# define SSL_TXT_AES "AES"
# define SSL_TXT_AES_GCM "AESGCM"
# define SSL_TXT_AES_CCM "AESCCM"
+# define SSL_TXT_AES_CCM_8 "AESCCM8"
# define SSL_TXT_CAMELLIA128 "CAMELLIA128"
# define SSL_TXT_CAMELLIA256 "CAMELLIA256"
# define SSL_TXT_CAMELLIA "CAMELLIA"
* The following cipher list is used by default. It also is substituted when
* an application-defined cipher list string starts with 'DEFAULT'.
*/
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL"
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
* starts with a reasonable order, and all we have to do for DEFAULT is
/* Allow initial connection to servers that don't support RI */
# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
/* Removed from OpenSSL 0.9.8q and 1.0.0c */
+/* Dead forever, see CVE-2010-4180. */
# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0L
# define SSL_OP_TLSEXT_PADDING 0x00000010L
# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
*cookie_len));
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
int (*app_verify_cookie_cb) (SSL *ssl,
- unsigned char
+ const unsigned char
*cookie,
unsigned int
cookie_len));
/* Set serverinfo data for the current active cert. */
__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
size_t serverinfo_length);
-# ifndef OPENSSL_NO_STDIO
__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
-# endif /* NO_STDIO */
-# ifndef OPENSSL_NO_STDIO
__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *file);
-# ifndef OPENSSL_SYS_VMS
+# ifndef OPENSSL_SYS_VMS
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *dir);
-# endif
-
# endif
void SSL_load_error_strings(void);
__owur int SSL_get_shutdown(const SSL *ssl);
__owur int SSL_version(const SSL *ssl);
__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath);
# define SSL_get0_session SSL_get_session/* just peek at pointer */
__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
# endif
+extern const char SSL_version_str[];
+
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
# define SSL_F_DTLS1_GET_RECORD 254
# define SSL_F_DTLS1_HANDLE_TIMEOUT 297
# define SSL_F_DTLS1_HEARTBEAT 305
+# define SSL_F_DTLS1_LISTEN 350
# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288
# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
# define SSL_F_DTLS1_SEND_SERVER_HELLO 266
# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
+# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
+# define SSL_F_READ_STATE_MACHINE 352
# define SSL_F_SSL3_ACCEPT 128
# define SSL_F_SSL3_ADD_CERT_TO_BUF 296
# define SSL_F_SSL3_CALLBACK_CTRL 233
# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
# define SSL_F_SSL_VERIFY_CERT_CHAIN 207
# define SSL_F_SSL_WRITE 208
+# define SSL_F_STATE_MACHINE 353
# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
# define SSL_F_TLS1_CERT_VERIFY_MAC 286
# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
# define SSL_F_TLS1_PROCESS_HEARTBEAT 341
# define SSL_F_TLS1_SETUP_KEY_BLOCK 211
# define SSL_F_TLS1_SET_SERVER_SIGALGS 335
+# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354
+# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355
+# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356
+# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357
+# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358
+# define SSL_F_TLS_CONSTRUCT_FINISHED 359
+# define SSL_F_TLS_GET_MESSAGE_BODY 351
+# define SSL_F_TLS_GET_MESSAGE_HEADER 350
+# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360
+# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361
+# define SSL_F_TLS_PROCESS_CERT_STATUS 362
+# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363
+# define SSL_F_TLS_PROCESS_FINISHED 364
+# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365
+# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366
+# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367
+# define SSL_F_TLS_PROCESS_SERVER_DONE 368
+# define SSL_F_TLS_PROCESS_SERVER_HELLO 369
# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
/* Reason codes. */
# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
# define SSL_R_BAD_DH_P_LENGTH 110
# define SSL_R_BAD_DH_P_VALUE 395
+# define SSL_R_BAD_DH_VALUE 102
# define SSL_R_BAD_DIGEST_LENGTH 111
# define SSL_R_BAD_DSA_SIGNATURE 112
# define SSL_R_BAD_ECC_CERT 304
# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
# define SSL_R_COMPRESSION_LIBRARY_ERROR 142
# define SSL_R_CONNECTION_TYPE_NOT_SET 144
+# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400
# define SSL_R_COOKIE_MISMATCH 308
# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
# define SSL_R_DATA_LENGTH_TOO_LONG 146
# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
# define SSL_R_EXTRA_DATA_IN_MESSAGE 153
+# define SSL_R_FRAGMENTED_CLIENT_HELLO 401
# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355
# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356
# define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
# define SSL_R_INVALID_NULL_CMD_NAME 385
# define SSL_R_INVALID_PURPOSE 278
+# define SSL_R_INVALID_SEQUENCE_NUMBER 402
# define SSL_R_INVALID_SERVERINFO_DATA 388
# define SSL_R_INVALID_SRP_USERNAME 357
# define SSL_R_INVALID_STATUS_RESPONSE 328
# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376
# define SSL_R_NO_SRTP_PROFILES 359
# define SSL_R_NO_VERIFY_CALLBACK 194
+# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
# define SSL_R_NULL_SSL_CTX 195
# define SSL_R_NULL_SSL_METHOD_PASSED 196
# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197