Eneboo - Documentación para desarrolladores
src/libdigidoc/openssl/ssl/ssl.h
Ir a la documentación de este archivo.
00001 /* ssl/ssl.h */
00002 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
00003  * All rights reserved.
00004  *
00005  * This package is an SSL implementation written
00006  * by Eric Young (eay@cryptsoft.com).
00007  * The implementation was written so as to conform with Netscapes SSL.
00008  * 
00009  * This library is free for commercial and non-commercial use as long as
00010  * the following conditions are aheared to.  The following conditions
00011  * apply to all code found in this distribution, be it the RC4, RSA,
00012  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
00013  * included with this distribution is covered by the same copyright terms
00014  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
00015  * 
00016  * Copyright remains Eric Young's, and as such any Copyright notices in
00017  * the code are not to be removed.
00018  * If this package is used in a product, Eric Young should be given attribution
00019  * as the author of the parts of the library used.
00020  * This can be in the form of a textual message at program startup or
00021  * in documentation (online or textual) provided with the package.
00022  * 
00023  * Redistribution and use in source and binary forms, with or without
00024  * modification, are permitted provided that the following conditions
00025  * are met:
00026  * 1. Redistributions of source code must retain the copyright
00027  *    notice, this list of conditions and the following disclaimer.
00028  * 2. Redistributions in binary form must reproduce the above copyright
00029  *    notice, this list of conditions and the following disclaimer in the
00030  *    documentation and/or other materials provided with the distribution.
00031  * 3. All advertising materials mentioning features or use of this software
00032  *    must display the following acknowledgement:
00033  *    "This product includes cryptographic software written by
00034  *     Eric Young (eay@cryptsoft.com)"
00035  *    The word 'cryptographic' can be left out if the rouines from the library
00036  *    being used are not cryptographic related :-).
00037  * 4. If you include any Windows specific code (or a derivative thereof) from 
00038  *    the apps directory (application code) you must include an acknowledgement:
00039  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
00040  * 
00041  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
00042  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00043  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00044  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
00045  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
00046  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
00047  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00048  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
00049  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
00050  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
00051  * SUCH DAMAGE.
00052  * 
00053  * The licence and distribution terms for any publically available version or
00054  * derivative of this code cannot be changed.  i.e. this code cannot simply be
00055  * copied and put under another distribution licence
00056  * [including the GNU Public Licence.]
00057  */
00058 /* ====================================================================
00059  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
00060  *
00061  * Redistribution and use in source and binary forms, with or without
00062  * modification, are permitted provided that the following conditions
00063  * are met:
00064  *
00065  * 1. Redistributions of source code must retain the above copyright
00066  *    notice, this list of conditions and the following disclaimer. 
00067  *
00068  * 2. Redistributions in binary form must reproduce the above copyright
00069  *    notice, this list of conditions and the following disclaimer in
00070  *    the documentation and/or other materials provided with the
00071  *    distribution.
00072  *
00073  * 3. All advertising materials mentioning features or use of this
00074  *    software must display the following acknowledgment:
00075  *    "This product includes software developed by the OpenSSL Project
00076  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
00077  *
00078  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
00079  *    endorse or promote products derived from this software without
00080  *    prior written permission. For written permission, please contact
00081  *    openssl-core@openssl.org.
00082  *
00083  * 5. Products derived from this software may not be called "OpenSSL"
00084  *    nor may "OpenSSL" appear in their names without prior written
00085  *    permission of the OpenSSL Project.
00086  *
00087  * 6. Redistributions of any form whatsoever must retain the following
00088  *    acknowledgment:
00089  *    "This product includes software developed by the OpenSSL Project
00090  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
00091  *
00092  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
00093  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00094  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
00095  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
00096  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00097  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
00098  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
00099  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
00101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
00103  * OF THE POSSIBILITY OF SUCH DAMAGE.
00104  * ====================================================================
00105  *
00106  * This product includes cryptographic software written by Eric Young
00107  * (eay@cryptsoft.com).  This product includes software written by Tim
00108  * Hudson (tjh@cryptsoft.com).
00109  *
00110  */
00111 /* ====================================================================
00112  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
00113  *
00114  * Redistribution and use in source and binary forms, with or without
00115  * modification, are permitted provided that the following conditions
00116  * are met:
00117  *
00118  * 1. Redistributions of source code must retain the above copyright
00119  *    notice, this list of conditions and the following disclaimer. 
00120  *
00121  * 2. Redistributions in binary form must reproduce the above copyright
00122  *    notice, this list of conditions and the following disclaimer in
00123  *    the documentation and/or other materials provided with the
00124  *    distribution.
00125  *
00126  * 3. All advertising materials mentioning features or use of this
00127  *    software must display the following acknowledgment:
00128  *    "This product includes software developed by the OpenSSL Project
00129  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
00130  *
00131  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
00132  *    endorse or promote products derived from this software without
00133  *    prior written permission. For written permission, please contact
00134  *    openssl-core@openssl.org.
00135  *
00136  * 5. Products derived from this software may not be called "OpenSSL"
00137  *    nor may "OpenSSL" appear in their names without prior written
00138  *    permission of the OpenSSL Project.
00139  *
00140  * 6. Redistributions of any form whatsoever must retain the following
00141  *    acknowledgment:
00142  *    "This product includes software developed by the OpenSSL Project
00143  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
00144  *
00145  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
00146  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00147  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
00148  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
00149  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00150  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
00151  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
00152  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00153  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
00154  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00155  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
00156  * OF THE POSSIBILITY OF SUCH DAMAGE.
00157  * ====================================================================
00158  *
00159  * This product includes cryptographic software written by Eric Young
00160  * (eay@cryptsoft.com).  This product includes software written by Tim
00161  * Hudson (tjh@cryptsoft.com).
00162  *
00163  */
00164 /* ====================================================================
00165  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
00166  * ECC cipher suite support in OpenSSL originally developed by 
00167  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
00168  */
00169 
00170 #ifndef HEADER_SSL_H 
00171 #define HEADER_SSL_H 
00172 
00173 #include <openssl/e_os2.h>
00174 
00175 #ifndef OPENSSL_NO_COMP
00176 #include <openssl/comp.h>
00177 #endif
00178 #ifndef OPENSSL_NO_BIO
00179 #include <openssl/bio.h>
00180 #endif
00181 #ifndef OPENSSL_NO_DEPRECATED
00182 #ifndef OPENSSL_NO_X509
00183 #include <openssl/x509.h>
00184 #endif
00185 #include <openssl/crypto.h>
00186 #include <openssl/lhash.h>
00187 #include <openssl/buffer.h>
00188 #endif
00189 #include <openssl/pem.h>
00190 #include <openssl/hmac.h>
00191 
00192 #include <openssl/kssl.h>
00193 #include <openssl/safestack.h>
00194 #include <openssl/symhacks.h>
00195 
00196 #ifdef  __cplusplus
00197 extern "C" {
00198 #endif
00199 
00200 /* SSLeay version number for ASN.1 encoding of the session information */
00201 /* Version 0 - initial version
00202  * Version 1 - added the optional peer certificate
00203  */
00204 #define SSL_SESSION_ASN1_VERSION 0x0001
00205 
00206 /* text strings for the ciphers */
00207 #define SSL_TXT_NULL_WITH_MD5           SSL2_TXT_NULL_WITH_MD5                  
00208 #define SSL_TXT_RC4_128_WITH_MD5        SSL2_TXT_RC4_128_WITH_MD5               
00209 #define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5    
00210 #define SSL_TXT_RC2_128_CBC_WITH_MD5    SSL2_TXT_RC2_128_CBC_WITH_MD5           
00211 #define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5    
00212 #define SSL_TXT_IDEA_128_CBC_WITH_MD5   SSL2_TXT_IDEA_128_CBC_WITH_MD5          
00213 #define SSL_TXT_DES_64_CBC_WITH_MD5     SSL2_TXT_DES_64_CBC_WITH_MD5            
00214 #define SSL_TXT_DES_64_CBC_WITH_SHA     SSL2_TXT_DES_64_CBC_WITH_SHA            
00215 #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5    
00216 #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA    
00217 
00218 /*    VRS Additional Kerberos5 entries
00219  */
00220 #define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
00221 #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
00222 #define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
00223 #define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
00224 #define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
00225 #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
00226 #define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
00227 #define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
00228 
00229 #define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
00230 #define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
00231 #define SSL_TXT_KRB5_RC4_40_SHA       SSL3_TXT_KRB5_RC4_40_SHA
00232 #define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
00233 #define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
00234 #define SSL_TXT_KRB5_RC4_40_MD5       SSL3_TXT_KRB5_RC4_40_MD5
00235 
00236 #define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
00237 #define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
00238 #define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
00239 #define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
00240 #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
00241 #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
00242 #define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
00243 
00244 #define SSL_MAX_SSL_SESSION_ID_LENGTH           32
00245 #define SSL_MAX_SID_CTX_LENGTH                  32
00246 
00247 #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
00248 #define SSL_MAX_KEY_ARG_LENGTH                  8
00249 #define SSL_MAX_MASTER_KEY_LENGTH               48
00250 
00251 /* These are used to specify which ciphers to use and not to use */
00252 #define SSL_TXT_LOW             "LOW"
00253 #define SSL_TXT_MEDIUM          "MEDIUM"
00254 #define SSL_TXT_HIGH            "HIGH"
00255 #define SSL_TXT_FIPS            "FIPS"
00256 #define SSL_TXT_kFZA            "kFZA"
00257 #define SSL_TXT_aFZA            "aFZA"
00258 #define SSL_TXT_eFZA            "eFZA"
00259 #define SSL_TXT_FZA             "FZA"
00260 
00261 #define SSL_TXT_aNULL           "aNULL"
00262 #define SSL_TXT_eNULL           "eNULL"
00263 #define SSL_TXT_NULL            "NULL"
00264 
00265 #define SSL_TXT_kKRB5           "kKRB5"
00266 #define SSL_TXT_aKRB5           "aKRB5"
00267 #define SSL_TXT_KRB5            "KRB5"
00268 
00269 #define SSL_TXT_kRSA            "kRSA"
00270 #define SSL_TXT_kDHr            "kDHr"
00271 #define SSL_TXT_kDHd            "kDHd"
00272 #define SSL_TXT_kEDH            "kEDH"
00273 #define SSL_TXT_aRSA            "aRSA"
00274 #define SSL_TXT_aDSS            "aDSS"
00275 #define SSL_TXT_aDH             "aDH"
00276 #define SSL_TXT_DSS             "DSS"
00277 #define SSL_TXT_DH              "DH"
00278 #define SSL_TXT_EDH             "EDH"
00279 #define SSL_TXT_ADH             "ADH"
00280 #define SSL_TXT_RSA             "RSA"
00281 #define SSL_TXT_DES             "DES"
00282 #define SSL_TXT_3DES            "3DES"
00283 #define SSL_TXT_RC4             "RC4"
00284 #define SSL_TXT_RC2             "RC2"
00285 #define SSL_TXT_IDEA            "IDEA"
00286 #define SSL_TXT_SEED            "SEED"
00287 #define SSL_TXT_AES             "AES"
00288 #define SSL_TXT_CAMELLIA        "CAMELLIA"
00289 #define SSL_TXT_MD5             "MD5"
00290 #define SSL_TXT_SHA1            "SHA1"
00291 #define SSL_TXT_SHA             "SHA"
00292 #define SSL_TXT_EXP             "EXP"
00293 #define SSL_TXT_EXPORT          "EXPORT"
00294 #define SSL_TXT_EXP40           "EXPORT40"
00295 #define SSL_TXT_EXP56           "EXPORT56"
00296 #define SSL_TXT_SSLV2           "SSLv2"
00297 #define SSL_TXT_SSLV3           "SSLv3"
00298 #define SSL_TXT_TLSV1           "TLSv1"
00299 #define SSL_TXT_ALL             "ALL"
00300 #define SSL_TXT_ECC             "ECCdraft" /* ECC ciphersuites are not yet official */
00301 
00302 /*
00303  * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
00304  * ciphers normally not being used.
00305  * Example: "RC4" will activate all ciphers using RC4 including ciphers
00306  * without authentication, which would normally disabled by DEFAULT (due
00307  * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
00308  * will make sure that it is also disabled in the specific selection.
00309  * COMPLEMENTOF* identifiers are portable between version, as adjustments
00310  * to the default cipher setup will also be included here.
00311  *
00312  * COMPLEMENTOFDEFAULT does not experience the same special treatment that
00313  * DEFAULT gets, as only selection is being done and no sorting as needed
00314  * for DEFAULT.
00315  */
00316 #define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
00317 #define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
00318 
00319 /* The following cipher list is used by default.
00320  * It also is substituted when an application-defined cipher list string
00321  * starts with 'DEFAULT'. */
00322 #define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
00323 
00324 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
00325 #define SSL_SENT_SHUTDOWN       1
00326 #define SSL_RECEIVED_SHUTDOWN   2
00327 
00328 #ifdef __cplusplus
00329 }
00330 #endif
00331 
00332 #ifdef  __cplusplus
00333 extern "C" {
00334 #endif
00335 
00336 #if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
00337 #define OPENSSL_NO_SSL2
00338 #endif
00339 
00340 #define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
00341 #define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
00342 
00343 /* This is needed to stop compilers complaining about the
00344  * 'struct ssl_st *' function parameters used to prototype callbacks
00345  * in SSL_CTX. */
00346 typedef struct ssl_st *ssl_crock_st;
00347 
00348 /* used to hold info on the particular ciphers used */
00349 typedef struct ssl_cipher_st
00350         {
00351         int valid;
00352         const char *name;               /* text name */
00353         unsigned long id;               /* id, 4 bytes, first is version */
00354         unsigned long algorithms;       /* what ciphers are used */
00355         unsigned long algo_strength;    /* strength and export flags */
00356         unsigned long algorithm2;       /* Extra flags */
00357         int strength_bits;              /* Number of bits really used */
00358         int alg_bits;                   /* Number of bits for algorithm */
00359         unsigned long mask;             /* used for matching */
00360         unsigned long mask_strength;    /* also used for matching */
00361         } SSL_CIPHER;
00362 
00363 DECLARE_STACK_OF(SSL_CIPHER)
00364 
00365 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
00366 typedef struct ssl_method_st
00367         {
00368         int version;
00369         int (*ssl_new)(SSL *s);
00370         void (*ssl_clear)(SSL *s);
00371         void (*ssl_free)(SSL *s);
00372         int (*ssl_accept)(SSL *s);
00373         int (*ssl_connect)(SSL *s);
00374         int (*ssl_read)(SSL *s,void *buf,int len);
00375         int (*ssl_peek)(SSL *s,void *buf,int len);
00376         int (*ssl_write)(SSL *s,const void *buf,int len);
00377         int (*ssl_shutdown)(SSL *s);
00378         int (*ssl_renegotiate)(SSL *s);
00379         int (*ssl_renegotiate_check)(SSL *s);
00380         long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
00381                 max, int *ok);
00382         int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
00383                 int peek);
00384         int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
00385         int (*ssl_dispatch_alert)(SSL *s);
00386         long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
00387         long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
00388         SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
00389         int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
00390         int (*ssl_pending)(const SSL *s);
00391         int (*num_ciphers)(void);
00392         SSL_CIPHER *(*get_cipher)(unsigned ncipher);
00393         struct ssl_method_st *(*get_ssl_method)(int version);
00394         long (*get_timeout)(void);
00395         struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
00396         int (*ssl_version)(void);
00397         long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
00398         long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
00399         } SSL_METHOD;
00400 
00401 /* Lets make this into an ASN.1 type structure as follows
00402  * SSL_SESSION_ID ::= SEQUENCE {
00403  *      version                 INTEGER,        -- structure version number
00404  *      SSLversion              INTEGER,        -- SSL version number
00405  *      Cipher                  OCTET_STRING,   -- the 3 byte cipher ID
00406  *      Session_ID              OCTET_STRING,   -- the Session ID
00407  *      Master_key              OCTET_STRING,   -- the master key
00408  *      KRB5_principal          OCTET_STRING    -- optional Kerberos principal
00409  *      Key_Arg [ 0 ] IMPLICIT  OCTET_STRING,   -- the optional Key argument
00410  *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
00411  *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
00412  *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
00413  *      Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
00414  *      Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'
00415  *      Compression [6] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
00416  *      }
00417  * Look in ssl/ssl_asn1.c for more details
00418  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
00419  */
00420 typedef struct ssl_session_st
00421         {
00422         int ssl_version;        /* what ssl version session info is
00423                                  * being kept in here? */
00424 
00425         /* only really used in SSLv2 */
00426         unsigned int key_arg_length;
00427         unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
00428         int master_key_length;
00429         unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
00430         /* session_id - valid? */
00431         unsigned int session_id_length;
00432         unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
00433         /* this is used to determine whether the session is being reused in
00434          * the appropriate context. It is up to the application to set this,
00435          * via SSL_new */
00436         unsigned int sid_ctx_length;
00437         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
00438 
00439 #ifndef OPENSSL_NO_KRB5
00440         unsigned int krb5_client_princ_len;
00441         unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
00442 #endif /* OPENSSL_NO_KRB5 */
00443 
00444         int not_resumable;
00445 
00446         /* The cert is the certificate used to establish this connection */
00447         struct sess_cert_st /* SESS_CERT */ *sess_cert;
00448 
00449         /* This is the cert for the other end.
00450          * On clients, it will be the same as sess_cert->peer_key->x509
00451          * (the latter is not enough as sess_cert is not retained
00452          * in the external representation of sessions, see ssl_asn1.c). */
00453         X509 *peer;
00454         /* when app_verify_callback accepts a session where the peer's certificate
00455          * is not ok, we must remember the error for session reuse: */
00456         long verify_result; /* only for servers */
00457 
00458         int references;
00459         long timeout;
00460         long time;
00461 
00462         int compress_meth;              /* Need to lookup the method */
00463 
00464         SSL_CIPHER *cipher;
00465         unsigned long cipher_id;        /* when ASN.1 loaded, this
00466                                          * needs to be used to load
00467                                          * the 'cipher' structure */
00468 
00469         STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
00470 
00471         CRYPTO_EX_DATA ex_data; /* application specific data */
00472 
00473         /* These are used to make removal of session-ids more
00474          * efficient and to implement a maximum cache size. */
00475         struct ssl_session_st *prev,*next;
00476 #ifndef OPENSSL_NO_TLSEXT
00477         char *tlsext_hostname;
00478         /* RFC4507 info */
00479         unsigned char *tlsext_tick;     /* Session ticket */
00480         size_t  tlsext_ticklen;         /* Session ticket length */     
00481         long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
00482 #endif
00483         } SSL_SESSION;
00484 
00485 
00486 #define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x00000001L
00487 #define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x00000002L
00488 /* Allow initial connection to servers that don't support RI */
00489 #define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
00490 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
00491 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x00000010L
00492 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
00493 #define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x00000040L /* no effect since 0.9.7h and 0.9.8b */
00494 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
00495 #define SSL_OP_TLS_D5_BUG                               0x00000100L
00496 #define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
00497 
00498 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
00499  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
00500  * the workaround is not needed.  Unfortunately some broken SSL/TLS
00501  * implementations cannot handle it at all, which is why we include
00502  * it in SSL_OP_ALL. */
00503 #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
00504 
00505 /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
00506  *             This used to be 0x000FFFFFL before 0.9.7. */
00507 #define SSL_OP_ALL                                      0x00000FFFL
00508 
00509 /* DTLS options */
00510 #define SSL_OP_NO_QUERY_MTU                 0x00001000L
00511 /* Turn on Cookie Exchange (on relevant for servers) */
00512 #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
00513 /* Don't use RFC4507 ticket extension */
00514 #define SSL_OP_NO_TICKET                    0x00004000L
00515 /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
00516 #define SSL_OP_CISCO_ANYCONNECT             0x00008000L
00517 
00518 /* As server, disallow session resumption on renegotiation */
00519 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
00520 /* Permit unsafe legacy renegotiation */
00521 #define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000L
00522 /* If set, always create a new key when using tmp_ecdh parameters */
00523 #define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
00524 /* If set, always create a new key when using tmp_dh parameters */
00525 #define SSL_OP_SINGLE_DH_USE                            0x00100000L
00526 /* Set to always use the tmp_rsa key when doing RSA operations,
00527  * even when this violates protocol specs */
00528 #define SSL_OP_EPHEMERAL_RSA                            0x00200000L
00529 /* Set on servers to choose the cipher according to the server's
00530  * preferences */
00531 #define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000L
00532 /* If set, a server will allow a client to issue a SSLv3.0 version number
00533  * as latest version supported in the premaster secret, even when TLSv1.0
00534  * (version 3.1) was announced in the client hello. Normally this is
00535  * forbidden to prevent version rollback attacks. */
00536 #define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000L
00537 
00538 #define SSL_OP_NO_SSLv2                                 0x01000000L
00539 #define SSL_OP_NO_SSLv3                                 0x02000000L
00540 #define SSL_OP_NO_TLSv1                                 0x04000000L
00541 
00542 /* The next flag deliberately changes the ciphertest, this is a check
00543  * for the PKCS#1 attack */
00544 #define SSL_OP_PKCS1_CHECK_1                            0x08000000L
00545 #define SSL_OP_PKCS1_CHECK_2                            0x10000000L
00546 #define SSL_OP_NETSCAPE_CA_DN_BUG                       0x20000000L
00547 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x40000000L
00548 
00549 
00550 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
00551  * when just a single record has been written): */
00552 #define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
00553 /* Make it possible to retry SSL_write() with changed buffer location
00554  * (buffer contents must stay the same!); this is not the default to avoid
00555  * the misconception that non-blocking SSL_write() behaves like
00556  * non-blocking write(): */
00557 #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
00558 /* Never bother the application with retries if the transport
00559  * is blocking: */
00560 #define SSL_MODE_AUTO_RETRY 0x00000004L
00561 /* Don't attempt to automatically build certificate chain */
00562 #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
00563 
00564 
00565 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
00566  * they cannot be used to clear bits. */
00567 
00568 #define SSL_CTX_set_options(ctx,op) \
00569         SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
00570 #define SSL_CTX_clear_options(ctx,op) \
00571         SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
00572 #define SSL_CTX_get_options(ctx) \
00573         SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
00574 #define SSL_set_options(ssl,op) \
00575         SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
00576 #define SSL_clear_options(ssl,op) \
00577         SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
00578 #define SSL_get_options(ssl) \
00579         SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
00580 
00581 #define SSL_CTX_set_mode(ctx,op) \
00582         SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
00583 #define SSL_CTX_clear_mode(ctx,op) \
00584         SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
00585 #define SSL_CTX_get_mode(ctx) \
00586         SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
00587 #define SSL_clear_mode(ssl,op) \
00588         SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
00589 #define SSL_set_mode(ssl,op) \
00590         SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
00591 #define SSL_get_mode(ssl) \
00592         SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
00593 #define SSL_set_mtu(ssl, mtu) \
00594         SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
00595 
00596 #define SSL_get_secure_renegotiation_support(ssl) \
00597         SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
00598 
00599 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
00600 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
00601 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
00602 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
00603 
00604 
00605 
00606 #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
00607 #define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
00608 #else
00609 #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
00610 #endif
00611 
00612 #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
00613 
00614 /* This callback type is used inside SSL_CTX, SSL, and in the functions that set
00615  * them. It is used to override the generation of SSL/TLS session IDs in a
00616  * server. Return value should be zero on an error, non-zero to proceed. Also,
00617  * callbacks should themselves check if the id they generate is unique otherwise
00618  * the SSL handshake will fail with an error - callbacks can do this using the
00619  * 'ssl' value they're passed by;
00620  *      SSL_has_matching_session_id(ssl, id, *id_len)
00621  * The length value passed in is set at the maximum size the session ID can be.
00622  * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
00623  * can alter this length to be less if desired, but under SSLv2 session IDs are
00624  * supposed to be fixed at 16 bytes so the id will be padded after the callback
00625  * returns in this case. It is also an error for the callback to set the size to
00626  * zero. */
00627 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
00628                                 unsigned int *id_len);
00629 
00630 typedef struct ssl_comp_st
00631         {
00632         int id;
00633         const char *name;
00634 #ifndef OPENSSL_NO_COMP
00635         COMP_METHOD *method;
00636 #else
00637         char *method;
00638 #endif
00639         } SSL_COMP;
00640 
00641 DECLARE_STACK_OF(SSL_COMP)
00642 
00643 struct ssl_ctx_st
00644         {
00645         SSL_METHOD *method;
00646 
00647         STACK_OF(SSL_CIPHER) *cipher_list;
00648         /* same as above but sorted for lookup */
00649         STACK_OF(SSL_CIPHER) *cipher_list_by_id;
00650 
00651         struct x509_store_st /* X509_STORE */ *cert_store;
00652         struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSIONs */
00653         /* Most session-ids that will be cached, default is
00654          * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
00655         unsigned long session_cache_size;
00656         struct ssl_session_st *session_cache_head;
00657         struct ssl_session_st *session_cache_tail;
00658 
00659         /* This can have one of 2 values, ored together,
00660          * SSL_SESS_CACHE_CLIENT,
00661          * SSL_SESS_CACHE_SERVER,
00662          * Default is SSL_SESSION_CACHE_SERVER, which means only
00663          * SSL_accept which cache SSL_SESSIONS. */
00664         int session_cache_mode;
00665 
00666         /* If timeout is not 0, it is the default timeout value set
00667          * when SSL_new() is called.  This has been put in to make
00668          * life easier to set things up */
00669         long session_timeout;
00670 
00671         /* If this callback is not null, it will be called each
00672          * time a session id is added to the cache.  If this function
00673          * returns 1, it means that the callback will do a
00674          * SSL_SESSION_free() when it has finished using it.  Otherwise,
00675          * on 0, it means the callback has finished with it.
00676          * If remove_session_cb is not null, it will be called when
00677          * a session-id is removed from the cache.  After the call,
00678          * OpenSSL will SSL_SESSION_free() it. */
00679         int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
00680         void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
00681         SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
00682                 unsigned char *data,int len,int *copy);
00683 
00684         struct
00685                 {
00686                 int sess_connect;       /* SSL new conn - started */
00687                 int sess_connect_renegotiate;/* SSL reneg - requested */
00688                 int sess_connect_good;  /* SSL new conne/reneg - finished */
00689                 int sess_accept;        /* SSL new accept - started */
00690                 int sess_accept_renegotiate;/* SSL reneg - requested */
00691                 int sess_accept_good;   /* SSL accept/reneg - finished */
00692                 int sess_miss;          /* session lookup misses  */
00693                 int sess_timeout;       /* reuse attempt on timeouted session */
00694                 int sess_cache_full;    /* session removed due to full cache */
00695                 int sess_hit;           /* session reuse actually done */
00696                 int sess_cb_hit;        /* session-id that was not
00697                                          * in the cache was
00698                                          * passed back via the callback.  This
00699                                          * indicates that the application is
00700                                          * supplying session-id's from other
00701                                          * processes - spooky :-) */
00702                 } stats;
00703 
00704         int references;
00705 
00706         /* if defined, these override the X509_verify_cert() calls */
00707         int (*app_verify_callback)(X509_STORE_CTX *, void *);
00708         void *app_verify_arg;
00709         /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
00710          * ('app_verify_callback' was called with just one argument) */
00711 
00712         /* Default password callback. */
00713         pem_password_cb *default_passwd_callback;
00714 
00715         /* Default password callback user data. */
00716         void *default_passwd_callback_userdata;
00717 
00718         /* get client cert callback */
00719         int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
00720 
00721     /* cookie generate callback */
00722     int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
00723         unsigned int *cookie_len);
00724 
00725     /* verify cookie callback */
00726     int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
00727         unsigned int cookie_len);
00728 
00729         CRYPTO_EX_DATA ex_data;
00730 
00731         const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
00732         const EVP_MD *md5;      /* For SSLv3/TLSv1 'ssl3-md5' */
00733         const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
00734 
00735         STACK_OF(X509) *extra_certs;
00736         STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
00737 
00738 
00739         /* Default values used when no per-SSL value is defined follow */
00740 
00741         void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
00742 
00743         /* what we put in client cert requests */
00744         STACK_OF(X509_NAME) *client_CA;
00745 
00746 
00747         /* Default values to use in SSL structures follow (these are copied by SSL_new) */
00748 
00749         unsigned long options;
00750         unsigned long mode;
00751         long max_cert_list;
00752 
00753         struct cert_st /* CERT */ *cert;
00754         int read_ahead;
00755 
00756         /* callback that allows applications to peek at protocol messages */
00757         void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
00758         void *msg_callback_arg;
00759 
00760         int verify_mode;
00761         unsigned int sid_ctx_length;
00762         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
00763         int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
00764 
00765         /* Default generate session ID callback. */
00766         GEN_SESSION_CB generate_session_id;
00767 
00768         X509_VERIFY_PARAM *param;
00769 
00770 #if 0
00771         int purpose;            /* Purpose setting */
00772         int trust;              /* Trust setting */
00773 #endif
00774 
00775         int quiet_shutdown;
00776 
00777 #ifndef OPENSSL_ENGINE
00778         /* Engine to pass requests for client certs to
00779          */
00780         ENGINE *client_cert_engine;
00781 #endif
00782 
00783 #ifndef OPENSSL_NO_TLSEXT
00784         /* TLS extensions servername callback */
00785         int (*tlsext_servername_callback)(SSL*, int *, void *);
00786         void *tlsext_servername_arg;
00787         /* RFC 4507 session ticket keys */
00788         unsigned char tlsext_tick_key_name[16];
00789         unsigned char tlsext_tick_hmac_key[16];
00790         unsigned char tlsext_tick_aes_key[16];
00791         /* Callback to support customisation of ticket key setting */
00792         int (*tlsext_ticket_key_cb)(SSL *ssl,
00793                                         unsigned char *name, unsigned char *iv,
00794                                         EVP_CIPHER_CTX *ectx,
00795                                         HMAC_CTX *hctx, int enc);
00796 
00797         /* certificate status request info */
00798         /* Callback for status request */
00799         int (*tlsext_status_cb)(SSL *ssl, void *arg);
00800         void *tlsext_status_arg;
00801 #endif
00802 
00803         };
00804 
00805 #define SSL_SESS_CACHE_OFF                      0x0000
00806 #define SSL_SESS_CACHE_CLIENT                   0x0001
00807 #define SSL_SESS_CACHE_SERVER                   0x0002
00808 #define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
00809 #define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
00810 /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
00811 #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
00812 #define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
00813 #define SSL_SESS_CACHE_NO_INTERNAL \
00814         (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
00815 
00816   struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
00817 #define SSL_CTX_sess_number(ctx) \
00818         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
00819 #define SSL_CTX_sess_connect(ctx) \
00820         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
00821 #define SSL_CTX_sess_connect_good(ctx) \
00822         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
00823 #define SSL_CTX_sess_connect_renegotiate(ctx) \
00824         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
00825 #define SSL_CTX_sess_accept(ctx) \
00826         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
00827 #define SSL_CTX_sess_accept_renegotiate(ctx) \
00828         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
00829 #define SSL_CTX_sess_accept_good(ctx) \
00830         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
00831 #define SSL_CTX_sess_hits(ctx) \
00832         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
00833 #define SSL_CTX_sess_cb_hits(ctx) \
00834         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
00835 #define SSL_CTX_sess_misses(ctx) \
00836         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
00837 #define SSL_CTX_sess_timeouts(ctx) \
00838         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
00839 #define SSL_CTX_sess_cache_full(ctx) \
00840         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
00841 
00842 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
00843 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
00844 void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
00845 void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
00846 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
00847 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
00848 void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
00849 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
00850 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
00851 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
00852 #ifndef OPENSSL_NO_ENGINE
00853 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
00854 #endif
00855 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
00856 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
00857 
00858 #define SSL_NOTHING     1
00859 #define SSL_WRITING     2
00860 #define SSL_READING     3
00861 #define SSL_X509_LOOKUP 4
00862 
00863 /* These will only be used when doing non-blocking IO */
00864 #define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
00865 #define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
00866 #define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
00867 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
00868 
00869 struct ssl_st
00870         {
00871         /* protocol version
00872          * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
00873          */
00874         int version;
00875         int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
00876 
00877         SSL_METHOD *method; /* SSLv3 */
00878 
00879         /* There are 2 BIO's even though they are normally both the
00880          * same.  This is so data can be read and written to different
00881          * handlers */
00882 
00883 #ifndef OPENSSL_NO_BIO
00884         BIO *rbio; /* used by SSL_read */
00885         BIO *wbio; /* used by SSL_write */
00886         BIO *bbio; /* used during session-id reuse to concatenate
00887                     * messages */
00888 #else
00889         char *rbio; /* used by SSL_read */
00890         char *wbio; /* used by SSL_write */
00891         char *bbio;
00892 #endif
00893         /* This holds a variable that indicates what we were doing
00894          * when a 0 or -1 is returned.  This is needed for
00895          * non-blocking IO so we know what request needs re-doing when
00896          * in SSL_accept or SSL_connect */
00897         int rwstate;
00898 
00899         /* true when we are actually in SSL_accept() or SSL_connect() */
00900         int in_handshake;
00901         int (*handshake_func)(SSL *);
00902 
00903         /* Imagine that here's a boolean member "init" that is
00904          * switched as soon as SSL_set_{accept/connect}_state
00905          * is called for the first time, so that "state" and
00906          * "handshake_func" are properly initialized.  But as
00907          * handshake_func is == 0 until then, we use this
00908          * test instead of an "init" member.
00909          */
00910 
00911         int server;     /* are we the server side? - mostly used by SSL_clear*/
00912 
00913         int new_session;/* 1 if we are to use a new session.
00914                          * 2 if we are a server and are inside a handshake
00915                          *   (i.e. not just sending a HelloRequest)
00916                          * NB: For servers, the 'new' session may actually be a previously
00917                          * cached session or even the previous session unless
00918                          * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
00919         int quiet_shutdown;/* don't send shutdown packets */
00920         int shutdown;   /* we have shut things down, 0x01 sent, 0x02
00921                          * for received */
00922         int state;      /* where we are */
00923         int rstate;     /* where we are when reading */
00924 
00925         BUF_MEM *init_buf;      /* buffer used during init */
00926         void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
00927         int init_num;           /* amount read/written */
00928         int init_off;           /* amount read/written */
00929 
00930         /* used internally to point at a raw packet */
00931         unsigned char *packet;
00932         unsigned int packet_length;
00933 
00934         struct ssl2_state_st *s2; /* SSLv2 variables */
00935         struct ssl3_state_st *s3; /* SSLv3 variables */
00936         struct dtls1_state_st *d1; /* DTLSv1 variables */
00937 
00938         int read_ahead;         /* Read as many input bytes as possible
00939                                  * (for non-blocking reads) */
00940 
00941         /* callback that allows applications to peek at protocol messages */
00942         void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
00943         void *msg_callback_arg;
00944 
00945         int hit;                /* reusing a previous session */
00946 
00947         X509_VERIFY_PARAM *param;
00948 
00949 #if 0
00950         int purpose;            /* Purpose setting */
00951         int trust;              /* Trust setting */
00952 #endif
00953 
00954         /* crypto */
00955         STACK_OF(SSL_CIPHER) *cipher_list;
00956         STACK_OF(SSL_CIPHER) *cipher_list_by_id;
00957 
00958         /* These are the ones being used, the ones in SSL_SESSION are
00959          * the ones to be 'copied' into these ones */
00960 
00961         EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
00962         const EVP_MD *read_hash;                /* used for mac generation */
00963 #ifndef OPENSSL_NO_COMP
00964         COMP_CTX *expand;                       /* uncompress */
00965 #else
00966         char *expand;
00967 #endif
00968 
00969         EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
00970         const EVP_MD *write_hash;               /* used for mac generation */
00971 #ifndef OPENSSL_NO_COMP
00972         COMP_CTX *compress;                     /* compression */
00973 #else
00974         char *compress; 
00975 #endif
00976 
00977         /* session info */
00978 
00979         /* client cert? */
00980         /* This is used to hold the server certificate used */
00981         struct cert_st /* CERT */ *cert;
00982 
00983         /* the session_id_context is used to ensure sessions are only reused
00984          * in the appropriate context */
00985         unsigned int sid_ctx_length;
00986         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
00987 
00988         /* This can also be in the session once a session is established */
00989         SSL_SESSION *session;
00990 
00991         /* Default generate session ID callback. */
00992         GEN_SESSION_CB generate_session_id;
00993 
00994         /* Used in SSL2 and SSL3 */
00995         int verify_mode;        /* 0 don't care about verify failure.
00996                                  * 1 fail if verify fails */
00997         int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
00998 
00999         void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
01000 
01001         int error;              /* error bytes to be written */
01002         int error_code;         /* actual code */
01003 
01004 #ifndef OPENSSL_NO_KRB5
01005         KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
01006 #endif  /* OPENSSL_NO_KRB5 */
01007 
01008         SSL_CTX *ctx;
01009         /* set this flag to 1 and a sleep(1) is put into all SSL_read()
01010          * and SSL_write() calls, good for nbio debuging :-) */
01011         int debug;      
01012 
01013         /* extra application data */
01014         long verify_result;
01015         CRYPTO_EX_DATA ex_data;
01016 
01017         /* for server side, keep the list of CA_dn we can use */
01018         STACK_OF(X509_NAME) *client_CA;
01019 
01020         int references;
01021         unsigned long options; /* protocol behaviour */
01022         unsigned long mode; /* API behaviour */
01023         long max_cert_list;
01024         int first_packet;
01025         int client_version;     /* what was passed, used for
01026                                  * SSLv3/TLS rollback check */
01027 #ifndef OPENSSL_NO_TLSEXT
01028         /* TLS extension debug callback */
01029         void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
01030                                         unsigned char *data, int len,
01031                                         void *arg);
01032         void *tlsext_debug_arg;
01033         char *tlsext_hostname;
01034         int servername_done;   /* no further mod of servername 
01035                                   0 : call the servername extension callback.
01036                                   1 : prepare 2, allow last ack just after in server callback.
01037                                   2 : don't call servername callback, no ack in server hello
01038                                */
01039         /* certificate status request info */
01040         /* Status type or -1 if no status type */
01041         int tlsext_status_type;
01042         /* Expect OCSP CertificateStatus message */
01043         int tlsext_status_expected;
01044         /* OCSP status request only */
01045         STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
01046         X509_EXTENSIONS *tlsext_ocsp_exts;
01047         /* OCSP response received or to be sent */
01048         unsigned char *tlsext_ocsp_resp;
01049         int tlsext_ocsp_resplen;
01050 
01051         /* RFC4507 session ticket expected to be received or sent */
01052         int tlsext_ticket_expected;
01053         SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
01054 #define session_ctx initial_ctx
01055 #else
01056 #define session_ctx ctx
01057 #endif
01058         };
01059 
01060 #ifdef __cplusplus
01061 }
01062 #endif
01063 
01064 #include <openssl/ssl2.h>
01065 #include <openssl/ssl3.h>
01066 #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
01067 #include <openssl/dtls1.h> /* Datagram TLS */
01068 #include <openssl/ssl23.h>
01069 
01070 #ifdef  __cplusplus
01071 extern "C" {
01072 #endif
01073 
01074 /* compatibility */
01075 #define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
01076 #define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
01077 #define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
01078 #define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
01079 #define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
01080 #define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
01081 
01082 /* The following are the possible values for ssl->state are are
01083  * used to indicate where we are up to in the SSL connection establishment.
01084  * The macros that follow are about the only things you should need to use
01085  * and even then, only when using non-blocking IO.
01086  * It can also be useful to work out where you were when the connection
01087  * failed */
01088 
01089 #define SSL_ST_CONNECT                  0x1000
01090 #define SSL_ST_ACCEPT                   0x2000
01091 #define SSL_ST_MASK                     0x0FFF
01092 #define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
01093 #define SSL_ST_BEFORE                   0x4000
01094 #define SSL_ST_OK                       0x03
01095 #define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
01096 
01097 #define SSL_CB_LOOP                     0x01
01098 #define SSL_CB_EXIT                     0x02
01099 #define SSL_CB_READ                     0x04
01100 #define SSL_CB_WRITE                    0x08
01101 #define SSL_CB_ALERT                    0x4000 /* used in callback */
01102 #define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
01103 #define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
01104 #define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
01105 #define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
01106 #define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
01107 #define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
01108 #define SSL_CB_HANDSHAKE_START          0x10
01109 #define SSL_CB_HANDSHAKE_DONE           0x20
01110 
01111 /* Is the SSL_connection established? */
01112 #define SSL_get_state(a)                SSL_state(a)
01113 #define SSL_is_init_finished(a)         (SSL_state(a) == SSL_ST_OK)
01114 #define SSL_in_init(a)                  (SSL_state(a)&SSL_ST_INIT)
01115 #define SSL_in_before(a)                (SSL_state(a)&SSL_ST_BEFORE)
01116 #define SSL_in_connect_init(a)          (SSL_state(a)&SSL_ST_CONNECT)
01117 #define SSL_in_accept_init(a)           (SSL_state(a)&SSL_ST_ACCEPT)
01118 
01119 /* The following 2 states are kept in ssl->rstate when reads fail,
01120  * you should not need these */
01121 #define SSL_ST_READ_HEADER                      0xF0
01122 #define SSL_ST_READ_BODY                        0xF1
01123 #define SSL_ST_READ_DONE                        0xF2
01124 
01125 /* Obtain latest Finished message
01126  *   -- that we sent (SSL_get_finished)
01127  *   -- that we expected from peer (SSL_get_peer_finished).
01128  * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
01129 size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
01130 size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
01131 
01132 /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
01133  * are 'ored' with SSL_VERIFY_PEER if they are desired */
01134 #define SSL_VERIFY_NONE                 0x00
01135 #define SSL_VERIFY_PEER                 0x01
01136 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
01137 #define SSL_VERIFY_CLIENT_ONCE          0x04
01138 
01139 #define OpenSSL_add_ssl_algorithms()    SSL_library_init()
01140 #define SSLeay_add_ssl_algorithms()     SSL_library_init()
01141 
01142 /* this is for backward compatibility */
01143 #if 0 /* NEW_SSLEAY */
01144 #define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
01145 #define SSL_set_pref_cipher(c,n)        SSL_set_cipher_list(c,n)
01146 #define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
01147 #define SSL_remove_session(a,b)         SSL_CTX_remove_session((a),(b))
01148 #define SSL_flush_sessions(a,b)         SSL_CTX_flush_sessions((a),(b))
01149 #endif
01150 /* More backward compatibility */
01151 #define SSL_get_cipher(s) \
01152                 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
01153 #define SSL_get_cipher_bits(s,np) \
01154                 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
01155 #define SSL_get_cipher_version(s) \
01156                 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
01157 #define SSL_get_cipher_name(s) \
01158                 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
01159 #define SSL_get_time(a)         SSL_SESSION_get_time(a)
01160 #define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
01161 #define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
01162 #define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
01163 
01164 #if 1 /*SSLEAY_MACROS*/
01165 #define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
01166 #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
01167 #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
01168         (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
01169 #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
01170 #define PEM_write_SSL_SESSION(fp,x) \
01171         PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
01172                 PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
01173 #define PEM_write_bio_SSL_SESSION(bp,x) \
01174         PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
01175 #endif
01176 
01177 #define SSL_AD_REASON_OFFSET            1000
01178 /* These alert types are for SSLv3 and TLSv1 */
01179 #define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
01180 #define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
01181 #define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC     /* fatal */
01182 #define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
01183 #define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
01184 #define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
01185 #define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE/* fatal */
01186 #define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE /* Not for TLS */
01187 #define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
01188 #define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
01189 #define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
01190 #define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
01191 #define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
01192 #define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
01193 #define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA      /* fatal */
01194 #define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED   /* fatal */
01195 #define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR    /* fatal */
01196 #define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
01197 #define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION/* fatal */
01198 #define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION /* fatal */
01199 #define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
01200 #define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR  /* fatal */
01201 #define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
01202 #define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
01203 #define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
01204 #define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
01205 #define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
01206 #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
01207 
01208 #define SSL_ERROR_NONE                  0
01209 #define SSL_ERROR_SSL                   1
01210 #define SSL_ERROR_WANT_READ             2
01211 #define SSL_ERROR_WANT_WRITE            3
01212 #define SSL_ERROR_WANT_X509_LOOKUP      4
01213 #define SSL_ERROR_SYSCALL               5 /* look at error stack/return value/errno */
01214 #define SSL_ERROR_ZERO_RETURN           6
01215 #define SSL_ERROR_WANT_CONNECT          7
01216 #define SSL_ERROR_WANT_ACCEPT           8
01217 
01218 #define SSL_CTRL_NEED_TMP_RSA                   1
01219 #define SSL_CTRL_SET_TMP_RSA                    2
01220 #define SSL_CTRL_SET_TMP_DH                     3
01221 #define SSL_CTRL_SET_TMP_ECDH                   4
01222 #define SSL_CTRL_SET_TMP_RSA_CB                 5
01223 #define SSL_CTRL_SET_TMP_DH_CB                  6
01224 #define SSL_CTRL_SET_TMP_ECDH_CB                7
01225 
01226 #define SSL_CTRL_GET_SESSION_REUSED             8
01227 #define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
01228 #define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
01229 #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
01230 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
01231 #define SSL_CTRL_GET_FLAGS                      13
01232 #define SSL_CTRL_EXTRA_CHAIN_CERT               14
01233 
01234 #define SSL_CTRL_SET_MSG_CALLBACK               15
01235 #define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
01236 
01237 /* only applies to datagram connections */
01238 #define SSL_CTRL_SET_MTU                17
01239 /* Stats */
01240 #define SSL_CTRL_SESS_NUMBER                    20
01241 #define SSL_CTRL_SESS_CONNECT                   21
01242 #define SSL_CTRL_SESS_CONNECT_GOOD              22
01243 #define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
01244 #define SSL_CTRL_SESS_ACCEPT                    24
01245 #define SSL_CTRL_SESS_ACCEPT_GOOD               25
01246 #define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
01247 #define SSL_CTRL_SESS_HIT                       27
01248 #define SSL_CTRL_SESS_CB_HIT                    28
01249 #define SSL_CTRL_SESS_MISSES                    29
01250 #define SSL_CTRL_SESS_TIMEOUTS                  30
01251 #define SSL_CTRL_SESS_CACHE_FULL                31
01252 #define SSL_CTRL_OPTIONS                        32
01253 #define SSL_CTRL_MODE                           33
01254 
01255 #define SSL_CTRL_GET_READ_AHEAD                 40
01256 #define SSL_CTRL_SET_READ_AHEAD                 41
01257 #define SSL_CTRL_SET_SESS_CACHE_SIZE            42
01258 #define SSL_CTRL_GET_SESS_CACHE_SIZE            43
01259 #define SSL_CTRL_SET_SESS_CACHE_MODE            44
01260 #define SSL_CTRL_GET_SESS_CACHE_MODE            45
01261 
01262 #define SSL_CTRL_GET_MAX_CERT_LIST              50
01263 #define SSL_CTRL_SET_MAX_CERT_LIST              51
01264 
01265 /* see tls1.h for macros based on these */
01266 #ifndef OPENSSL_NO_TLSEXT
01267 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
01268 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
01269 #define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
01270 #define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
01271 #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
01272 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
01273 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
01274 
01275 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
01276 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
01277 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
01278 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
01279 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
01280 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
01281 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
01282 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
01283 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
01284 
01285 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
01286 #endif
01287 
01288 #define DTLS_CTRL_GET_TIMEOUT           73
01289 #define DTLS_CTRL_HANDLE_TIMEOUT        74
01290 #define DTLS_CTRL_LISTEN                        75
01291 
01292 #define SSL_CTRL_GET_RI_SUPPORT                 76
01293 #define SSL_CTRL_CLEAR_OPTIONS                  77
01294 #define SSL_CTRL_CLEAR_MODE                     78
01295 
01296 #define DTLSv1_get_timeout(ssl, arg) \
01297         SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
01298 #define DTLSv1_handle_timeout(ssl) \
01299         SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
01300 #define DTLSv1_listen(ssl, peer) \
01301         SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
01302 
01303 #define SSL_session_reused(ssl) \
01304         SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
01305 #define SSL_num_renegotiations(ssl) \
01306         SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
01307 #define SSL_clear_num_renegotiations(ssl) \
01308         SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
01309 #define SSL_total_renegotiations(ssl) \
01310         SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
01311 
01312 #define SSL_CTX_need_tmp_RSA(ctx) \
01313         SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
01314 #define SSL_CTX_set_tmp_rsa(ctx,rsa) \
01315         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
01316 #define SSL_CTX_set_tmp_dh(ctx,dh) \
01317         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
01318 #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
01319         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
01320 
01321 #define SSL_need_tmp_RSA(ssl) \
01322         SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
01323 #define SSL_set_tmp_rsa(ssl,rsa) \
01324         SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
01325 #define SSL_set_tmp_dh(ssl,dh) \
01326         SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
01327 #define SSL_set_tmp_ecdh(ssl,ecdh) \
01328         SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
01329 
01330 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
01331         SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
01332 
01333 #ifndef OPENSSL_NO_BIO
01334 BIO_METHOD *BIO_f_ssl(void);
01335 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
01336 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
01337 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
01338 int BIO_ssl_copy_session_id(BIO *to,BIO *from);
01339 void BIO_ssl_shutdown(BIO *ssl_bio);
01340 
01341 #endif
01342 
01343 int     SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
01344 SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
01345 void    SSL_CTX_free(SSL_CTX *);
01346 long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
01347 long SSL_CTX_get_timeout(const SSL_CTX *ctx);
01348 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
01349 void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
01350 int SSL_want(const SSL *s);
01351 int     SSL_clear(SSL *s);
01352 
01353 void    SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
01354 
01355 SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
01356 int     SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
01357 char *  SSL_CIPHER_get_version(const SSL_CIPHER *c);
01358 const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
01359 
01360 int     SSL_get_fd(const SSL *s);
01361 int     SSL_get_rfd(const SSL *s);
01362 int     SSL_get_wfd(const SSL *s);
01363 const char  * SSL_get_cipher_list(const SSL *s,int n);
01364 char *  SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
01365 int     SSL_get_read_ahead(const SSL * s);
01366 int     SSL_pending(const SSL *s);
01367 #ifndef OPENSSL_NO_SOCK
01368 int     SSL_set_fd(SSL *s, int fd);
01369 int     SSL_set_rfd(SSL *s, int fd);
01370 int     SSL_set_wfd(SSL *s, int fd);
01371 #endif
01372 #ifndef OPENSSL_NO_BIO
01373 void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
01374 BIO *   SSL_get_rbio(const SSL *s);
01375 BIO *   SSL_get_wbio(const SSL *s);
01376 #endif
01377 int     SSL_set_cipher_list(SSL *s, const char *str);
01378 void    SSL_set_read_ahead(SSL *s, int yes);
01379 int     SSL_get_verify_mode(const SSL *s);
01380 int     SSL_get_verify_depth(const SSL *s);
01381 int     (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
01382 void    SSL_set_verify(SSL *s, int mode,
01383                        int (*callback)(int ok,X509_STORE_CTX *ctx));
01384 void    SSL_set_verify_depth(SSL *s, int depth);
01385 #ifndef OPENSSL_NO_RSA
01386 int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
01387 #endif
01388 int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
01389 int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
01390 int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
01391 int     SSL_use_certificate(SSL *ssl, X509 *x);
01392 int     SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
01393 
01394 #ifndef OPENSSL_NO_STDIO
01395 int     SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
01396 int     SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
01397 int     SSL_use_certificate_file(SSL *ssl, const char *file, int type);
01398 int     SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
01399 int     SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
01400 int     SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
01401 int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
01402 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
01403 int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
01404                                             const char *file);
01405 #ifndef OPENSSL_SYS_VMS
01406 #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
01407 int     SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
01408                                            const char *dir);
01409 #endif
01410 #endif
01411 
01412 #endif
01413 
01414 void    SSL_load_error_strings(void );
01415 const char *SSL_state_string(const SSL *s);
01416 const char *SSL_rstate_string(const SSL *s);
01417 const char *SSL_state_string_long(const SSL *s);
01418 const char *SSL_rstate_string_long(const SSL *s);
01419 long    SSL_SESSION_get_time(const SSL_SESSION *s);
01420 long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
01421 long    SSL_SESSION_get_timeout(const SSL_SESSION *s);
01422 long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
01423 void    SSL_copy_session_id(SSL *to,const SSL *from);
01424 
01425 SSL_SESSION *SSL_SESSION_new(void);
01426 unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
01427 int     SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
01428 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
01429 #ifndef OPENSSL_NO_FP_API
01430 int     SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
01431 #endif
01432 #ifndef OPENSSL_NO_BIO
01433 int     SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
01434 #endif
01435 void    SSL_SESSION_free(SSL_SESSION *ses);
01436 int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
01437 int     SSL_set_session(SSL *to, SSL_SESSION *session);
01438 int     SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
01439 int     SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
01440 int     SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
01441 int     SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
01442 int     SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
01443                                         unsigned int id_len);
01444 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
01445                              long length);
01446 
01447 #ifdef HEADER_X509_H
01448 X509 *  SSL_get_peer_certificate(const SSL *s);
01449 #endif
01450 
01451 STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
01452 
01453 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
01454 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
01455 int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
01456 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
01457                         int (*callback)(int, X509_STORE_CTX *));
01458 void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
01459 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
01460 #ifndef OPENSSL_NO_RSA
01461 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
01462 #endif
01463 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
01464 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
01465 int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
01466         const unsigned char *d, long len);
01467 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
01468 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
01469 
01470 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
01471 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
01472 
01473 int SSL_CTX_check_private_key(const SSL_CTX *ctx);
01474 int SSL_check_private_key(const SSL *ctx);
01475 
01476 int     SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
01477                                        unsigned int sid_ctx_len);
01478 
01479 SSL *   SSL_new(SSL_CTX *ctx);
01480 int     SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
01481                                    unsigned int sid_ctx_len);
01482 
01483 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
01484 int SSL_set_purpose(SSL *s, int purpose);
01485 int SSL_CTX_set_trust(SSL_CTX *s, int trust);
01486 int SSL_set_trust(SSL *s, int trust);
01487 
01488 void    SSL_free(SSL *ssl);
01489 int     SSL_accept(SSL *ssl);
01490 int     SSL_connect(SSL *ssl);
01491 int     SSL_read(SSL *ssl,void *buf,int num);
01492 int     SSL_peek(SSL *ssl,void *buf,int num);
01493 int     SSL_write(SSL *ssl,const void *buf,int num);
01494 long    SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
01495 long    SSL_callback_ctrl(SSL *, int, void (*)(void));
01496 long    SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
01497 long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
01498 
01499 int     SSL_get_error(const SSL *s,int ret_code);
01500 const char *SSL_get_version(const SSL *s);
01501 
01502 /* This sets the 'default' SSL version that SSL_new() will create */
01503 int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
01504 
01505 SSL_METHOD *SSLv2_method(void);         /* SSLv2 */
01506 SSL_METHOD *SSLv2_server_method(void);  /* SSLv2 */
01507 SSL_METHOD *SSLv2_client_method(void);  /* SSLv2 */
01508 
01509 SSL_METHOD *SSLv3_method(void);         /* SSLv3 */
01510 SSL_METHOD *SSLv3_server_method(void);  /* SSLv3 */
01511 SSL_METHOD *SSLv3_client_method(void);  /* SSLv3 */
01512 
01513 SSL_METHOD *SSLv23_method(void);        /* SSLv3 but can rollback to v2 */
01514 SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
01515 SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
01516 
01517 SSL_METHOD *TLSv1_method(void);         /* TLSv1.0 */
01518 SSL_METHOD *TLSv1_server_method(void);  /* TLSv1.0 */
01519 SSL_METHOD *TLSv1_client_method(void);  /* TLSv1.0 */
01520 
01521 SSL_METHOD *DTLSv1_method(void);                /* DTLSv1.0 */
01522 SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
01523 SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
01524 
01525 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
01526 
01527 int SSL_do_handshake(SSL *s);
01528 int SSL_renegotiate(SSL *s);
01529 int SSL_renegotiate_pending(SSL *s);
01530 int SSL_shutdown(SSL *s);
01531 
01532 SSL_METHOD *SSL_get_ssl_method(SSL *s);
01533 int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
01534 const char *SSL_alert_type_string_long(int value);
01535 const char *SSL_alert_type_string(int value);
01536 const char *SSL_alert_desc_string_long(int value);
01537 const char *SSL_alert_desc_string(int value);
01538 
01539 void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
01540 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
01541 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
01542 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
01543 int SSL_add_client_CA(SSL *ssl,X509 *x);
01544 int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
01545 
01546 void SSL_set_connect_state(SSL *s);
01547 void SSL_set_accept_state(SSL *s);
01548 
01549 long SSL_get_default_timeout(const SSL *s);
01550 
01551 int SSL_library_init(void );
01552 
01553 char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
01554 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
01555 
01556 SSL *SSL_dup(SSL *ssl);
01557 
01558 X509 *SSL_get_certificate(const SSL *ssl);
01559 /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
01560 
01561 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
01562 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
01563 void SSL_set_quiet_shutdown(SSL *ssl,int mode);
01564 int SSL_get_quiet_shutdown(const SSL *ssl);
01565 void SSL_set_shutdown(SSL *ssl,int mode);
01566 int SSL_get_shutdown(const SSL *ssl);
01567 int SSL_version(const SSL *ssl);
01568 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
01569 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
01570         const char *CApath);
01571 #define SSL_get0_session SSL_get_session /* just peek at pointer */
01572 SSL_SESSION *SSL_get_session(const SSL *ssl);
01573 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
01574 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
01575 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
01576 void SSL_set_info_callback(SSL *ssl,
01577                            void (*cb)(const SSL *ssl,int type,int val));
01578 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
01579 int SSL_state(const SSL *ssl);
01580 
01581 void SSL_set_verify_result(SSL *ssl,long v);
01582 long SSL_get_verify_result(const SSL *ssl);
01583 
01584 int SSL_set_ex_data(SSL *ssl,int idx,void *data);
01585 void *SSL_get_ex_data(const SSL *ssl,int idx);
01586 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
01587         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
01588 
01589 int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
01590 void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
01591 int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
01592         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
01593 
01594 int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
01595 void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
01596 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
01597         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
01598 
01599 int SSL_get_ex_data_X509_STORE_CTX_idx(void );
01600 
01601 #define SSL_CTX_sess_set_cache_size(ctx,t) \
01602         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
01603 #define SSL_CTX_sess_get_cache_size(ctx) \
01604         SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
01605 #define SSL_CTX_set_session_cache_mode(ctx,m) \
01606         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
01607 #define SSL_CTX_get_session_cache_mode(ctx) \
01608         SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
01609 
01610 #define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
01611 #define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
01612 #define SSL_CTX_get_read_ahead(ctx) \
01613         SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
01614 #define SSL_CTX_set_read_ahead(ctx,m) \
01615         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
01616 #define SSL_CTX_get_max_cert_list(ctx) \
01617         SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
01618 #define SSL_CTX_set_max_cert_list(ctx,m) \
01619         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
01620 #define SSL_get_max_cert_list(ssl) \
01621         SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
01622 #define SSL_set_max_cert_list(ssl,m) \
01623         SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
01624 
01625      /* NB: the keylength is only applicable when is_export is true */
01626 #ifndef OPENSSL_NO_RSA
01627 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
01628                                   RSA *(*cb)(SSL *ssl,int is_export,
01629                                              int keylength));
01630 
01631 void SSL_set_tmp_rsa_callback(SSL *ssl,
01632                                   RSA *(*cb)(SSL *ssl,int is_export,
01633                                              int keylength));
01634 #endif
01635 #ifndef OPENSSL_NO_DH
01636 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
01637                                  DH *(*dh)(SSL *ssl,int is_export,
01638                                            int keylength));
01639 void SSL_set_tmp_dh_callback(SSL *ssl,
01640                                  DH *(*dh)(SSL *ssl,int is_export,
01641                                            int keylength));
01642 #endif
01643 #ifndef OPENSSL_NO_ECDH
01644 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
01645                                  EC_KEY *(*ecdh)(SSL *ssl,int is_export,
01646                                            int keylength));
01647 void SSL_set_tmp_ecdh_callback(SSL *ssl,
01648                                  EC_KEY *(*ecdh)(SSL *ssl,int is_export,
01649                                            int keylength));
01650 #endif
01651 
01652 #ifndef OPENSSL_NO_COMP
01653 const COMP_METHOD *SSL_get_current_compression(SSL *s);
01654 const COMP_METHOD *SSL_get_current_expansion(SSL *s);
01655 const char *SSL_COMP_get_name(const COMP_METHOD *comp);
01656 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
01657 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
01658 #else
01659 const void *SSL_get_current_compression(SSL *s);
01660 const void *SSL_get_current_expansion(SSL *s);
01661 const char *SSL_COMP_get_name(const void *comp);
01662 void *SSL_COMP_get_compression_methods(void);
01663 int SSL_COMP_add_compression_method(int id,void *cm);
01664 #endif
01665 
01666 /* BEGIN ERROR CODES */
01667 /* The following lines are auto generated by the script mkerr.pl. Any changes
01668  * made after this point may be overwritten when the script is next run.
01669  */
01670 void ERR_load_SSL_strings(void);
01671 
01672 /* Error codes for the SSL functions. */
01673 
01674 /* Function codes. */
01675 #define SSL_F_CLIENT_CERTIFICATE                         100
01676 #define SSL_F_CLIENT_FINISHED                            167
01677 #define SSL_F_CLIENT_HELLO                               101
01678 #define SSL_F_CLIENT_MASTER_KEY                          102
01679 #define SSL_F_D2I_SSL_SESSION                            103
01680 #define SSL_F_DO_DTLS1_WRITE                             245
01681 #define SSL_F_DO_SSL3_WRITE                              104
01682 #define SSL_F_DTLS1_ACCEPT                               246
01683 #define SSL_F_DTLS1_ADD_CERT_TO_BUF                      280
01684 #define SSL_F_DTLS1_BUFFER_RECORD                        247
01685 #define SSL_F_DTLS1_CLIENT_HELLO                         248
01686 #define SSL_F_DTLS1_CONNECT                              249
01687 #define SSL_F_DTLS1_ENC                                  250
01688 #define SSL_F_DTLS1_GET_HELLO_VERIFY                     251
01689 #define SSL_F_DTLS1_GET_MESSAGE                          252
01690 #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                 253
01691 #define SSL_F_DTLS1_GET_RECORD                           254
01692 #define SSL_F_DTLS1_HANDLE_TIMEOUT                       282
01693 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                    255
01694 #define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  277
01695 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE           256
01696 #define SSL_F_DTLS1_PROCESS_RECORD                       257
01697 #define SSL_F_DTLS1_READ_BYTES                           258
01698 #define SSL_F_DTLS1_READ_FAILED                          259
01699 #define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST             260
01700 #define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE              261
01701 #define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE             262
01702 #define SSL_F_DTLS1_SEND_CLIENT_VERIFY                   263
01703 #define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST            264
01704 #define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE              265
01705 #define SSL_F_DTLS1_SEND_SERVER_HELLO                    266
01706 #define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE             267
01707 #define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
01708 #define SSL_F_GET_CLIENT_FINISHED                        105
01709 #define SSL_F_GET_CLIENT_HELLO                           106
01710 #define SSL_F_GET_CLIENT_MASTER_KEY                      107
01711 #define SSL_F_GET_SERVER_FINISHED                        108
01712 #define SSL_F_GET_SERVER_HELLO                           109
01713 #define SSL_F_GET_SERVER_VERIFY                          110
01714 #define SSL_F_I2D_SSL_SESSION                            111
01715 #define SSL_F_READ_N                                     112
01716 #define SSL_F_REQUEST_CERTIFICATE                        113
01717 #define SSL_F_SERVER_FINISH                              239
01718 #define SSL_F_SERVER_HELLO                               114
01719 #define SSL_F_SERVER_VERIFY                              240
01720 #define SSL_F_SSL23_ACCEPT                               115
01721 #define SSL_F_SSL23_CLIENT_HELLO                         116
01722 #define SSL_F_SSL23_CONNECT                              117
01723 #define SSL_F_SSL23_GET_CLIENT_HELLO                     118
01724 #define SSL_F_SSL23_GET_SERVER_HELLO                     119
01725 #define SSL_F_SSL23_PEEK                                 237
01726 #define SSL_F_SSL23_READ                                 120
01727 #define SSL_F_SSL23_WRITE                                121
01728 #define SSL_F_SSL2_ACCEPT                                122
01729 #define SSL_F_SSL2_CONNECT                               123
01730 #define SSL_F_SSL2_ENC_INIT                              124
01731 #define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
01732 #define SSL_F_SSL2_PEEK                                  234
01733 #define SSL_F_SSL2_READ                                  125
01734 #define SSL_F_SSL2_READ_INTERNAL                         236
01735 #define SSL_F_SSL2_SET_CERTIFICATE                       126
01736 #define SSL_F_SSL2_WRITE                                 127
01737 #define SSL_F_SSL3_ACCEPT                                128
01738 #define SSL_F_SSL3_ADD_CERT_TO_BUF                       281
01739 #define SSL_F_SSL3_CALLBACK_CTRL                         233
01740 #define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
01741 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
01742 #define SSL_F_SSL3_CLIENT_HELLO                          131
01743 #define SSL_F_SSL3_CONNECT                               132
01744 #define SSL_F_SSL3_CTRL                                  213
01745 #define SSL_F_SSL3_CTX_CTRL                              133
01746 #define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 279
01747 #define SSL_F_SSL3_ENC                                   134
01748 #define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
01749 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
01750 #define SSL_F_SSL3_GET_CERT_STATUS                       288
01751 #define SSL_F_SSL3_GET_CERT_VERIFY                       136
01752 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
01753 #define SSL_F_SSL3_GET_CLIENT_HELLO                      138
01754 #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE               139
01755 #define SSL_F_SSL3_GET_FINISHED                          140
01756 #define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
01757 #define SSL_F_SSL3_GET_MESSAGE                           142
01758 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET                283
01759 #define SSL_F_SSL3_GET_RECORD                            143
01760 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
01761 #define SSL_F_SSL3_GET_SERVER_DONE                       145
01762 #define SSL_F_SSL3_GET_SERVER_HELLO                      146
01763 #define SSL_F_SSL3_NEW_SESSION_TICKET                    284
01764 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
01765 #define SSL_F_SSL3_PEEK                                  235
01766 #define SSL_F_SSL3_READ_BYTES                            148
01767 #define SSL_F_SSL3_READ_N                                149
01768 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST              150
01769 #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
01770 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
01771 #define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
01772 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
01773 #define SSL_F_SSL3_SEND_SERVER_HELLO                     242
01774 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
01775 #define SSL_F_SSL3_SETUP_BUFFERS                         156
01776 #define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
01777 #define SSL_F_SSL3_WRITE_BYTES                           158
01778 #define SSL_F_SSL3_WRITE_PENDING                         159
01779 #define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        285
01780 #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 272
01781 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
01782 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
01783 #define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        286
01784 #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 273
01785 #define SSL_F_SSL_BAD_METHOD                             160
01786 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
01787 #define SSL_F_SSL_CERT_DUP                               221
01788 #define SSL_F_SSL_CERT_INST                              222
01789 #define SSL_F_SSL_CERT_INSTANTIATE                       214
01790 #define SSL_F_SSL_CERT_NEW                               162
01791 #define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
01792 #define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               274
01793 #define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
01794 #define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
01795 #define SSL_F_SSL_CLEAR                                  164
01796 #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
01797 #define SSL_F_SSL_CREATE_CIPHER_LIST                     166
01798 #define SSL_F_SSL_CTRL                                   232
01799 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
01800 #define SSL_F_SSL_CTX_NEW                                169
01801 #define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
01802 #define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             278
01803 #define SSL_F_SSL_CTX_SET_PURPOSE                        226
01804 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
01805 #define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
01806 #define SSL_F_SSL_CTX_SET_TRUST                          229
01807 #define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
01808 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
01809 #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE         220
01810 #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
01811 #define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
01812 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
01813 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
01814 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
01815 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
01816 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
01817 #define SSL_F_SSL_DO_HANDSHAKE                           180
01818 #define SSL_F_SSL_GET_NEW_SESSION                        181
01819 #define SSL_F_SSL_GET_PREV_SESSION                       217
01820 #define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
01821 #define SSL_F_SSL_GET_SIGN_PKEY                          183
01822 #define SSL_F_SSL_INIT_WBIO_BUFFER                       184
01823 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
01824 #define SSL_F_SSL_NEW                                    186
01825 #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      287
01826 #define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               290
01827 #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      289
01828 #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               291
01829 #define SSL_F_SSL_PEEK                                   270
01830 #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT             275
01831 #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT             276
01832 #define SSL_F_SSL_READ                                   223
01833 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
01834 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
01835 #define SSL_F_SSL_SESSION_NEW                            189
01836 #define SSL_F_SSL_SESSION_PRINT_FP                       190
01837 #define SSL_F_SSL_SESS_CERT_NEW                          225
01838 #define SSL_F_SSL_SET_CERT                               191
01839 #define SSL_F_SSL_SET_CIPHER_LIST                        271
01840 #define SSL_F_SSL_SET_FD                                 192
01841 #define SSL_F_SSL_SET_PKEY                               193
01842 #define SSL_F_SSL_SET_PURPOSE                            227
01843 #define SSL_F_SSL_SET_RFD                                194
01844 #define SSL_F_SSL_SET_SESSION                            195
01845 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
01846 #define SSL_F_SSL_SET_TRUST                              228
01847 #define SSL_F_SSL_SET_WFD                                196
01848 #define SSL_F_SSL_SHUTDOWN                               224
01849 #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION               243
01850 #define SSL_F_SSL_UNDEFINED_FUNCTION                     197
01851 #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
01852 #define SSL_F_SSL_USE_CERTIFICATE                        198
01853 #define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
01854 #define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
01855 #define SSL_F_SSL_USE_PRIVATEKEY                         201
01856 #define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
01857 #define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
01858 #define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
01859 #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
01860 #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
01861 #define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
01862 #define SSL_F_SSL_WRITE                                  208
01863 #define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
01864 #define SSL_F_TLS1_ENC                                   210
01865 #define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
01866 #define SSL_F_WRITE_PENDING                              212
01867 
01868 /* Reason codes. */
01869 #define SSL_R_APP_DATA_IN_HANDSHAKE                      100
01870 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
01871 #define SSL_R_BAD_ALERT_RECORD                           101
01872 #define SSL_R_BAD_AUTHENTICATION_TYPE                    102
01873 #define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
01874 #define SSL_R_BAD_CHECKSUM                               104
01875 #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
01876 #define SSL_R_BAD_DECOMPRESSION                          107
01877 #define SSL_R_BAD_DH_G_LENGTH                            108
01878 #define SSL_R_BAD_DH_PUB_KEY_LENGTH                      109
01879 #define SSL_R_BAD_DH_P_LENGTH                            110
01880 #define SSL_R_BAD_DIGEST_LENGTH                          111
01881 #define SSL_R_BAD_DSA_SIGNATURE                          112
01882 #define SSL_R_BAD_ECC_CERT                               304
01883 #define SSL_R_BAD_ECDSA_SIGNATURE                        305
01884 #define SSL_R_BAD_ECPOINT                                306
01885 #define SSL_R_BAD_HELLO_REQUEST                          105
01886 #define SSL_R_BAD_LENGTH                                 271
01887 #define SSL_R_BAD_MAC_DECODE                             113
01888 #define SSL_R_BAD_MESSAGE_TYPE                           114
01889 #define SSL_R_BAD_PACKET_LENGTH                          115
01890 #define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
01891 #define SSL_R_BAD_RESPONSE_ARGUMENT                      117
01892 #define SSL_R_BAD_RSA_DECRYPT                            118
01893 #define SSL_R_BAD_RSA_ENCRYPT                            119
01894 #define SSL_R_BAD_RSA_E_LENGTH                           120
01895 #define SSL_R_BAD_RSA_MODULUS_LENGTH                     121
01896 #define SSL_R_BAD_RSA_SIGNATURE                          122
01897 #define SSL_R_BAD_SIGNATURE                              123
01898 #define SSL_R_BAD_SSL_FILETYPE                           124
01899 #define SSL_R_BAD_SSL_SESSION_ID_LENGTH                  125
01900 #define SSL_R_BAD_STATE                                  126
01901 #define SSL_R_BAD_WRITE_RETRY                            127
01902 #define SSL_R_BIO_NOT_SET                                128
01903 #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
01904 #define SSL_R_BN_LIB                                     130
01905 #define SSL_R_CA_DN_LENGTH_MISMATCH                      131
01906 #define SSL_R_CA_DN_TOO_LONG                             132
01907 #define SSL_R_CCS_RECEIVED_EARLY                         133
01908 #define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
01909 #define SSL_R_CERT_LENGTH_MISMATCH                       135
01910 #define SSL_R_CHALLENGE_IS_DIFFERENT                     136
01911 #define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
01912 #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
01913 #define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
01914 #define SSL_R_CLIENTHELLO_TLSEXT                         157
01915 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
01916 #define SSL_R_COMPRESSION_FAILURE                        141
01917 #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
01918 #define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
01919 #define SSL_R_CONNECTION_ID_IS_DIFFERENT                 143
01920 #define SSL_R_CONNECTION_TYPE_NOT_SET                    144
01921 #define SSL_R_COOKIE_MISMATCH                            308
01922 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
01923 #define SSL_R_DATA_LENGTH_TOO_LONG                       146
01924 #define SSL_R_DECRYPTION_FAILED                          147
01925 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
01926 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
01927 #define SSL_R_DIGEST_CHECK_FAILED                        149
01928 #define SSL_R_DTLS_MESSAGE_TOO_BIG                       318
01929 #define SSL_R_DUPLICATE_COMPRESSION_ID                   309
01930 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER               310
01931 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
01932 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               282
01933 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
01934 #define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
01935 #define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
01936 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
01937 #define SSL_R_HTTPS_PROXY_REQUEST                        155
01938 #define SSL_R_HTTP_REQUEST                               156
01939 #define SSL_R_ILLEGAL_PADDING                            283
01940 #define SSL_R_INVALID_CHALLENGE_LENGTH                   158
01941 #define SSL_R_INVALID_COMMAND                            280
01942 #define SSL_R_INVALID_PURPOSE                            278
01943 #define SSL_R_INVALID_STATUS_RESPONSE                    316
01944 #define SSL_R_INVALID_TICKET_KEYS_LENGTH                 275
01945 #define SSL_R_INVALID_TRUST                              279
01946 #define SSL_R_KEY_ARG_TOO_LONG                           284
01947 #define SSL_R_KRB5                                       285
01948 #define SSL_R_KRB5_C_CC_PRINC                            286
01949 #define SSL_R_KRB5_C_GET_CRED                            287
01950 #define SSL_R_KRB5_C_INIT                                288
01951 #define SSL_R_KRB5_C_MK_REQ                              289
01952 #define SSL_R_KRB5_S_BAD_TICKET                          290
01953 #define SSL_R_KRB5_S_INIT                                291
01954 #define SSL_R_KRB5_S_RD_REQ                              292
01955 #define SSL_R_KRB5_S_TKT_EXPIRED                         293
01956 #define SSL_R_KRB5_S_TKT_NYV                             294
01957 #define SSL_R_KRB5_S_TKT_SKEW                            295
01958 #define SSL_R_LENGTH_MISMATCH                            159
01959 #define SSL_R_LENGTH_TOO_SHORT                           160
01960 #define SSL_R_LIBRARY_BUG                                274
01961 #define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
01962 #define SSL_R_MESSAGE_TOO_LONG                           296
01963 #define SSL_R_MISSING_DH_DSA_CERT                        162
01964 #define SSL_R_MISSING_DH_KEY                             163
01965 #define SSL_R_MISSING_DH_RSA_CERT                        164
01966 #define SSL_R_MISSING_DSA_SIGNING_CERT                   165
01967 #define SSL_R_MISSING_EXPORT_TMP_DH_KEY                  166
01968 #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY                 167
01969 #define SSL_R_MISSING_RSA_CERTIFICATE                    168
01970 #define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
01971 #define SSL_R_MISSING_RSA_SIGNING_CERT                   170
01972 #define SSL_R_MISSING_TMP_DH_KEY                         171
01973 #define SSL_R_MISSING_TMP_ECDH_KEY                       311
01974 #define SSL_R_MISSING_TMP_RSA_KEY                        172
01975 #define SSL_R_MISSING_TMP_RSA_PKEY                       173
01976 #define SSL_R_MISSING_VERIFY_MESSAGE                     174
01977 #define SSL_R_NON_SSLV2_INITIAL_PACKET                   175
01978 #define SSL_R_NO_CERTIFICATES_RETURNED                   176
01979 #define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
01980 #define SSL_R_NO_CERTIFICATE_RETURNED                    178
01981 #define SSL_R_NO_CERTIFICATE_SET                         179
01982 #define SSL_R_NO_CERTIFICATE_SPECIFIED                   180
01983 #define SSL_R_NO_CIPHERS_AVAILABLE                       181
01984 #define SSL_R_NO_CIPHERS_PASSED                          182
01985 #define SSL_R_NO_CIPHERS_SPECIFIED                       183
01986 #define SSL_R_NO_CIPHER_LIST                             184
01987 #define SSL_R_NO_CIPHER_MATCH                            185
01988 #define SSL_R_NO_CLIENT_CERT_METHOD                      317
01989 #define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
01990 #define SSL_R_NO_COMPRESSION_SPECIFIED                   187
01991 #define SSL_R_NO_METHOD_SPECIFIED                        188
01992 #define SSL_R_NO_PRIVATEKEY                              189
01993 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
01994 #define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
01995 #define SSL_R_NO_PUBLICKEY                               192
01996 #define SSL_R_NO_RENEGOTIATION                           319
01997 #define SSL_R_NO_SHARED_CIPHER                           193
01998 #define SSL_R_NO_VERIFY_CALLBACK                         194
01999 #define SSL_R_NULL_SSL_CTX                               195
02000 #define SSL_R_NULL_SSL_METHOD_PASSED                     196
02001 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
02002 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE              297
02003 #define SSL_R_PACKET_LENGTH_TOO_LONG                     198
02004 #define SSL_R_PARSE_TLSEXT                               223
02005 #define SSL_R_PATH_TOO_LONG                              270
02006 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
02007 #define SSL_R_PEER_ERROR                                 200
02008 #define SSL_R_PEER_ERROR_CERTIFICATE                     201
02009 #define SSL_R_PEER_ERROR_NO_CERTIFICATE                  202
02010 #define SSL_R_PEER_ERROR_NO_CIPHER                       203
02011 #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE    204
02012 #define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    205
02013 #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          206
02014 #define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
02015 #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   208
02016 #define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
02017 #define SSL_R_PUBLIC_KEY_NOT_RSA                         210
02018 #define SSL_R_READ_BIO_NOT_SET                           211
02019 #define SSL_R_READ_TIMEOUT_EXPIRED                       312
02020 #define SSL_R_READ_WRONG_PACKET_TYPE                     212
02021 #define SSL_R_RECORD_LENGTH_MISMATCH                     213
02022 #define SSL_R_RECORD_TOO_LARGE                           214
02023 #define SSL_R_RECORD_TOO_SMALL                           298
02024 #define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   320
02025 #define SSL_R_RENEGOTIATION_ENCODING_ERR                 321
02026 #define SSL_R_RENEGOTIATION_MISMATCH                     322
02027 #define SSL_R_REQUIRED_CIPHER_MISSING                    215
02028 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
02029 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
02030 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
02031 #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           324
02032 #define SSL_R_SERVERHELLO_TLSEXT                         224
02033 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
02034 #define SSL_R_SHORT_READ                                 219
02035 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
02036 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
02037 #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                299
02038 #define SSL_R_SSL3_EXT_INVALID_SERVERNAME                225
02039 #define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           226
02040 #define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
02041 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
02042 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
02043 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
02044 #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
02045 #define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
02046 #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
02047 #define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
02048 #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
02049 #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
02050 #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
02051 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
02052 #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
02053 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
02054 #define SSL_R_SSL_HANDSHAKE_FAILURE                      229
02055 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
02056 #define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
02057 #define SSL_R_SSL_SESSION_ID_CONFLICT                    302
02058 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
02059 #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
02060 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                231
02061 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
02062 #define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
02063 #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
02064 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
02065 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
02066 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
02067 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
02068 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
02069 #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
02070 #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
02071 #define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
02072 #define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
02073 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
02074 #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             227
02075 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
02076 #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
02077 #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
02078 #define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
02079 #define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
02080 #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               237
02081 #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
02082 #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
02083 #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
02084 #define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  240
02085 #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           241
02086 #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
02087 #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
02088 #define SSL_R_UNEXPECTED_MESSAGE                         244
02089 #define SSL_R_UNEXPECTED_RECORD                          245
02090 #define SSL_R_UNINITIALIZED                              276
02091 #define SSL_R_UNKNOWN_ALERT_TYPE                         246
02092 #define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
02093 #define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
02094 #define SSL_R_UNKNOWN_CIPHER_TYPE                        249
02095 #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
02096 #define SSL_R_UNKNOWN_PKEY_TYPE                          251
02097 #define SSL_R_UNKNOWN_PROTOCOL                           252
02098 #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  253
02099 #define SSL_R_UNKNOWN_SSL_VERSION                        254
02100 #define SSL_R_UNKNOWN_STATE                              255
02101 #define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       323
02102 #define SSL_R_UNSUPPORTED_CIPHER                         256
02103 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
02104 #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
02105 #define SSL_R_UNSUPPORTED_PROTOCOL                       258
02106 #define SSL_R_UNSUPPORTED_SSL_VERSION                    259
02107 #define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
02108 #define SSL_R_WRITE_BIO_NOT_SET                          260
02109 #define SSL_R_WRONG_CIPHER_RETURNED                      261
02110 #define SSL_R_WRONG_MESSAGE_TYPE                         262
02111 #define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
02112 #define SSL_R_WRONG_SIGNATURE_LENGTH                     264
02113 #define SSL_R_WRONG_SIGNATURE_SIZE                       265
02114 #define SSL_R_WRONG_SSL_VERSION                          266
02115 #define SSL_R_WRONG_VERSION_NUMBER                       267
02116 #define SSL_R_X509_LIB                                   268
02117 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
02118 
02119 #ifdef  __cplusplus
02120 }
02121 #endif
02122 #endif
 Todo Clases Namespaces Archivos Funciones Variables 'typedefs' Enumeraciones Valores de enumeraciones Propiedades Amigas 'defines'