# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */
# define SSL_TXT_kECDHE "kECDHE"
# define SSL_TXT_kPSK "kPSK"
+# define SSL_TXT_kRSAPSK "kRSAPSK"
+# define SSL_TXT_kECDHEPSK "kECDHEPSK"
+# define SSL_TXT_kDHEPSK "kDHEPSK"
# define SSL_TXT_kGOST "kGOST"
# define SSL_TXT_kSRP "kSRP"
# define SSL_TXT_AES256 "AES256"
# define SSL_TXT_AES "AES"
# define SSL_TXT_AES_GCM "AESGCM"
+# define SSL_TXT_AES_CCM "AESCCM"
+# define SSL_TXT_AES_CCM_8 "AESCCM8"
# define SSL_TXT_CAMELLIA128 "CAMELLIA128"
# define SSL_TXT_CAMELLIA256 "CAMELLIA256"
# define SSL_TXT_CAMELLIA "CAMELLIA"
* The following cipher list is used by default. It also is substituted when
* an application-defined cipher list string starts with 'DEFAULT'.
*/
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is
STACK_OF(SSL_CIPHER) *peer_ciphers,
SSL_CIPHER **cipher, void *arg);
-# ifndef OPENSSL_NO_TLSEXT
-
/* Typedefs for handling custom extensions */
typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *parse_arg);
-# endif
-
/* Allow initial connection to servers that don't support RI */
# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
/* Removed from OpenSSL 0.9.8q and 1.0.0c */
+/* Dead forever, see CVE-2010-4180. */
# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0L
# define SSL_OP_TLSEXT_PADDING 0x00000010L
# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
# define SSL_OP_TLS_D5_BUG 0x00000100L
-# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
+/* Removed from OpenSSL 1.1.0 */
+# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0L
/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
int SSL_SRP_CTX_free(SSL *ctx);
int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
-__owur int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
__owur int SRP_Calc_A_param(SSL *s);
-__owur int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
# endif
*cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
int (*app_verify_cookie_cb) (SSL *ssl,
- unsigned char
+ const unsigned char
*cookie,
unsigned int
cookie_len));
unsigned *len);
# endif
-# ifndef OPENSSL_NO_TLSEXT
__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client,
unsigned int client_len);
-# endif
# define OPENSSL_NPN_UNSUPPORTED 0
# define OPENSSL_NPN_NEGOTIATED 1
const char *SSL_get_psk_identity(const SSL *s);
# endif
-# ifndef OPENSSL_NO_TLSEXT
/* Register callbacks to handle custom TLS Extensions for client or server. */
__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
__owur int SSL_extension_supported(unsigned int ext_type);
-# endif
-
# define SSL_NOTHING 1
# define SSL_WRITING 2
# define SSL_READING 3
# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
+
+/*
+ * The valid handshake states (one for each type message sent and one for each
+ * type of message received). There are also two "special" states:
+ * TLS = TLS or DTLS state
+ * DTLS = DTLS specific state
+ * CR/SR = Client Read/Server Read
+ * CW/SW = Client Write/Server Write
+ *
+ * The "special" states are:
+ * TLS_ST_BEFORE = No handshake has been initiated yet
+ * TLS_ST_OK = A handshake has been successfully completed
+ */
+typedef enum {
+ TLS_ST_BEFORE,
+ TLS_ST_OK,
+ DTLS_ST_CR_HELLO_VERIFY_REQUEST,
+ TLS_ST_CR_SRVR_HELLO,
+ TLS_ST_CR_CERT,
+ TLS_ST_CR_CERT_STATUS,
+ TLS_ST_CR_KEY_EXCH,
+ TLS_ST_CR_CERT_REQ,
+ TLS_ST_CR_SRVR_DONE,
+ TLS_ST_CR_SESSION_TICKET,
+ TLS_ST_CR_CHANGE,
+ TLS_ST_CR_FINISHED,
+ TLS_ST_CW_CLNT_HELLO,
+ TLS_ST_CW_CERT,
+ TLS_ST_CW_KEY_EXCH,
+ TLS_ST_CW_CERT_VRFY,
+ TLS_ST_CW_CHANGE,
+ TLS_ST_CW_NEXT_PROTO,
+ TLS_ST_CW_FINISHED,
+ TLS_ST_SW_HELLO_REQ,
+ TLS_ST_SR_CLNT_HELLO,
+ DTLS_ST_SW_HELLO_VERIFY_REQUEST,
+ TLS_ST_SW_SRVR_HELLO,
+ TLS_ST_SW_CERT,
+ TLS_ST_SW_KEY_EXCH,
+ TLS_ST_SW_CERT_REQ,
+ TLS_ST_SW_SRVR_DONE,
+ TLS_ST_SR_CERT,
+ TLS_ST_SR_KEY_EXCH,
+ TLS_ST_SR_CERT_VRFY,
+ TLS_ST_SR_NEXT_PROTO,
+ TLS_ST_SR_CHANGE,
+ TLS_ST_SR_FINISHED,
+ TLS_ST_SW_SESSION_TICKET,
+ TLS_ST_SW_CERT_STATUS,
+ TLS_ST_SW_CHANGE,
+ TLS_ST_SW_FINISHED
+} OSSL_HANDSHAKE_STATE;
+
/*
- * The following are the possible values for ssl->state are are used to
- * indicate where we are up to in the SSL connection establishment. The
- * macros that follow are about the only things you should need to use and
- * even then, only when using non-blocking IO. It can also be useful to work
- * out where you were when the connection failed
+ * Most of the following state values are no longer used and are defined to be
+ * the closest equivalent value in the current state machine code. Not all
+ * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT
+ * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP,
+ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT.
*/
# define SSL_ST_CONNECT 0x1000
# define SSL_ST_ACCEPT 0x2000
+
# define SSL_ST_MASK 0x0FFF
-# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
-# define SSL_ST_BEFORE 0x4000
-# define SSL_ST_OK 0x03
-# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR 0x05
+# define SSL_ST_INIT (-1)
+# define SSL_ST_BEFORE TLS_ST_BEFORE
+# define SSL_ST_OK TLS_ST_OK
+# define SSL_ST_RENEGOTIATE (-1)
+# define SSL_ST_ERR (-1)
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
/* Is the SSL_connection established? */
# define SSL_get_state(a) SSL_state(a)
-# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
-# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
-# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
-# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
-# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
+# define SSL_in_connect_init(a) (SSL_in_init(a) && !a->server)
+# define SSL_in_accept_init(a) (SSL_in_init(a) && a->server)
+int SSL_in_init(SSL *s);
+int SSL_in_before(SSL *s);
+int SSL_is_init_finished(SSL *s);
/*
* The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
# define SSL_CTRL_SET_MAX_CERT_LIST 51
# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
/* see tls1.h for macros based on these */
-# ifndef OPENSSL_NO_TLSEXT
-# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
-# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
-# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
-# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
-# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
-# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
-# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
-/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */
-/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
-/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
-# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
-# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
-# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
-# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
-# define SSL_CTRL_SET_SRP_ARG 78
-# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
-# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
-# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
-# ifndef OPENSSL_NO_HEARTBEATS
-# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
-# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
-# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
-# endif
-# endif /* OPENSSL_NO_TLSEXT */
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
+# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
+# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
+# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
+# define SSL_CTRL_SET_SRP_ARG 78
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
+# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
+# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
+# ifndef OPENSSL_NO_HEARTBEATS
+# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
+# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
+# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
+# endif
# define DTLS_CTRL_GET_TIMEOUT 73
# define DTLS_CTRL_HANDLE_TIMEOUT 74
# define DTLS_CTRL_LISTEN 75
__owur int SSL_use_certificate(SSL *ssl, X509 *x);
__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-# ifndef OPENSSL_NO_TLSEXT
/* Set serverinfo data for the current active cert. */
__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
size_t serverinfo_length);
-# ifndef OPENSSL_NO_STDIO
__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
-# endif /* NO_STDIO */
-
-# endif
-# ifndef OPENSSL_NO_STDIO
__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *file);
-# ifndef OPENSSL_SYS_VMS
+# ifndef OPENSSL_SYS_VMS
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *dir);
-# endif
-
# endif
void SSL_load_error_strings(void);
__owur const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
# endif
-#ifdef OPENSSL_USE_DEPRECATED
#define SSLv23_method TLS_method
#define SSLv23_server_method TLS_server_method
#define SSLv23_client_method TLS_client_method
-#endif
/* Negotiate highest available SSL/TLS version */
__owur const SSL_METHOD *TLS_method(void);
__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
__owur int SSL_do_handshake(SSL *s);
__owur int SSL_get_shutdown(const SSL *ssl);
__owur int SSL_version(const SSL *ssl);
__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath);
# define SSL_get0_session SSL_get_session/* just peek at pointer */
void (*cb) (const SSL *ssl, int type, int val));
void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
int val);
-__owur int SSL_state(const SSL *ssl);
-void SSL_set_state(SSL *ssl, int state);
+__owur OSSL_HANDSHAKE_STATE SSL_state(const SSL *ssl);
+void SSL_set_state(SSL *ssl, OSSL_HANDSHAKE_STATE state);
void SSL_set_verify_result(SSL *ssl, long v);
__owur long SSL_get_verify_result(const SSL *ssl);
+__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+ size_t outlen);
+__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+ size_t outlen);
+__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl,
+ unsigned char *out, size_t outlen);
+
__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
void *SSL_get_ex_data(const SSL *ssl, int idx);
__owur int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
# endif
+extern const char SSL_version_str[];
+
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
# define SSL_F_DTLS1_GET_RECORD 254
# define SSL_F_DTLS1_HANDLE_TIMEOUT 297
# define SSL_F_DTLS1_HEARTBEAT 305
+# define SSL_F_DTLS1_LISTEN 350
# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
# define SSL_F_DTLS1_SEND_SERVER_HELLO 266
# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
+# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371
+# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385
+# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
+# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
+# define SSL_F_READ_STATE_MACHINE 352
# define SSL_F_SSL3_ACCEPT 128
# define SSL_F_SSL3_ADD_CERT_TO_BUF 296
# define SSL_F_SSL3_CALLBACK_CTRL 233
# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
# define SSL_F_SSL3_GET_CERT_STATUS 289
# define SSL_F_SSL3_GET_CERT_VERIFY 136
+# define SSL_F_SSL3_GET_CHANGE_CIPHER_SPEC 349
# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
# define SSL_F_SSL3_GET_CLIENT_HELLO 138
# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
# define SSL_F_SSL_CTX_SET_TRUST 229
# define SSL_F_SSL_CTX_USE_CERTIFICATE 171
# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
-# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
# define SSL_F_SSL_READ 223
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
+# define SSL_F_SSL_SESSION_DUP 348
# define SSL_F_SSL_SESSION_NEW 189
# define SSL_F_SSL_SESSION_PRINT_FP 190
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
# define SSL_F_SSL_VERIFY_CERT_CHAIN 207
# define SSL_F_SSL_WRITE 208
+# define SSL_F_STATE_MACHINE 353
# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
# define SSL_F_TLS1_CERT_VERIFY_MAC 286
# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
# define SSL_F_TLS1_PROCESS_HEARTBEAT 341
# define SSL_F_TLS1_SETUP_KEY_BLOCK 211
# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
+# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354
+# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372
+# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355
+# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356
+# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357
+# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358
+# define SSL_F_TLS_CONSTRUCT_FINISHED 359
+# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373
+# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374
+# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375
+# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376
+# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 377
+# define SSL_F_TLS_GET_MESSAGE_BODY 351
+# define SSL_F_TLS_GET_MESSAGE_HEADER 350
+# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378
+# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384
+# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360
+# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361
+# define SSL_F_TLS_PROCESS_CERT_STATUS 362
+# define SSL_F_TLS_PROCESS_CERT_VERIFY 379
+# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363
+# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380
+# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381
+# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382
+# define SSL_F_TLS_PROCESS_FINISHED 364
+# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365
+# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366
+# define SSL_F_TLS_PROCESS_NEXT_PROTO 383
+# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367
+# define SSL_F_TLS_PROCESS_SERVER_DONE 368
+# define SSL_F_TLS_PROCESS_SERVER_HELLO 369
+# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
/* Reason codes. */
# define SSL_R_APP_DATA_IN_HANDSHAKE 100
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
# define SSL_R_BAD_DECOMPRESSION 107
# define SSL_R_BAD_DH_G_LENGTH 108
+# define SSL_R_BAD_DH_G_VALUE 375
# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
+# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
# define SSL_R_BAD_DH_P_LENGTH 110
+# define SSL_R_BAD_DH_P_VALUE 395
+# define SSL_R_BAD_DH_VALUE 102
# define SSL_R_BAD_DIGEST_LENGTH 111
# define SSL_R_BAD_DSA_SIGNATURE 112
# define SSL_R_BAD_ECC_CERT 304
# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
# define SSL_R_COMPRESSION_LIBRARY_ERROR 142
# define SSL_R_CONNECTION_TYPE_NOT_SET 144
+# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400
# define SSL_R_COOKIE_MISMATCH 308
# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
# define SSL_R_DATA_LENGTH_TOO_LONG 146
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
# define SSL_R_EXTRA_DATA_IN_MESSAGE 153
+# define SSL_R_FRAGMENTED_CLIENT_HELLO 401
# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355
# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356
# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
# define SSL_R_INVALID_NULL_CMD_NAME 385
# define SSL_R_INVALID_PURPOSE 278
+# define SSL_R_INVALID_SEQUENCE_NUMBER 402
# define SSL_R_INVALID_SERVERINFO_DATA 388
# define SSL_R_INVALID_SRP_USERNAME 357
# define SSL_R_INVALID_STATUS_RESPONSE 328
# define SSL_R_INVALID_TICKET_KEYS_LENGTH 325
# define SSL_R_INVALID_TRUST 279
# define SSL_R_LENGTH_MISMATCH 159
+# define SSL_R_LENGTH_TOO_LONG 102
# define SSL_R_LENGTH_TOO_SHORT 160
# define SSL_R_LIBRARY_BUG 274
# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376
# define SSL_R_NO_SRTP_PROFILES 359
# define SSL_R_NO_VERIFY_CALLBACK 194
+# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
# define SSL_R_NULL_SSL_CTX 195
# define SSL_R_NULL_SSL_METHOD_PASSED 196
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197