Fix error codes.
[openssl.git] / ssl / ssl.h
index f94f0f0e9442f108acea7ea5e41f8d99f2c5a2c1..d6bbc449ddf4482405c740bce198687f4a708551 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -485,6 +485,8 @@ typedef struct ssl_session_st
 
 #define SSL_OP_MICROSOFT_SESS_ID_BUG                   0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG                  0x00000002L
+/* Allow initial connection to servers that don't support RI */
+#define SSL_OP_LEGACY_SERVER_CONNECT                   0x00000004L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG                0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG             0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER              0x00000020L
@@ -515,6 +517,8 @@ typedef struct ssl_session_st
 
 /* As server, disallow session resumption on renegotiation */
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION  0x00010000L
+/* Permit unsafe legacy renegotiation */
+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION       0x00040000L
 /* If set, always create a new key when using tmp_ecdh parameters */
 #define SSL_OP_SINGLE_ECDH_USE                         0x00080000L
 /* If set, always create a new key when using tmp_dh parameters */
@@ -563,17 +567,25 @@ typedef struct ssl_session_st
 
 #define SSL_CTX_set_options(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_clear_options(ctx,op) \
+       SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_CTX_get_options(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
 #define SSL_set_options(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_clear_options(ssl,op) \
+       SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
 #define SSL_get_options(ssl) \
         SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
 
 #define SSL_CTX_set_mode(ctx,op) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_clear_mode(ctx,op) \
+       SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_CTX_get_mode(ctx) \
        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_clear_mode(ssl,op) \
+       SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
 #define SSL_set_mode(ssl,op) \
        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
 #define SSL_get_mode(ssl) \
@@ -581,6 +593,8 @@ typedef struct ssl_session_st
 #define SSL_set_mtu(ssl, mtu) \
         SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
 
+#define SSL_get_secure_renegotiation_support(ssl) \
+       SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
 
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
@@ -1275,6 +1289,10 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define DTLS_CTRL_HANDLE_TIMEOUT       74
 #define DTLS_CTRL_LISTEN                       75
 
+#define SSL_CTRL_GET_RI_SUPPORT                        76
+#define SSL_CTRL_CLEAR_OPTIONS                 77
+#define SSL_CTRL_CLEAR_MODE                    78
+
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -1664,6 +1682,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_DTLS1_ACCEPT                              246
 #define SSL_F_DTLS1_ADD_CERT_TO_BUF                     280
 #define SSL_F_DTLS1_BUFFER_RECORD                       247
+#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                   293
 #define SSL_F_DTLS1_CLIENT_HELLO                        248
 #define SSL_F_DTLS1_CONNECT                             249
 #define SSL_F_DTLS1_ENC                                         250
@@ -1721,6 +1740,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_CALLBACK_CTRL                        233
 #define SSL_F_SSL3_CHANGE_CIPHER_STATE                  129
 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM             130
+#define SSL_F_SSL3_CHECK_CLIENT_HELLO                   292
 #define SSL_F_SSL3_CLIENT_HELLO                                 131
 #define SSL_F_SSL3_CONNECT                              132
 #define SSL_F_SSL3_CTRL                                         213
@@ -1758,9 +1778,11 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_SETUP_KEY_BLOCK                      157
 #define SSL_F_SSL3_WRITE_BYTES                          158
 #define SSL_F_SSL3_WRITE_PENDING                        159
+#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT       285
 #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                272
 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK        215
 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK       216
+#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT       286
 #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                273
 #define SSL_F_SSL_BAD_METHOD                            160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST                  161
@@ -1798,10 +1820,15 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_GET_NEW_SESSION                       181
 #define SSL_F_SSL_GET_PREV_SESSION                      217
 #define SSL_F_SSL_GET_SERVER_SEND_CERT                  182
+#define SSL_F_SSL_GET_SERVER_SEND_PKEY                  317
 #define SSL_F_SSL_GET_SIGN_PKEY                                 183
 #define SSL_F_SSL_INIT_WBIO_BUFFER                      184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                   185
 #define SSL_F_SSL_NEW                                   186
+#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT     287
+#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT              290
+#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT     289
+#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT              291
 #define SSL_F_SSL_PEEK                                  270
 #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT            275
 #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT            276
@@ -1950,6 +1977,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_MISSING_TMP_RSA_KEY                       172
 #define SSL_R_MISSING_TMP_RSA_PKEY                      173
 #define SSL_R_MISSING_VERIFY_MESSAGE                    174
+#define SSL_R_MULTIPLE_SGC_RESTARTS                     325
 #define SSL_R_NON_SSLV2_INITIAL_PACKET                  175
 #define SSL_R_NO_CERTIFICATES_RETURNED                  176
 #define SSL_R_NO_CERTIFICATE_ASSIGNED                   177
@@ -1997,10 +2025,14 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_RECORD_LENGTH_MISMATCH                    213
 #define SSL_R_RECORD_TOO_LARGE                          214
 #define SSL_R_RECORD_TOO_SMALL                          298
+#define SSL_R_RENEGOTIATE_EXT_TOO_LONG                  320
+#define SSL_R_RENEGOTIATION_ENCODING_ERR                321
+#define SSL_R_RENEGOTIATION_MISMATCH                    322
 #define SSL_R_REQUIRED_CIPHER_MISSING                   215
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                  217
 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                218
+#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING          324
 #define SSL_R_SERVERHELLO_TLSEXT                        224
 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED          277
 #define SSL_R_SHORT_READ                                219
@@ -2070,6 +2102,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                         253
 #define SSL_R_UNKNOWN_SSL_VERSION                       254
 #define SSL_R_UNKNOWN_STATE                             255
+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED      323
 #define SSL_R_UNSUPPORTED_CIPHER                        256
 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM                 257
 #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                315