Fix error codes.

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index a9f3d776663184ca3bb87d711e1437caf346c924..d6bbc449ddf4482405c740bce198687f4a708551 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -485,6 +485,8 @@ typedef struct ssl_session_st
 
 #define SSL_OP_MICROSOFT_SESS_ID_BUG                   0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG                  0x00000002L
+/* Allow initial connection to servers that don't support RI */
+#define SSL_OP_LEGACY_SERVER_CONNECT                   0x00000004L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG                0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG             0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER              0x00000020L
@@ -492,7 +494,6 @@ typedef struct ssl_session_st
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                        0x00000080L
 #define SSL_OP_TLS_D5_BUG                              0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                   0x00000200L
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION       0x00000400L
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -516,6 +517,8 @@ typedef struct ssl_session_st
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION  0x00010000L
+/* Permit unsafe legacy renegotiation */
+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION       0x00040000L
 /* If set, always create a new key when using tmp_ecdh parameters */
 #define SSL_OP_SINGLE_ECDH_USE                         0x00080000L
 /* If set, always create a new key when using tmp_dh parameters */
@@ -564,17 +567,25 @@ typedef struct ssl_session_st
 
 #define SSL_CTX_set_options(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_clear_options(ctx,op) \
+       SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_CTX_get_options(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
 #define SSL_set_options(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_clear_options(ssl,op) \
+       SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_get_options(ssl) \
         SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
 
 #define SSL_CTX_set_mode(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_clear_mode(ctx,op) \
+       SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_CTX_get_mode(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_clear_mode(ssl,op) \
+       SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_set_mode(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
 #define SSL_get_mode(ssl) \
@@ -1251,8 +1262,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_CTRL_GET_MAX_CERT_LIST             50
 #define SSL_CTRL_SET_MAX_CERT_LIST             51
 
-#define SSL_CTRL_GET_RI_SUPPORT                        53
-
 /* see tls1.h for macros based on these */
 #ifndef OPENSSL_NO_TLSEXT
 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB      53
@@ -1280,6 +1289,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define DTLS_CTRL_HANDLE_TIMEOUT       74
 #define DTLS_CTRL_LISTEN                       75
 
+#define SSL_CTRL_GET_RI_SUPPORT                        76
+#define SSL_CTRL_CLEAR_OPTIONS                 77
+#define SSL_CTRL_CLEAR_MODE                    78
+
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -1669,6 +1682,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_DTLS1_ACCEPT                              246
 #define SSL_F_DTLS1_ADD_CERT_TO_BUF                     280
 #define SSL_F_DTLS1_BUFFER_RECORD                       247
+#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                   293
 #define SSL_F_DTLS1_CLIENT_HELLO                        248
 #define SSL_F_DTLS1_CONNECT                             249
 #define SSL_F_DTLS1_ENC                                         250
@@ -1726,6 +1740,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_CALLBACK_CTRL                        233
 #define SSL_F_SSL3_CHANGE_CIPHER_STATE                  129
 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM             130
+#define SSL_F_SSL3_CHECK_CLIENT_HELLO                   292
 #define SSL_F_SSL3_CLIENT_HELLO                                 131
 #define SSL_F_SSL3_CONNECT                              132
 #define SSL_F_SSL3_CTRL                                         213
@@ -1805,6 +1820,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_GET_NEW_SESSION                       181
 #define SSL_F_SSL_GET_PREV_SESSION                      217
 #define SSL_F_SSL_GET_SERVER_SEND_CERT                  182
+#define SSL_F_SSL_GET_SERVER_SEND_PKEY                  317
 #define SSL_F_SSL_GET_SIGN_PKEY                                 183
 #define SSL_F_SSL_INIT_WBIO_BUFFER                      184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                   185
@@ -1961,6 +1977,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_MISSING_TMP_RSA_KEY                       172
 #define SSL_R_MISSING_TMP_RSA_PKEY                      173
 #define SSL_R_MISSING_VERIFY_MESSAGE                    174
+#define SSL_R_MULTIPLE_SGC_RESTARTS                     325
 #define SSL_R_NON_SSLV2_INITIAL_PACKET                  175
 #define SSL_R_NO_CERTIFICATES_RETURNED                  176
 #define SSL_R_NO_CERTIFICATE_ASSIGNED                   177
@@ -2015,6 +2032,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                  217
 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                218
+#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING          324
 #define SSL_R_SERVERHELLO_TLSEXT                        224
 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED          277
 #define SSL_R_SHORT_READ                                219