# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */
# define SSL_TXT_kECDHE "kECDHE"
# define SSL_TXT_kPSK "kPSK"
+# define SSL_TXT_kRSAPSK "kRSAPSK"
+# define SSL_TXT_kECDHEPSK "kECDHEPSK"
+# define SSL_TXT_kDHEPSK "kDHEPSK"
# define SSL_TXT_kGOST "kGOST"
# define SSL_TXT_kSRP "kSRP"
STACK_OF(SSL_CIPHER) *peer_ciphers,
SSL_CIPHER **cipher, void *arg);
-# ifndef OPENSSL_NO_TLSEXT
-
/* Typedefs for handling custom extensions */
typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *parse_arg);
-# endif
-
/* Allow initial connection to servers that don't support RI */
# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
/* Removed from OpenSSL 0.9.8q and 1.0.0c */
# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
# define SSL_OP_TLS_D5_BUG 0x00000100L
-# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
+/* Removed from OpenSSL 1.1.0 */
+# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0L
/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
int SSL_SRP_CTX_free(SSL *ctx);
int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
-__owur int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
__owur int SRP_Calc_A_param(SSL *s);
-__owur int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
# endif
unsigned *len);
# endif
-# ifndef OPENSSL_NO_TLSEXT
__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
const unsigned char *client,
unsigned int client_len);
-# endif
# define OPENSSL_NPN_UNSUPPORTED 0
# define OPENSSL_NPN_NEGOTIATED 1
const char *SSL_get_psk_identity(const SSL *s);
# endif
-# ifndef OPENSSL_NO_TLSEXT
/* Register callbacks to handle custom TLS Extensions for client or server. */
__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
__owur int SSL_extension_supported(unsigned int ext_type);
-# endif
-
# define SSL_NOTHING 1
# define SSL_WRITING 2
# define SSL_READING 3
# define SSL_CTRL_SET_MAX_CERT_LIST 51
# define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
/* see tls1.h for macros based on these */
-# ifndef OPENSSL_NO_TLSEXT
-# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
-# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
-# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
-# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
-# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
-# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
-# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
-/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */
-/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
-/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
-# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
-# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
-# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
-# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
-# define SSL_CTRL_SET_SRP_ARG 78
-# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
-# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
-# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
-# ifndef OPENSSL_NO_HEARTBEATS
-# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
-# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
-# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
-# endif
-# endif /* OPENSSL_NO_TLSEXT */
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
+# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75
+# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76
+# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77
+# define SSL_CTRL_SET_SRP_ARG 78
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79
+# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80
+# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81
+# ifndef OPENSSL_NO_HEARTBEATS
+# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85
+# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
+# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
+# endif
# define DTLS_CTRL_GET_TIMEOUT 73
# define DTLS_CTRL_HANDLE_TIMEOUT 74
# define DTLS_CTRL_LISTEN 75
__owur int SSL_use_certificate(SSL *ssl, X509 *x);
__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-# ifndef OPENSSL_NO_TLSEXT
/* Set serverinfo data for the current active cert. */
__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
size_t serverinfo_length);
-# ifndef OPENSSL_NO_STDIO
+# ifndef OPENSSL_NO_STDIO
__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
-# endif /* NO_STDIO */
-
-# endif
+# endif /* NO_STDIO */
# ifndef OPENSSL_NO_STDIO
__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
__owur const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
# endif
-#ifdef OPENSSL_USE_DEPRECATED
#define SSLv23_method TLS_method
#define SSLv23_server_method TLS_server_method
#define SSLv23_client_method TLS_client_method
-#endif
/* Negotiate highest available SSL/TLS version */
__owur const SSL_METHOD *TLS_method(void);
__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
__owur int SSL_do_handshake(SSL *s);
void SSL_set_verify_result(SSL *ssl, long v);
__owur long SSL_get_verify_result(const SSL *ssl);
+__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+ size_t outlen);
+__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+ size_t outlen);
+__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl,
+ unsigned char *out, size_t outlen);
+
__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
void *SSL_get_ex_data(const SSL *ssl, int idx);
__owur int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
# define SSL_F_DTLS1_SEND_SERVER_HELLO 266
# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
-# define SSL_F_SSL23_ACCEPT 115
-# define SSL_F_SSL23_CLIENT_HELLO 116
-# define SSL_F_SSL23_CONNECT 117
-# define SSL_F_SSL23_GET_CLIENT_HELLO 118
-# define SSL_F_SSL23_GET_SERVER_HELLO 119
-# define SSL_F_SSL23_PEEK 237
-# define SSL_F_SSL23_READ 120
-# define SSL_F_SSL23_WRITE 121
# define SSL_F_SSL3_ACCEPT 128
# define SSL_F_SSL3_ADD_CERT_TO_BUF 296
# define SSL_F_SSL3_CALLBACK_CTRL 233
# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
# define SSL_F_SSL3_GET_CERT_STATUS 289
# define SSL_F_SSL3_GET_CERT_VERIFY 136
+# define SSL_F_SSL3_GET_CHANGE_CIPHER_SPEC 348
# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
# define SSL_F_SSL3_GET_CLIENT_HELLO 138
# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
# define SSL_F_SSL_READ 223
# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320
# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321
+# define SSL_F_SSL_SESSION_DUP 348
# define SSL_F_SSL_SESSION_NEW 189
# define SSL_F_SSL_SESSION_PRINT_FP 190
# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312
# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
# define SSL_F_SSL_SET_SESSION_TICKET_EXT 294
# define SSL_F_SSL_SET_TRUST 228
+# define SSL_F_SSL_SET_VERSION 347
# define SSL_F_SSL_SET_WFD 196
# define SSL_F_SSL_SHUTDOWN 224
# define SSL_F_SSL_SRP_CTX_INIT 313
# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
-# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320