO_TLSEXT */ 01670 /*- 01671 * 1 if we are renegotiating. 01672 * 2 if we are a server and are inside a handshake 01673 * (i.e. not just sending a HelloRequest) 01674 */ 01675 int renegotiate; 01676 # ifndef OPENSSL_NO_SRP 01677 /* ctx for SRP authentication */ 01678 SRP_CTX srp_ctx; 01679 # endif 01680 # ifndef OPENSSL_NO_TLSEXT 01681 /* 01682 * For a client, this contains the list of supported protocols in wire 01683 * format. 01684 */ 01685 unsigned char *alpn_client_proto_list; 01686 unsigned alpn_client_proto_list_len; 01687 # endif /* OPENSSL_NO_TLSEXT */ 01688 }; 01689 01690 # endif 01691 01692 #ifdef __cplusplus 01693 } 01694 #endif 01695 01696 # include <openssl/ssl2.h> 01697 # include <openssl/ssl3.h> 01698 # include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ 01699 # include <openssl/dtls1.h> /* Datagram TLS */ 01700 # include <openssl/ssl23.h> 01701 # include <openssl/srtp.h> /* Support for the use_srtp extension */ 01702 01703 #ifdef __cplusplus 01704 extern "C" { 01705 #endif 01706 01707 /* compatibility */ 01708 # define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) 01709 # define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) 01710 # define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) 01711 # define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) 01712 # define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) 01713 # define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) 01714 01715 /* 01716 * The following are the possible values for ssl->state are are used to 01717 * indicate where we are up to in the SSL connection establishment. The 01718 * macros that follow are about the only things you should need to use and 01719 * even then, only when using non-blocking IO. It can also be useful to work 01720 * out where you were when the connection failed 01721 */ 01722 01723 # define SSL_ST_CONNECT 0x1000 01724 # define SSL_ST_ACCEPT 0x2000 01725 # define SSL_ST_MASK 0x0FFF 01726 # define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) 01727 # define SSL_ST_BEFORE 0x4000 01728 # define SSL_ST_OK 0x03 01729 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) 01730 # define SSL_ST_ERR 0x05 01731 01732 # define SSL_CB_LOOP 0x01 01733 # define SSL_CB_EXIT 0x02 01734 # define SSL_CB_READ 0x04 01735 # define SSL_CB_WRITE 0x08 01736 # define SSL_CB_ALERT 0x4000/* used in callback */ 01737 # define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) 01738 # define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) 01739 # define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) 01740 # define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) 01741 # define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) 01742 # define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) 01743 # define SSL_CB_HANDSHAKE_START 0x10 01744 # define SSL_CB_HANDSHAKE_DONE 0x20 01745 01746 /* Is the SSL_connection established? */ 01747 # define SSL_get_state(a) SSL_state(a) 01748 # define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) 01749 # define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) 01750 # define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) 01751 # define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) 01752 # define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) 01753 01754 /* 01755 * The following 2 states are kept in ssl->rstate when reads fail, you should 01756 * not need these 01757 */ 01758 # define SSL_ST_READ_HEADER 0xF0 01759 # define SSL_ST_READ_BODY 0xF1 01760 # define SSL_ST_READ_DONE 0xF2 01761 01762 /*- 01763 * Obtain latest Finished message 01764 * -- that we sent (SSL_get_finished) 01765 * -- that we expected from peer (SSL_get_peer_finished). 01766 * Returns length (0 == no Finished so far), copies up to 'count' bytes. 01767 */ 01768 size_t SSL_get_finished(const SSL *s, void *buf, size_t count); 01769 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); 01770 01771 /* 01772 * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are 01773 * 'ored' with SSL_VERIFY_PEER if they are desired 01774 */ 01775 # define SSL_VERIFY_NONE 0x00 01776 # define SSL_VERIFY_PEER 0x01 01777 # define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 01778 # define SSL_VERIFY_CLIENT_ONCE 0x04 01779 01780 # define OpenSSL_add_ssl_algorithms() SSL_library_init() 01781 # define SSLeay_add_ssl_algorithms() SSL_library_init() 01782 01783 /* this is for backward compatibility */ 01784 # if 0 /* NEW_SSLEAY */ 01785 # define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) 01786 # define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) 01787 # define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) 01788 # define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) 01789 # define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) 01790 # endif 01791 /* More backward compatibility */ 01792 # define SSL_get_cipher(s) \ 01793 SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 01794 # define SSL_get_cipher_bits(s,np) \ 01795 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) 01796 # define SSL_get_cipher_version(s) \ 01797 SSL_CIPHER_get_version(SSL_get_current_cipher(s)) 01798 # define SSL_get_cipher_name(s) \ 01799 SSL_CIPHER_get_name(SSL_get_current_cipher(s)) 01800 # define SSL_get_time(a) SSL_SESSION_get_time(a) 01801 # define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) 01802 # define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) 01803 # define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) 01804 01805 # define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) 01806 # define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) 01807 01808 DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) 01809 # define SSL_AD_REASON_OFFSET 1000/* offset to get SSL_R_... value 01810 * from SSL_AD_... */ 01811 /* These alert types are for SSLv3 and TLSv1 */ 01812 # define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY 01813 /* fatal */ 01814 # define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE 01815 /* fatal */ 01816 # define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC 01817 # define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED 01818 # define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW 01819 /* fatal */ 01820 # define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE 01821 /* fatal */ 01822 # define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE 01823 /* Not for TLS */ 01824 # define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE 01825 # define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE 01826 # define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE 01827 # define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED 01828 # define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED 01829 # define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN 01830 /* fatal */ 01831 # define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER 01832 /* fatal */ 01833 # define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA 01834 /* fatal */ 01835 # define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED 01836 /* fatal */ 01837 # define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR 01838 # define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR 01839 /* fatal */ 01840 # define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION 01841 /* fatal */ 01842 # define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION 01843 /* fatal */ 01844 # define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY 01845 /* fatal */ 01846 # define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR 01847 # define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED 01848 # define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION 01849 # define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION 01850 # define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE 01851 # define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME 01852 # define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 01853 # define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 01854 /* fatal */ 01855 # define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY 01856 /* fatal */ 01857 # define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK 01858 # define SSL_ERROR_NONE 0 01859 # define SSL_ERROR_SSL 1 01860 # define SSL_ERROR_WANT_READ 2 01861 # define SSL_ERROR_WANT_WRITE 3 01862 # define SSL_ERROR_WANT_X509_LOOKUP 4 01863 # define SSL_ERROR_SYSCALL 5/* look at error stack/return 01864 * value/errno */ 01865 # define SSL_ERROR_ZERO_RETURN 6 01866 # define SSL_ERROR_WANT_CONNECT 7 01867 # define SSL_ERROR_WANT_ACCEPT 8 01868 # define SSL_CTRL_NEED_TMP_RSA 1 01869 # define SSL_CTRL_SET_TMP_RSA 2 01870 # define SSL_CTRL_SET_TMP_DH 3 01871 # define SSL_CTRL_SET_TMP_ECDH 4 01872 # define SSL_CTRL_SET_TMP_RSA_CB 5 01873 # define SSL_CTRL_SET_TMP_DH_CB 6 01874 # define SSL_CTRL_SET_TMP_ECDH_CB 7 01875 # define SSL_CTRL_GET_SESSION_REUSED 8 01876 # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 01877 # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 01878 # define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 01879 # define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 01880 # define SSL_CTRL_GET_FLAGS 13 01881 # define SSL_CTRL_EXTRA_CHAIN_CERT 14 01882 # define SSL_CTRL_SET_MSG_CALLBACK 15 01883 # define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 01884 /* only applies to datagram connections */ 01885 # define SSL_CTRL_SET_MTU 17 01886 /* Stats */ 01887 # define SSL_CTRL_SESS_NUMBER 20 01888 # define SSL_CTRL_SESS_CONNECT 21 01889 # define SSL_CTRL_SESS_CONNECT_GOOD 22 01890 # define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 01891 # define SSL_CTRL_SESS_ACCEPT 24 01892 # define SSL_CTRL_SESS_ACCEPT_GOOD 25 01893 # define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 01894 # define SSL_CTRL_SESS_HIT 27 01895 # define SSL_CTRL_SESS_CB_HIT 28 01896 # define SSL_CTRL_SESS_MISSES 29 01897 # define SSL_CTRL_SESS_TIMEOUTS 30 01898 # define SSL_CTRL_SESS_CACHE_FULL 31 01899 # define SSL_CTRL_OPTIONS 32 01900 # define SSL_CTRL_MODE 33 01901 # define SSL_CTRL_GET_READ_AHEAD 40 01902 # define SSL_CTRL_SET_READ_AHEAD 41 01903 # define SSL_CTRL_SET_SESS_CACHE_SIZE 42 01904 # define SSL_CTRL_GET_SESS_CACHE_SIZE 43 01905 # define SSL_CTRL_SET_SESS_CACHE_MODE 44 01906 # define SSL_CTRL_GET_SESS_CACHE_MODE 45 01907 # define SSL_CTRL_GET_MAX_CERT_LIST 50 01908 # define SSL_CTRL_SET_MAX_CERT_LIST 51 01909 # define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 01910 /* see tls1.h for macros based on these */ 01911 # ifndef OPENSSL_NO_TLSEXT 01912 # define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 01913 # define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 01914 # define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 01915 # define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 01916 # define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 01917 # define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 01918 # define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 01919 # define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 01920 # define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 01921 # define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 01922 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 01923 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 01924 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 01925 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 01926 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 01927 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 01928 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 01929 # define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 01930 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 01931 # define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 01932 # define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 01933 # define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 01934 # define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 01935 # define SSL_CTRL_SET_SRP_ARG 78 01936 # define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 01937 # define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 01938 # define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 01939 # ifndef OPENSSL_NO_HEARTBEATS 01940 # define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 01941 # define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 01942 # define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 01943 # endif 01944 # endif /* OPENSSL_NO_TLSEXT */ 01945 # define DTLS_CTRL_GET_TIMEOUT 73 01946 # define DTLS_CTRL_HANDLE_TIMEOUT 74 01947 # define DTLS_CTRL_LISTEN 75 01948 # define SSL_CTRL_GET_RI_SUPPORT 76 01949 # define SSL_CTRL_CLEAR_OPTIONS 77 01950 # define SSL_CTRL_CLEAR_MODE 78 01951 # define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 01952 # define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 01953 # define SSL_CTRL_CHAIN 88 01954 # define SSL_CTRL_CHAIN_CERT 89 01955 # define SSL_CTRL_GET_CURVES 90 01956 # define SSL_CTRL_SET_CURVES 91 01957 # define SSL_CTRL_SET_CURVES_LIST 92 01958 # define SSL_CTRL_GET_SHARED_CURVE 93 01959 # define SSL_CTRL_SET_ECDH_AUTO 94 01960 # define SSL_CTRL_SET_SIGALGS 97 01961 # define SSL_CTRL_SET_SIGALGS_LIST 98 01962 # define SSL_CTRL_CERT_FLAGS 99 01963 # define SSL_CTRL_CLEAR_CERT_FLAGS 100 01964 # define SSL_CTRL_SET_CLIENT_SIGALGS 101 01965 # define SSL_CTRL_SET_CLIENT_SIGALGS_LIST 102 01966 # define SSL_CTRL_GET_CLIENT_CERT_TYPES 103 01967 # define SSL_CTRL_SET_CLIENT_CERT_TYPES 104 01968 # define SSL_CTRL_BUILD_CERT_CHAIN 105 01969 # define SSL_CTRL_SET_VERIFY_CERT_STORE 106 01970 # define SSL_CTRL_SET_CHAIN_CERT_STORE 107 01971 # define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 01972 # define SSL_CTRL_GET_SERVER_TMP_KEY 109 01973 # define SSL_CTRL_GET_RAW_CIPHERLIST 110 01974 # define SSL_CTRL_GET_EC_POINT_FORMATS 111 01975 # define SSL_CTRL_GET_CHAIN_CERTS 115 01976 # define SSL_CTRL_SELECT_CURRENT_CERT 116 01977 # define SSL_CTRL_SET_CURRENT_CERT 117 01978 # define SSL_CTRL_CHECK_PROTO_VERSION 119 01979 # define DTLS_CTRL_SET_LINK_MTU 120 01980 # define DTLS_CTRL_GET_LINK_MIN_MTU 121 01981 # define SSL_CERT_SET_FIRST 1 01982 # define SSL_CERT_SET_NEXT 2 01983 # define SSL_CERT_SET_SERVER 3 01984 # define DTLSv1_get_timeout(ssl, arg) \ 01985 SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) 01986 # define DTLSv1_handle_timeout(ssl) \ 01987 SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) 01988 # define DTLSv1_listen(ssl, peer) \ 01989 SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) 01990 # define SSL_session_reused(ssl) \ 01991 SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) 01992 # define SSL_num_renegotiations(ssl) \ 01993 SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) 01994 # define SSL_clear_num_renegotiations(ssl) \ 01995 SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) 01996 # define SSL_total_renegotiations(ssl) \ 01997 SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) 01998 # define SSL_CTX_need_tmp_RSA(ctx) \ 01999 SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) 02000 # define SSL_CTX_set_tmp_rsa(ctx,rsa) \ 02001 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) 02002 # define SSL_CTX_set_tmp_dh(ctx,dh) \ 02003 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) 02004 # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ 02005 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 02006 # define SSL_need_tmp_RSA(ssl) \ 02007 SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) 02008 # define SSL_set_tmp_rsa(ssl,rsa) \ 02009 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) 02010 # define SSL_set_tmp_dh(ssl,dh) \ 02011 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) 02012 # define SSL_set_tmp_ecdh(ssl,ecdh) \ 02013 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 02014 # define SSL_CTX_add_extra_chain_cert(ctx,x509) \ 02015 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) 02016 # define SSL_CTX_get_extra_chain_certs(ctx,px509) \ 02017 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) 02018 # define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ 02019 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) 02020 # define SSL_CTX_clear_extra_chain_certs(ctx) \ 02021 SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) 02022 # define SSL_CTX_set0_chain(ctx,sk) \ 02023 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) 02024 # define SSL_CTX_set1_chain(ctx,sk) \ 02025 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) 02026 # define SSL_CTX_add0_chain_cert(ctx,x509) \ 02027 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) 02028 # define SSL_CTX_add1_chain_cert(ctx,x509) \ 02029 SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) 02030 # define SSL_CTX_get0_chain_certs(ctx,px509) \ 02031 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) 02032 # define SSL_CTX_clear_chain_certs(ctx) \ 02033 SSL_CTX_set0_chain(ctx,NULL) 02034 # define SSL_CTX_build_cert_chain(ctx, flags) \ 02035 SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) 02036 # define SSL_CTX_select_current_cert(ctx,x509) \ 02037 SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) 02038 # define SSL_CTX_set_current_cert(ctx, op) \ 02039 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) 02040 # define SSL_CTX_set0_verify_cert_store(ctx,st) \ 02041 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) 02042 # define SSL_CTX_set1_verify_cert_store(ctx,st) \ 02043 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) 02044 # define SSL_CTX_set0_chain_cert_store(ctx,st) \ 02045 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) 02046 # define SSL_CTX_set1_chain_cert_store(ctx,st) \ 02047 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) 02048 # define SSL_set0_chain(ctx,sk) \ 02049 SSL_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)sk) 02050 # define SSL_set1_chain(ctx,sk) \ 02051 SSL_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)sk) 02052 # define SSL_add0_chain_cert(ctx,x509) \ 02053 SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)x509) 02054 # define SSL_add1_chain_cert(ctx,x509) \ 02055 SSL_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)x509) 02056 # define SSL_get0_chain_certs(ctx,px509) \ 02057 SSL_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509) 02058 # define SSL_clear_chain_certs(ctx) \ 02059 SSL_set0_chain(ctx,NULL) 02060 # define SSL_build_cert_chain(s, flags) \ 02061 SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) 02062 # define SSL_select_current_cert(ctx,x509) \ 02063 SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) 02064 # define SSL_set_current_cert(ctx,op) \ 02065 SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) 02066 # define SSL_set0_verify_cert_store(s,st) \ 02067 SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) 02068 # define SSL_set1_verify_cert_store(s,st) \ 02069 SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)st) 02070 # define SSL_set0_chain_cert_store(s,st) \ 02071 SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)st) 02072 # define SSL_set1_chain_cert_store(s,st) \ 02073 SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)st) 02074 # define SSL_get1_curves(ctx, s) \ 02075 SSL_ctrl(ctx,SSL_CTRL_GET_CURVES,0,(char *)s) 02076 # define SSL_CTX_set1_curves(ctx, clist, clistlen) \ 02077 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) 02078 # define SSL_CTX_set1_curves_list(ctx, s) \ 02079 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) 02080 # define SSL_set1_curves(ctx, clist, clistlen) \ 02081 SSL_ctrl(ctx,SSL_CTRL_SET_CURVES,clistlen,(char *)clist) 02082 # define SSL_set1_curves_list(ctx, s) \ 02083 SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) 02084 # define SSL_get_shared_curve(s, n) \ 02085 SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) 02086 # define SSL_CTX_set_ecdh_auto(ctx, onoff) \ 02087 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) 02088 # define SSL_set_ecdh_auto(s, onoff) \ 02089 SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) 02090 # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ 02091 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) 02092 # define SSL_CTX_set1_sigalgs_list(ctx, s) \ 02093 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) 02094 # define SSL_set1_sigalgs(ctx, slist, slistlen) \ 02095 SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist) 02096 # define SSL_set1_sigalgs_list(ctx, s) \ 02097 SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s) 02098 # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \ 02099 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)slist) 02100 # define SSL_CTX_set1_client_sigalgs_list(ctx, s) \ 02101 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) 02102 # define SSL_set1_client_sigalgs(ctx, slist, slistlen) \ 02103 SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,clistlen,(int *)slist) 02104 # define SSL_set1_client_sigalgs_list(ctx, s) \ 02105 SSL_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)s) 02106 # define SSL_get0_certificate_types(s, clist) \ 02107 SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)clist) 02108 # define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \ 02109 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) 02110 # define SSL_set1_client_certificate_types(s, clist, clistlen) \ 02111 SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)clist) 02112 # define SSL_get_peer_signature_nid(s, pn) \ 02113 SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn) 02114 # define SSL_get_server_tmp_key(s, pk) \ 02115 SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) 02116 # define SSL_get0_raw_cipherlist(s, plst) \ 02117 SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,(char *)plst) 02118 # define SSL_get0_ec_point_formats(s, plst) \ 02119 SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,(char *)plst) 02120 # ifndef OPENSSL_NO_BIO 02121 BIO_METHOD *BIO_f_ssl(void); 02122 BIO *BIO_new_ssl(SSL_CTX *ctx, int client); 02123 BIO *BIO_new_ssl_connect(SSL_CTX *ctx); 02124 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); 02125 int BIO_ssl_copy_session_id(BIO *to, BIO *from); 02126 void BIO_ssl_shutdown(BIO *ssl_bio); 02127 02128 # endif 02129 02130 int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); 02131 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); 02132 void SSL_CTX_free(SSL_CTX *); 02133 long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); 02134 long SSL_CTX_get_timeout(const SSL_CTX *ctx); 02135 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); 02136 void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); 02137 int SSL_want(const SSL *s); 02138 int SSL_clear(SSL *s); 02139 02140 void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); 02141 02142 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); 02143 int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); 02144 char *SSL_CIPHER_get_version(const SSL_CIPHER *c); 02145 const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); 02146 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); 02147 02148 int SSL_get_fd(const SSL *s); 02149 int SSL_get_rfd(const SSL *s); 02150 int SSL_get_wfd(const SSL *s); 02151 const char *SSL_get_cipher_list(const SSL *s, int n); 02152 char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); 02153 int SSL_get_read_ahead(const SSL *s); 02154 int SSL_pending(const SSL *s); 02155 # ifndef OPENSSL_NO_SOCK 02156 int SSL_set_fd(SSL *s, int fd); 02157 int SSL_set_rfd(SSL *s, int fd); 02158 int SSL_set_wfd(SSL *s, int fd); 02159 # endif 02160 # ifndef OPENSSL_NO_BIO 02161 void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); 02162 BIO *SSL_get_rbio(const SSL *s); 02163 BIO *SSL_get_wbio(const SSL *s); 02164 # endif 02165 int SSL_set_cipher_list(SSL *s, const char *str); 02166 void SSL_set_read_ahead(SSL *s, int yes); 02167 int SSL_get_verify_mode(const SSL *s); 02168 int SSL_get_verify_depth(const SSL *s); 02169 int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); 02170 void SSL_set_verify(SSL *s, int mode, 02171 int (*callback) (int ok, X509_STORE_CTX *ctx)); 02172 void SSL_set_verify_depth(SSL *s, int depth); 02173 void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); 02174 # ifndef OPENSSL_NO_RSA 02175 int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); 02176 # endif 02177 int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); 02178 int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); 02179 int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, 02180 long len); 02181 int SSL_use_certificate(SSL *ssl, X509 *x); 02182 int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); 02183 02184 # ifndef OPENSSL_NO_TLSEXT 02185 /* Set serverinfo data for the current active cert. */ 02186 int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, 02187 size_t serverinfo_length); 02188 # ifndef OPENSSL_NO_STDIO 02189 int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); 02190 # endif /* NO_STDIO */ 02191 02192 # endif 02193 02194 # ifndef OPENSSL_NO_STDIO 02195 int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); 02196 int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); 02197 int SSL_use_certificate_file(SSL *ssl, const char *file, int type); 02198 int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); 02199 int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); 02200 int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); 02201 /* PEM type */ 02202 int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); 02203 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 02204 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 02205 const char *file); 02206 # ifndef OPENSSL_SYS_VMS 02207 /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ 02208 # ifndef OPENSSL_SYS_MACINTOSH_CLASSIC 02209 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, 02210 const char *dir); 02211 # endif 02212 # endif 02213 02214 # endif 02215 02216 void SSL_load_error_strings(void); 02217 const char *SSL_state_string(const SSL *s); 02218 const char *SSL_rstate_string(const SSL *s); 02219 const char *SSL_state_string_long(const SSL *s); 02220 const char *SSL_rstate_string_long(const SSL *s); 02221 long SSL_SESSION_get_time(const SSL_SESSION *s); 02222 long SSL_SESSION_set_time(SSL_SESSION *s, long t); 02223 long SSL_SESSION_get_timeout(const SSL_SESSION *s); 02224 long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); 02225 void SSL_copy_session_id(SSL *to, const SSL *from); 02226 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); 02227 int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, 02228 unsigned int sid_ctx_len); 02229 02230 SSL_SESSION *SSL_SESSION_new(void); 02231 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, 02232 unsigned int *len); 02233 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); 02234 # ifndef OPENSSL_NO_FP_API 02235 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); 02236 # endif 02237 # ifndef OPENSSL_NO_BIO 02238 int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); 02239 # endif 02240 void SSL_SESSION_free(SSL_SESSION *ses); 02241 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); 02242 int SSL_set_session(SSL *to, SSL_SESSION *session); 02243 int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); 02244 int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); 02245 int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); 02246 int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); 02247 int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, 02248 unsigned int id_len); 02249 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, 02250 long length); 02251 02252 # ifdef HEADER_X509_H 02253 X509 *SSL_get_peer_certificate(const SSL *s); 02254 # endif 02255 02256 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); 02257 02258 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); 02259 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); 02260 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, 02261 X509_STORE_CTX *); 02262 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 02263 int (*callback) (int, X509_STORE_CTX *)); 02264 void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); 02265 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, 02266 int (*cb) (X509_STORE_CTX *, void *), 02267 void *arg); 02268 void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), 02269 void *arg); 02270 # ifndef OPENSSL_NO_RSA 02271 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 02272 # endif 02273 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, 02274 long len); 02275 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 02276 int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, 02277 const unsigned char *d, long len); 02278 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 02279 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, 02280 const unsigned char *d); 02281 02282 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); 02283 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); 02284 02285 int SSL_CTX_check_private_key(const SSL_CTX *ctx); 02286 int SSL_check_private_key(const SSL *ctx); 02287 02288 int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, 02289 unsigned int sid_ctx_len); 02290 02291 SSL *SSL_new(SSL_CTX *ctx); 02292 int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, 02293 unsigned int sid_ctx_len); 02294 02295 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); 02296 int SSL_set_purpose(SSL *s, int purpose); 02297 int SSL_CTX_set_trust(SSL_CTX *s, int trust); 02298 int SSL_set_trust(SSL *s, int trust); 02299 02300 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); 02301 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 02302 02303 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); 02304 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); 02305 02306 # ifndef OPENSSL_NO_SRP 02307 int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); 02308 int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); 02309 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); 02310 int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, 02311 char *(*cb) (SSL *, void *)); 02312 int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, 02313 int (*cb) (SSL *, void *)); 02314 int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, 02315 int (*cb) (SSL *, int *, void *)); 02316 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); 02317 02318 int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, 02319 BIGNUM *sa, BIGNUM *v, char *info); 02320 int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, 02321 const char *grp); 02322 02323 BIGNUM *SSL_get_srp_g(SSL *s); 02324 BIGNUM *SSL_get_srp_N(SSL *s); 02325 02326 char *SSL_get_srp_username(SSL *s); 02327 char *SSL_get_srp_userinfo(SSL *s); 02328 # endif 02329 02330 void SSL_certs_clear(SSL *s); 02331 void SSL_free(SSL *ssl); 02332 int SSL_accept(SSL *ssl); 02333 int SSL_connect(SSL *ssl); 02334 int SSL_read(SSL *ssl, void *buf, int num); 02335 int SSL_peek(SSL *ssl, void *buf, int num); 02336 int SSL_write(SSL *ssl, const void *buf, int num); 02337 long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); 02338 long SSL_callback_ctrl(SSL *, int, void (*)(void)); 02339 long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); 02340 long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); 02341 02342 int SSL_get_error(const SSL *s, int ret_code); 02343 const char *SSL_get_version(const SSL *s); 02344 02345 /* This sets the 'default' SSL version that SSL_new() will create */ 02346 int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); 02347 02348 # ifndef OPENSSL_NO_SSL2 02349 const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ 02350 const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ 02351 const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ 02352 # endif 02353 02354 # ifndef OPENSSL_NO_SSL3_METHOD 02355 const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ 02356 const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ 02357 const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ 02358 # endif 02359 02360 const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS 02361 * version */ 02362 const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available 02363 * SSL/TLS version */ 02364 const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available 02365 * SSL/TLS version */ 02366 02367 const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ 02368 const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ 02369 const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ 02370 02371 const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ 02372 const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ 02373 const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ 02374 02375 const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ 02376 const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ 02377 const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ 02378 02379 const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ 02380 const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ 02381 const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ 02382 02383 const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ 02384 const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ 02385 const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ 02386 02387 const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ 02388 const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ 02389 const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ 02390 02391 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); 02392 02393 int SSL_do_handshake(SSL *s); 02394 int SSL_renegotiate(SSL *s); 02395 int SSL_renegotiate_abbreviated(SSL *s); 02396 int SSL_renegotiate_pending(SSL *s); 02397 int SSL_shutdown(SSL *s); 02398 02399 const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); 02400 const SSL_METHOD *SSL_get_ssl_method(SSL *s); 02401 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); 02402 const char *SSL_alert_type_string_long(int value); 02403 const char *SSL_alert_type_string(int value); 02404 const char *SSL_alert_desc_string_long(int value); 02405 const char *SSL_alert_desc_string(int value); 02406 02407 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); 02408 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); 02409 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); 02410 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); 02411 int SSL_add_client_CA(SSL *ssl, X509 *x); 02412 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); 02413 02414 void SSL_set_connect_state(SSL *s); 02415 void SSL_set_accept_state(SSL *s); 02416 02417 long SSL_get_default_timeout(const SSL *s); 02418 02419 int SSL_library_init(void); 02420 02421 char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); 02422 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); 02423 02424 SSL *SSL_dup(SSL *ssl); 02425 02426 X509 *SSL_get_certificate(const SSL *ssl); 02427 /* 02428 * EVP_PKEY 02429 */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); 02430 02431 X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); 02432 EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); 02433 02434 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); 02435 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); 02436 void SSL_set_quiet_shutdown(SSL *ssl, int mode); 02437 int SSL_get_quiet_shutdown(const SSL *ssl); 02438 void SSL_set_shutdown(SSL *ssl, int mode); 02439 int SSL_get_shutdown(const SSL *ssl); 02440 int SSL_version(const SSL *ssl); 02441 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); 02442 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, 02443 const char *CApath); 02444 # define SSL_get0_session SSL_get_session/* just peek at pointer */ 02445 SSL_SESSION *SSL_get_session(const SSL *ssl); 02446 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ 02447 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); 02448 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); 02449 void SSL_set_info_callback(SSL *ssl, 02450 void (*cb) (const SSL *ssl, int type, int val)); 02451 void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, 02452 int val); 02453 int SSL_state(const SSL *ssl); 02454 void SSL_set_state(SSL *ssl, int state); 02455 02456 void SSL_set_verify_result(SSL *ssl, long v); 02457 long SSL_get_verify_result(const SSL *ssl); 02458 02459 int SSL_set_ex_data(SSL *ssl, int idx, void *data); 02460 void *SSL_get_ex_data(const SSL *ssl, int idx); 02461 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 02462 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 02463 02464 int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); 02465 void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); 02466 int SSL_SESSION_get_ex_new_index(long argl, void *argp, 02467 CRYPTO_EX_new *new_func, 02468 CRYPTO_EX_dup *dup_func, 02469 CRYPTO_EX_free *free_func); 02470 02471 int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); 02472 void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); 02473 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 02474 CRYPTO_EX_dup *dup_func, 02475 CRYPTO_EX_free *free_func); 02476 02477 int SSL_get_ex_data_X509_STORE_CTX_idx(void); 02478 02479 # define SSL_CTX_sess_set_cache_size(ctx,t) \ 02480 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) 02481 # define SSL_CTX_sess_get_cache_size(ctx) \ 02482 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) 02483 # define SSL_CTX_set_session_cache_mode(ctx,m) \ 02484 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) 02485 # define SSL_CTX_get_session_cache_mode(ctx) \ 02486 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) 02487 02488 # define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) 02489 # define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) 02490 # define SSL_CTX_get_read_ahead(ctx) \ 02491 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) 02492 # define SSL_CTX_set_read_ahead(ctx,m) \ 02493 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) 02494 # define SSL_CTX_get_max_cert_list(ctx) \ 02495 SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 02496 # define SSL_CTX_set_max_cert_list(ctx,m) \ 02497 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 02498 # define SSL_get_max_cert_list(ssl) \ 02499 SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) 02500 # define SSL_set_max_cert_list(ssl,m) \ 02501 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) 02502 02503 # define SSL_CTX_set_max_send_fragment(ctx,m) \ 02504 SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 02505 # define SSL_set_max_send_fragment(ssl,m) \ 02506 SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) 02507 02508 /* NB: the keylength is only applicable when is_export is true */ 02509 # ifndef OPENSSL_NO_RSA 02510 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, 02511 RSA *(*cb) (SSL *ssl, int is_export, 02512 int keylength)); 02513 02514 void SSL_set_tmp_rsa_callback(SSL *ssl, 02515 RSA *(*cb) (SSL *ssl, int is_export, 02516 int keylength)); 02517 # endif 02518 # ifndef OPENSSL_NO_DH 02519 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, 02520 DH *(*dh) (SSL *ssl, int is_export, 02521 int keylength)); 02522 void SSL_set_tmp_dh_callback(SSL *ssl, 02523 DH *(*dh) (SSL *ssl, int is_export, 02524 int keylength)); 02525 # endif 02526 # ifndef OPENSSL_NO_ECDH 02527 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, 02528 EC_KEY *(*ecdh) (SSL *ssl, int is_export, 02529 int keylength)); 02530 void SSL_set_tmp_ecdh_callback(SSL *ssl, 02531 EC_KEY *(*ecdh) (SSL *ssl, int is_export, 02532 int keylength)); 02533 # endif 02534 02535 # ifndef OPENSSL_NO_COMP 02536 const COMP_METHOD *SSL_get_current_compression(SSL *s); 02537 const COMP_METHOD *SSL_get_current_expansion(SSL *s); 02538 const char *SSL_COMP_get_name(const COMP_METHOD *comp); 02539 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); 02540 STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) 02541 *meths); 02542 void SSL_COMP_free_compression_methods(void); 02543 int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); 02544 # else 02545 const void *SSL_get_current_compression(SSL *s); 02546 const void *SSL_get_current_expansion(SSL *s); 02547 const char *SSL_COMP_get_name(const void *comp); 02548 void *SSL_COMP_get_compression_methods(void); 02549 int SSL_COMP_add_compression_method(int id, void *cm); 02550 # endif 02551 02552 const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); 02553 02554 /* TLS extensions functions */ 02555 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); 02556 02557 int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, 02558 void *arg); 02559 02560 /* Pre-shared secret session resumption functions */ 02561 int SSL_set_session_secret_cb(SSL *s, 02562 tls_session_secret_cb_fn tls_session_secret_cb, 02563 void *arg); 02564 02565 void SSL_set_debug(SSL *s, int debug); 02566 int SSL_cache_hit(SSL *s); 02567 int SSL_is_server(SSL *s); 02568 02569 SSL_CONF_CTX *SSL_CONF_CTX_new(void); 02570 int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); 02571 void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); 02572 unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); 02573 unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); 02574 int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); 02575 02576 void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); 02577 void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); 02578 02579 int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); 02580 int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); 02581 int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); 02582 02583 # ifndef OPENSSL_NO_SSL_TRACE 02584 void SSL_trace(int write_p, int version, int content_type, 02585 const void *buf, size_t len, SSL *ssl, void *arg); 02586 const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); 02587 # endif 02588 02589 # ifndef OPENSSL_NO_UNIT_TEST 02590 const struct openssl_ssl_test_functions *SSL_test_functions(void); 02591 # endif 02592 02593 /* BEGIN ERROR CODES */ 02594 /* 02595 * The following lines are auto generated by the script mkerr.pl. Any changes 02596 * made after this point may be overwritten when the script is next run. 02597 */ 02598 void ERR_load_SSL_strings(void); 02599 02600 /* Error codes for the SSL functions. */ 02601 02602 /* Function codes. */ 02603 # define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 02604 # define SSL_F_CLIENT_CERTIFICATE 100 02605 # define SSL_F_CLIENT_FINISHED 167 02606 # define SSL_F_CLIENT_HELLO 101 02607 # define SSL_F_CLIENT_MASTER_KEY 102 02608 # define SSL_F_D2I_SSL_SESSION 103 02609 # define SSL_F_DO_DTLS1_WRITE 245 02610 # define SSL_F_DO_SSL3_WRITE 104 02611 # define SSL_F_DTLS1_ACCEPT 246 02612 # define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 02613 # define SSL_F_DTLS1_BUFFER_RECORD 247 02614 # define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 02615 # define SSL_F_DTLS1_CLIENT_HELLO 248 02616 # define SSL_F_DTLS1_CONNECT 249 02617 # define SSL_F_DTLS1_ENC 250 02618 # define SSL_F_DTLS1_GET_HELLO_VERIFY 251 02619 # define SSL_F_DTLS1_GET_MESSAGE 252 02620 # define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 02621 # define SSL_F_DTLS1_GET_RECORD 254 02622 # define SSL_F_DTLS1_HANDLE_TIMEOUT 297 02623 # define SSL_F_DTLS1_HEARTBEAT 305 02624 # define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 02625 # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 02626 # define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 02627 # define SSL_F_DTLS1_PROCESS_RECORD 257 02628 # define SSL_F_DTLS1_READ_BYTES 258 02629 # define SSL_F_DTLS1_READ_FAILED 259 02630 # define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 02631 # define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 02632 # define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 02633 # define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 02634 # define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 02635 # define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 02636 # define SSL_F_DTLS1_SEND_SERVER_HELLO 266 02637 # define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 02638 # define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 02639 # define SSL_F_GET_CLIENT_FINISHED 105 02640 # define SSL_F_GET_CLIENT_HELLO 106 02641 # define SSL_F_GET_CLIENT_MASTER_KEY 107 02642 # define SSL_F_GET_SERVER_FINISHED 108 02643 # define SSL_F_GET_SERVER_HELLO 109 02644 # define SSL_F_GET_SERVER_STATIC_DH_KEY 340 02645 # define SSL_F_GET_SERVER_VERIFY 110 02646 # define SSL_F_I2D_SSL_SESSION 111 02647 # define SSL_F_READ_N 112 02648 # define SSL_F_REQUEST_CERTIFICATE 113 02649 # define SSL_F_SERVER_FINISH 239 02650 # define SSL_F_SERVER_HELLO 114 02651 # define SSL_F_SERVER_VERIFY 240 02652 # define SSL_F_SSL23_ACCEPT 115 02653 # define SSL_F_SSL23_CLIENT_HELLO 116 02654 # define SSL_F_SSL23_CONNECT 117 02655 # define SSL_F_SSL23_GET_CLIENT_HELLO 118 02656 # define SSL_F_SSL23_GET_SERVER_HELLO 119 02657 # define SSL_F_SSL23_PEEK 237 02658 # define SSL_F_SSL23_READ 120 02659 # define SSL_F_SSL23_WRITE 121 02660 # define SSL_F_SSL2_ACCEPT 122 02661 # define SSL_F_SSL2_CONNECT 123 02662 # define SSL_F_SSL2_ENC_INIT 124 02663 # define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 02664 # define SSL_F_SSL2_PEEK 234 02665 # define SSL_F_SSL2_READ 125 02666 # define SSL_F_SSL2_READ_INTERNAL 236 02667 # define SSL_F_SSL2_SET_CERTIFICATE 126 02668 # define SSL_F_SSL2_WRITE 127 02669 # define SSL_F_SSL3_ACCEPT 128 02670 # define SSL_F_SSL3_ADD_CERT_TO_BUF 296 02671 # define SSL_F_SSL3_CALLBACK_CTRL 233 02672 # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 02673 # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 02674 # define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 02675 # define SSL_F_SSL3_CHECK_FINISHED 339 02676 # define SSL_F_SSL3_CLIENT_HELLO 131 02677 # define SSL_F_SSL3_CONNECT 132 02678 # define SSL_F_SSL3_CTRL 213 02679 # define SSL_F_SSL3_CTX_CTRL 133 02680 # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 02681 # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 02682 # define SSL_F_SSL3_ENC 134 02683 # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 02684 # define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 02685 # define SSL_F_SSL3_GET_CERT_STATUS 289 02686 # define SSL_F_SSL3_GET_CERT_VERIFY 136 02687 # define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 02688 # define SSL_F_SSL3_GET_CLIENT_HELLO 138 02689 # define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 02690 # define SSL_F_SSL3_GET_FINISHED 140 02691 # define SSL_F_SSL3_GET_KEY_EXCHANGE 141 02692 # define SSL_F_SSL3_GET_MESSAGE 142 02693 # define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 02694 # define SSL_F_SSL3_GET_NEXT_PROTO 306 02695 # define SSL_F_SSL3_GET_RECORD 143 02696 # define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 02697 # define SSL_F_SSL3_GET_SERVER_DONE 145 02698 # define SSL_F_SSL3_GET_SERVER_HELLO 146 02699 # define SSL_F_SSL3_HANDSHAKE_MAC 285 02700 # define SSL_F_SSL3_NEW_SESSION_TICKET 287 02701 # define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 02702 # define SSL_F_SSL3_PEEK 235 02703 # define SSL_F_SSL3_READ_BYTES 148 02704 # define SSL_F_SSL3_READ_N 149 02705 # define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 02706 # define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 02707 # define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 02708 # define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 02709 # define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 02710 # define SSL_F_SSL3_SEND_SERVER_HELLO 242 02711 # define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 02712 # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 02713 # define SSL_F_SSL3_SETUP_READ_BUFFER 156 02714 # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 02715 # define SSL_F_SSL3_WRITE_BYTES 158 02716 # define SSL_F_SSL3_WRITE_PENDING 159 02717 # define SSL_F_SSL_ADD_CERT_CHAIN 318 02718 # define SSL_F_SSL_ADD_CERT_TO_BUF 319 02719 # define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 02720 # define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 02721 # define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 02722 # define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 02723 # define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 02724 # define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 02725 # define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 02726 # define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 02727 # define SSL_F_SSL_BAD_METHOD 160 02728 # define SSL_F_SSL_BUILD_CERT_CHAIN 332 02729 # define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 02730 # define SSL_F_SSL_CERT_DUP 221 02731 # define SSL_F_SSL_CERT_INST 222 02732 # define SSL_F_SSL_CERT_INSTANTIATE 214 02733 # define SSL_F_SSL_CERT_NEW 162 02734 # define SSL_F_SSL_CHECK_PRIVATE_KEY 163 02735 # define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 02736 # define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 02737 # define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 02738 # define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 02739 # define SSL_F_SSL_CLEAR 164 02740 # define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 02741 # define SSL_F_SSL_CONF_CMD 334 02742 # define SSL_F_SSL_CREATE_CIPHER_LIST 166 02743 # define SSL_F_SSL_CTRL 232 02744 # define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 02745 # define SSL_F_SSL_CTX_MAKE_PROFILES 309 02746 # define SSL_F_SSL_CTX_NEW 169 02747 # define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 02748 # define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 02749 # define SSL_F_SSL_CTX_SET_PURPOSE 226 02750 # define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 02751 # define SSL_F_SSL_CTX_SET_SSL_VERSION 170 02752 # define SSL_F_SSL_CTX_SET_TRUST 229 02753 # define SSL_F_SSL_CTX_USE_CERTIFICATE 171 02754 # define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 02755 # define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 02756 # define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 02757 # define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 02758 # define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 02759 # define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 02760 # define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 02761 # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 02762 # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 02763 # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 02764 # define SSL_F_SSL_CTX_USE_SERVERINFO 336 02765 # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 02766 # define SSL_F_SSL_DO_HANDSHAKE 180 02767 # define SSL_F_SSL_GET_NEW_SESSION 181 02768 # define SSL_F_SSL_GET_PREV_SESSION 217 02769 # define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 02770 # define SSL_F_SSL_GET_SERVER_SEND_CERT 182 02771 # define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 02772 # define SSL_F_SSL_GET_SIGN_PKEY 183 02773 # define SSL_F_SSL_INIT_WBIO_BUFFER 184 02774 # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 02775 # define SSL_F_SSL_NEW 186 02776 # define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 02777 # define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 02778 # define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 02779 # define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 02780 # define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 02781 # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 02782 # define SSL_F_SSL_PEEK 270 02783 # define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 02784 # define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 02785 # define SSL_F_SSL_READ 223 02786 # define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 02787 # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 02788 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 02789 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 02790 # define SSL_F_SSL_SESSION_DUP 348 02791 # define SSL_F_SSL_SESSION_NEW 189 02792 # define SSL_F_SSL_SESSION_PRINT_FP 190 02793 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 02794 # define SSL_F_SSL_SESS_CERT_NEW 225 02795 # define SSL_F_SSL_SET_CERT 191 02796 # define SSL_F_SSL_SET_CIPHER_LIST 271 02797 # define SSL_F_SSL_SET_FD 192 02798 # define SSL_F_SSL_SET_PKEY 193 02799 # define SSL_F_SSL_SET_PURPOSE 227 02800 # define SSL_F_SSL_SET_RFD 194 02801 # define SSL_F_SSL_SET_SESSION 195 02802 # define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 02803 # define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 02804 # define SSL_F_SSL_SET_TRUST 228 02805 # define SSL_F_SSL_SET_WFD 196 02806 # define SSL_F_SSL_SHUTDOWN 224 02807 # define SSL_F_SSL_SRP_CTX_INIT 313 02808 # define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 02809 # define SSL_F_SSL_UNDEFINED_FUNCTION 197 02810 # define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 02811 # define SSL_F_SSL_USE_CERTIFICATE 198 02812 # define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 02813 # define SSL_F_SSL_USE_CERTIFICATE_FILE 200 02814 # define SSL_F_SSL_USE_PRIVATEKEY 201 02815 # define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 02816 # define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 02817 # define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 02818 # define SSL_F_SSL_USE_RSAPRIVATEKEY 204 02819 # define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 02820 # define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 02821 # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 02822 # define SSL_F_SSL_WRITE 208 02823 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 02824 # define SSL_F_TLS1_CERT_VERIFY_MAC 286 02825 # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 02826 # define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 02827 # define SSL_F_TLS1_ENC 210 02828 # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 02829 # define SSL_F_TLS1_GET_CURVELIST 338 02830 # define SSL_F_TLS1_HEARTBEAT 315 02831 # define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 02832 # define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 02833 # define SSL_F_TLS1_PRF 284 02834 # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 02835 # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 02836 # define SSL_F_WRITE_PENDING 212 02837 02838 /* Reason codes. */ 02839 # define SSL_R_APP_DATA_IN_HANDSHAKE 100 02840 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 02841 # define SSL_R_BAD_ALERT_RECORD 101 02842 # define SSL_R_BAD_AUTHENTICATION_TYPE 102 02843 # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 02844 # define SSL_R_BAD_CHECKSUM 104 02845 # define SSL_R_BAD_DATA 390 02846 # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 02847 # define SSL_R_BAD_DECOMPRESSION 107 02848 # define SSL_R_BAD_DH_G_LENGTH 108 02849 # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 02850 # define SSL_R_BAD_DH_P_LENGTH 110 02851 # define SSL_R_BAD_DIGEST_LENGTH 111 02852 # define SSL_R_BAD_DSA_SIGNATURE 112 02853 # define SSL_R_BAD_ECC_CERT 304 02854 # define SSL_R_BAD_ECDSA_SIGNATURE 305 02855 # define SSL_R_BAD_ECPOINT 306 02856 # define SSL_R_BAD_HANDSHAKE_LENGTH 332 02857 # define SSL_R_BAD_HELLO_REQUEST 105 02858 # define SSL_R_BAD_LENGTH 271 02859 # define SSL_R_BAD_MAC_DECODE 113 02860 # define SSL_R_BAD_MAC_LENGTH 333 02861 # define SSL_R_BAD_MESSAGE_TYPE 114 02862 # define SSL_R_BAD_PACKET_LENGTH 115 02863 # define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 02864 # define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 02865 # define SSL_R_BAD_RESPONSE_ARGUMENT 117 02866 # define SSL_R_BAD_RSA_DECRYPT 118 02867 # define SSL_R_BAD_RSA_ENCRYPT 119 02868 # define SSL_R_BAD_RSA_E_LENGTH 120 02869 # define SSL_R_BAD_RSA_MODULUS_LENGTH 121 02870 # define SSL_R_BAD_RSA_SIGNATURE 122 02871 # define SSL_R_BAD_SIGNATURE 123 02872 # define SSL_R_BAD_SRP_A_LENGTH 347 02873 # define SSL_R_BAD_SRP_B_LENGTH 348 02874 # define SSL_R_BAD_SRP_G_LENGTH 349 02875 # define SSL_R_BAD_SRP_N_LENGTH 350 02876 # define SSL_R_BAD_SRP_PARAMETERS 371 02877 # define SSL_R_BAD_SRP_S_LENGTH 351 02878 # define SSL_R_BAD_SRTP_MKI_VALUE 352 02879 # define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 02880 # define SSL_R_BAD_SSL_FILETYPE 124 02881 # define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 02882 # define SSL_R_BAD_STATE 126 02883 # define SSL_R_BAD_VALUE 384 02884 # define SSL_R_BAD_WRITE_RETRY 127 02885 # define SSL_R_BIO_NOT_SET 128 02886 # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 02887 # define SSL_R_BN_LIB 130 02888 # define SSL_R_CA_DN_LENGTH_MISMATCH 131 02889 # define SSL_R_CA_DN_TOO_LONG 132 02890 # define SSL_R_CCS_RECEIVED_EARLY 133 02891 # define SSL_R_CERTIFICATE_VERIFY_FAILED 134 02892 # define SSL_R_CERT_CB_ERROR 377 02893 # define SSL_R_CERT_LENGTH_MISMATCH 135 02894 # define SSL_R_CHALLENGE_IS_DIFFERENT 136 02895 # define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 02896 # define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 02897 # define SSL_R_CIPHER_TABLE_SRC_ERROR 139 02898 # define SSL_R_CLIENTHELLO_TLSEXT 226 02899 # define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 02900 # define SSL_R_COMPRESSION_DISABLED 343 02901 # define SSL_R_COMPRESSION_FAILURE 141 02902 # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 02903 # define SSL_R_COMPRESSION_LIBRARY_ERROR 142 02904 # define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 02905 # define SSL_R_CONNECTION_TYPE_NOT_SET 144 02906 # define SSL_R_COOKIE_MISMATCH 308 02907 # define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 02908 # define SSL_R_DATA_LENGTH_TOO_LONG 146 02909 # define SSL_R_DECRYPTION_FAILED 147 02910 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 02911 # define SSL_R_DH_KEY_TOO_SMALL 372 02912 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 02913 # define SSL_R_DIGEST_CHECK_FAILED 149 02914 # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 02915 # define SSL_R_DUPLICATE_COMPRESSION_ID 309 02916 # define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 02917 # define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 02918 # define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 02919 # define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 02920 # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 02921 # define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 02922 # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 02923 # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 02924 # define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 02925 # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 02926 # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 02927 # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 02928 # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 02929 # define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 02930 # define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 02931 # define SSL_R_HTTPS_PROXY_REQUEST 155 02932 # define SSL_R_HTTP_REQUEST 156 02933 # define SSL_R_ILLEGAL_PADDING 283 02934 # define SSL_R_ILLEGAL_SUITEB_DIGEST 380 02935 # define SSL_R_INAPPROPRIATE_FALLBACK 373 02936 # define SSL_R_INCONSISTENT_COMPRESSION 340 02937 # define SSL_R_INVALID_CHALLENGE_LENGTH 158 02938 # define SSL_R_INVALID_COMMAND 280 02939 # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 02940 # define SSL_R_INVALID_NULL_CMD_NAME 385 02941 # define SSL_R_INVALID_PURPOSE 278 02942 # define SSL_R_INVALID_SERVERINFO_DATA 388 02943 # define SSL_R_INVALID_SRP_USERNAME 357 02944 # define SSL_R_INVALID_STATUS_RESPONSE 328 02945 # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 02946 # define SSL_R_INVALID_TRUST 279 02947 # define SSL_R_KEY_ARG_TOO_LONG 284 02948 # define SSL_R_KRB5 285 02949 # define SSL_R_KRB5_C_CC_PRINC 286 02950 # define SSL_R_KRB5_C_GET_CRED 287 02951 # define SSL_R_KRB5_C_INIT 288 02952 # define SSL_R_KRB5_C_MK_REQ 289 02953 # define SSL_R_KRB5_S_BAD_TICKET 290 02954 # define SSL_R_KRB5_S_INIT 291 02955 # define SSL_R_KRB5_S_RD_REQ 292 02956 # define SSL_R_KRB5_S_TKT_EXPIRED 293 02957 # define SSL_R_KRB5_S_TKT_NYV 294 02958 # define SSL_R_KRB5_S_TKT_SKEW 295 02959 # define SSL_R_LENGTH_MISMATCH 159 02960 # define SSL_R_LENGTH_TOO_SHORT 160 02961 # define SSL_R_LIBRARY_BUG 274 02962 # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 02963 # define SSL_R_MESSAGE_TOO_LONG 296 02964 # define SSL_R_MISSING_DH_DSA_CERT 162 02965 # define SSL_R_MISSING_DH_KEY 163 02966 # define SSL_R_MISSING_DH_RSA_CERT 164 02967 # define SSL_R_MISSING_DSA_SIGNING_CERT 165 02968 # define SSL_R_MISSING_ECDH_CERT 382 02969 # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 02970 # define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 02971 # define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 02972 # define SSL_R_MISSING_RSA_CERTIFICATE 168 02973 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 02974 # define SSL_R_MISSING_RSA_SIGNING_CERT 170 02975 # define SSL_R_MISSING_SRP_PARAM 358 02976 # define SSL_R_MISSING_TMP_DH_KEY 171 02977 # define SSL_R_MISSING_TMP_ECDH_KEY 311 02978 # define SSL_R_MISSING_TMP_RSA_KEY 172 02979 # define SSL_R_MISSING_TMP_RSA_PKEY 173 02980 # define SSL_R_MISSING_VERIFY_MESSAGE 174 02981 # define SSL_R_MULTIPLE_SGC_RESTARTS 346 02982 # define SSL_R_NON_SSLV2_INITIAL_PACKET 175 02983 # define SSL_R_NO_CERTIFICATES_RETURNED 176 02984 # define SSL_R_NO_CERTIFICATE_ASSIGNED 177 02985 # define SSL_R_NO_CERTIFICATE_RETURNED 178 02986 # define SSL_R_NO_CERTIFICATE_SET 179 02987 # define SSL_R_NO_CERTIFICATE_SPECIFIED 180 02988 # define SSL_R_NO_CIPHERS_AVAILABLE 181 02989 # define SSL_R_NO_CIPHERS_PASSED 182 02990 # define SSL_R_NO_CIPHERS_SPECIFIED 183 02991 # define SSL_R_NO_CIPHER_LIST 184 02992 # define SSL_R_NO_CIPHER_MATCH 185 02993 # define SSL_R_NO_CLIENT_CERT_METHOD 331 02994 # define SSL_R_NO_CLIENT_CERT_RECEIVED 186 02995 # define SSL_R_NO_COMPRESSION_SPECIFIED 187 02996 # define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 02997 # define SSL_R_NO_METHOD_SPECIFIED 188 02998 # define SSL_R_NO_PEM_EXTENSIONS 389 02999 # define SSL_R_NO_PRIVATEKEY 189 03000 # define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 03001 # define SSL_R_NO_PROTOCOLS_AVAILABLE 191 03002 # define SSL_R_NO_PUBLICKEY 192 03003 # define SSL_R_NO_RENEGOTIATION 339 03004 # define SSL_R_NO_REQUIRED_DIGEST 324 03005 # define SSL_R_NO_SHARED_CIPHER 193 03006 # define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 03007 # define SSL_R_NO_SRTP_PROFILES 359 03008 # define SSL_R_NO_VERIFY_CALLBACK 194 03009 # define SSL_R_NULL_SSL_CTX 195 03010 # define SSL_R_NULL_SSL_METHOD_PASSED 196 03011 # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 03012 # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 03013 # define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387 03014 # define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379 03015 # define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 03016 # define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 03017 # define SSL_R_PACKET_LENGTH_TOO_LONG 198 03018 # define SSL_R_PARSE_TLSEXT 227 03019 # define SSL_R_PATH_TOO_LONG 270 03020 # define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 03021 # define SSL_R_PEER_ERROR 200 03022 # define SSL_R_PEER_ERROR_CERTIFICATE 201 03023 # define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 03024 # define SSL_R_PEER_ERROR_NO_CIPHER 203 03025 # define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 03026 # define SSL_R_PEM_NAME_BAD_PREFIX 391 03027 # define SSL_R_PEM_NAME_TOO_SHORT 392 03028 # define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 03029 # define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 03030 # define SSL_R_PROTOCOL_IS_SHUTDOWN 207 03031 # define SSL_R_PSK_IDENTITY_NOT_FOUND 223 03032 # define SSL_R_PSK_NO_CLIENT_CB 224 03033 # define SSL_R_PSK_NO_SERVER_CB 225 03034 # define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 03035 # define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 03036 # define SSL_R_PUBLIC_KEY_NOT_RSA 210 03037 # define SSL_R_READ_BIO_NOT_SET 211 03038 # define SSL_R_READ_TIMEOUT_EXPIRED 312 03039 # define SSL_R_READ_WRONG_PACKET_TYPE 212 03040 # define SSL_R_RECORD_LENGTH_MISMATCH 213 03041 # define SSL_R_RECORD_TOO_LARGE 214 03042 # define SSL_R_RECORD_TOO_SMALL 298 03043 # define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 03044 # define SSL_R_RENEGOTIATION_ENCODING_ERR 336 03045 # define SSL_R_RENEGOTIATION_MISMATCH 337 03046 # define SSL_R_REQUIRED_CIPHER_MISSING 215 03047 # define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 03048 # define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 03049 # define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 03050 # define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 03051 # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 03052 # define SSL_R_SERVERHELLO_TLSEXT 275 03053 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 03054 # define SSL_R_SHORT_READ 219 03055 # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 03056 # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 03057 # define SSL_R_SRP_A_CALC 361 03058 # define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 03059 # define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 03060 # define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 03061 # define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 03062 # define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 03063 # define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 03064 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 03065 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 03066 # define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 03067 # define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 03068 # define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 03069 # define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 03070 # define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 03071 # define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 03072 # define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 03073 # define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 03074 # define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 03075 # define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 03076 # define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 03077 # define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 03078 # define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 03079 # define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 03080 # define SSL_R_SSL_HANDSHAKE_FAILURE 229 03081 # define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 03082 # define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 03083 # define SSL_R_SSL_SESSION_ID_CONFLICT 302 03084 # define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 03085 # define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 03086 # define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 03087 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 03088 # define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 03089 # define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 03090 # define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 03091 # define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 03092 # define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 03093 # define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 03094 # define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 03095 # define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 03096 # define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 03097 # define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 03098 # define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 03099 # define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 03100 # define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 03101 # define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 03102 # define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 03103 # define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 03104 # define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 03105 # define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 03106 # define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 03107 # define SSL_R_TLS_HEARTBEAT_PENDING 366 03108 # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 03109 # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 03110 # define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 03111 # define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 03112 # define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 03113 # define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 03114 # define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 03115 # define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 03116 # define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 03117 # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 03118 # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 03119 # define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 03120 # define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 03121 # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 03122 # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 03123 # define SSL_R_UNEXPECTED_MESSAGE 244 03124 # define SSL_R_UNEXPECTED_RECORD 245 03125 # define SSL_R_UNINITIALIZED 276 03126 # define SSL_R_UNKNOWN_ALERT_TYPE 246 03127 # define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 03128 # define SSL_R_UNKNOWN_CIPHER_RETURNED 248 03129 # define SSL_R_UNKNOWN_CIPHER_TYPE 249 03130 # define SSL_R_UNKNOWN_CMD_NAME 386 03131 # define SSL_R_UNKNOWN_DIGEST 368 03132 # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 03133 # define SSL_R_UNKNOWN_PKEY_TYPE 251 03134 # define SSL_R_UNKNOWN_PROTOCOL 252 03135 # define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 03136 # define SSL_R_UNKNOWN_SSL_VERSION 254 03137 # define SSL_R_UNKNOWN_STATE 255 03138 # define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 03139 # define SSL_R_UNSUPPORTED_CIPHER 256 03140 # define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 03141 # define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 03142 # define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 03143 # define SSL_R_UNSUPPORTED_PROTOCOL 258 03144 # define SSL_R_UNSUPPORTED_SSL_VERSION 259 03145 # define SSL_R_UNSUPPORTED_STATUS_TYPE 329 03146 # define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 03147 # define SSL_R_WRITE_BIO_NOT_SET 260 03148 # define SSL_R_WRONG_CERTIFICATE_TYPE 383 03149 # define SSL_R_WRONG_CIPHER_RETURNED 261 03150 # define SSL_R_WRONG_CURVE 378 03151 # define SSL_R_WRONG_MESSAGE_TYPE 262 03152 # define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 03153 # define SSL_R_WRONG_SIGNATURE_LENGTH 264 03154 # define SSL_R_WRONG_SIGNATURE_SIZE 265 03155 # define SSL_R_WRONG_SIGNATURE_TYPE 370 03156 # define SSL_R_WRONG_SSL_VERSION 266 03157 # define SSL_R_WRONG_VERSION_NUMBER 267 03158 # define SSL_R_X509_LIB 268 03159 # define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 03160 03161 #ifdef __cplusplus 03162 } 03163 #endif 03164 #endif