* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
*
*/
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* ECC cipher suite support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
#ifndef HEADER_SSL_H
#define HEADER_SSL_H
#define SSL_TXT_RC2 "RC2"
#define SSL_TXT_IDEA "IDEA"
#define SSL_TXT_AES "AES"
+#define SSL_TXT_CAMELLIA "CAMELLIA"
#define SSL_TXT_MD5 "MD5"
#define SSL_TXT_SHA1 "SHA1"
#define SSL_TXT_SHA "SHA"
#define SSL_TXT_TLSV1 "TLSv1"
#define SSL_TXT_ALL "ALL"
#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */
+#define SSL_TXT_PSK "PSK"
+#define SSL_TXT_kPSK "kPSK"
+#define SSL_TXT_aPSK "aPSK"
/*
* COMPLEMENTOF* definitions. These identifiers are used to (de-select)
/* The following cipher list is used by default.
* It also is substituted when an application-defined cipher list string
* starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
+#define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
#define SSL_SENT_SHUTDOWN 1
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
* SSLversion INTEGER, -- SSL version number
- * Cipher OCTET_STRING, -- the 3 byte cipher ID
- * Session_ID OCTET_STRING, -- the Session ID
- * Master_key OCTET_STRING, -- the master key
- * KRB5_principal OCTET_STRING -- optional Kerberos principal
- * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
+ * Cipher OCTET STRING, -- the 3 byte cipher ID
+ * Session_ID OCTET STRING, -- the Session ID
+ * Master_key OCTET STRING, -- the master key
+ * KRB5_principal OCTET STRING -- optional Kerberos principal
+ * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
- * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
- * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer'
- * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
+ * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
+ * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
+ * HostName [ 6 ] EXPLICY OCTET STRING, -- optional HostName from servername TLS extension
+ * ECPointFormatList [ 7 ] OCTET STRING, -- optional EC point format list from TLS extension
+ * PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ * PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity
* }
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
unsigned int krb5_client_princ_len;
unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
#endif /* OPENSSL_NO_KRB5 */
-
+#ifndef OPENSSL_NO_PSK
+ char *psk_identity_hint;
+ char *psk_identity;
+#endif
int not_resumable;
/* The cert is the certificate used to establish this connection */
/* These are used to make removal of session-ids more
* efficient and to implement a maximum cache size. */
struct ssl_session_st *prev,*next;
+#ifndef OPENSSL_NO_TLSEXT
+ char *tlsext_hostname;
+#ifndef OPENSSL_NO_EC
+ size_t tlsext_ecpointformatlist_length;
+ unsigned char *tlsext_ecpointformatlist; /* peer's list */
+ size_t tlsext_ellipticcurvelist_length;
+ unsigned char *tlsext_ellipticcurvelist; /* peer's list */
+#endif /* OPENSSL_NO_EC */
+#endif
} SSL_SESSION;
* padding and MAC overheads.
*/
unsigned int max_send_fragment;
+
+#ifndef OPENSSL_NO_TLSEXT
+ /* TLS extensions servername callback */
+ int (*tlsext_servername_callback)(SSL*, int *, void *);
+ void *tlsext_servername_arg;
+#endif
+#ifndef OPENSSL_NO_PSK
+ char *psk_identity_hint;
+ unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
+ unsigned int max_identity_len, unsigned char *psk,
+ unsigned int max_psk_len);
+ unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+ unsigned char *psk, unsigned int max_psk_len);
+#endif
};
#define SSL_SESS_CACHE_OFF 0x0000
#define SSL_CTX_set_cookie_generate_cb(ctx,cb) ((ctx)->app_gen_cookie_cb=(cb))
#define SSL_CTX_set_cookie_verify_cb(ctx,cb) ((ctx)->app_verify_cookie_cb=(cb))
+#ifndef OPENSSL_NO_PSK
+/* the maximum length of the buffer given to callbacks containing the
+ * resulting identity/psk */
+#define PSK_MAX_IDENTITY_LEN 128
+#define PSK_MAX_PSK_LEN 64
+#define SSL_CTX_set_psk_client_callback(ctx,cb) ((ctx)->psk_client_callback=(cb))
+#define SSL_set_psk_client_callback(ssl, cb) ((ssl)->psk_client_callback=(cb))
+#define SSL_CTX_set_psk_server_callback(ctx,cb) ((ctx)->psk_server_callback=(cb))
+#define SSL_set_psk_server_callback(ssl, cb) ((ssl)->psk_server_callback=(cb))
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
+const char *SSL_get_psk_identity_hint(const SSL *s);
+const char *SSL_get_psk_identity(const SSL *s);
+#endif
+
#define SSL_NOTHING 1
#define SSL_WRITING 2
#define SSL_READING 3
KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
#endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_PSK
+ unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
+ unsigned int max_identity_len, unsigned char *psk,
+ unsigned int max_psk_len);
+ unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+ unsigned char *psk, unsigned int max_psk_len);
+#endif
+
SSL_CTX *ctx;
/* set this flag to 1 and a sleep(1) is put into all SSL_read()
* and SSL_write() calls, good for nbio debuging :-) */
int client_version; /* what was passed, used for
* SSLv3/TLS rollback check */
unsigned int max_send_fragment;
+#ifndef OPENSSL_NO_TLSEXT
+ char *tlsext_hostname;
+ int servername_done; /* no further mod of servername
+ 0 : call the servername extension callback.
+ 1 : prepare 2, allow last ack just after in server callback.
+ 2 : don't call servername callback, no ack in server hello
+ */
+#ifndef OPENSSL_NO_EC
+ size_t tlsext_ecpointformatlist_length;
+ unsigned char *tlsext_ecpointformatlist; /* our list */
+ size_t tlsext_ellipticcurvelist_length;
+ unsigned char *tlsext_ellipticcurvelist; /* our list */
+#endif /* OPENSSL_NO_EC */
+ SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
+#define session_ctx initial_ctx
+#else
+#define session_ctx ctx
+#endif
};
#ifdef __cplusplus
PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
#endif
-#define SSL_AD_REASON_OFFSET 1000
+#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */
+
/* These alert types are for SSLv3 and TLSv1 */
#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
+#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
+#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
+#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
#define SSL_ERROR_NONE 0
#define SSL_ERROR_SSL 1
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
+/* see tls1.h for macros based on these */
+#ifndef OPENSSL_NO_TLSEXT
+#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
+#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
+#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
+#endif
+
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
#define SSL_num_renegotiations(ssl) \
SSL_SESSION *SSL_get_session(const SSL *ssl);
SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
void SSL_set_info_callback(SSL *ssl,
void (*cb)(const SSL *ssl,int type,int val));
void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
/* Function codes. */
#define SSL_F_CLIENT_CERTIFICATE 100
-#define SSL_F_CLIENT_FINISHED 238
+#define SSL_F_CLIENT_FINISHED 167
#define SSL_F_CLIENT_HELLO 101
#define SSL_F_CLIENT_MASTER_KEY 102
#define SSL_F_D2I_SSL_SESSION 103
-#define SSL_F_DO_DTLS1_WRITE 1003
+#define SSL_F_DO_DTLS1_WRITE 245
#define SSL_F_DO_SSL3_WRITE 104
-#define SSL_F_DTLS1_ACCEPT 1004
-#define SSL_F_DTLS1_BUFFER_RECORD 1005
-#define SSL_F_DTLS1_CLIENT_HELLO 1006
-#define SSL_F_DTLS1_CONNECT 1007
-#define SSL_F_DTLS1_ENC 1008
-#define SSL_F_DTLS1_GET_HELLO_VERIFY 1009
-#define SSL_F_DTLS1_GET_MESSAGE 1010
-#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 1011
-#define SSL_F_DTLS1_GET_RECORD 1012
-#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 1013
-#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 1014
-#define SSL_F_DTLS1_PROCESS_RECORD 1015
-#define SSL_F_DTLS1_READ_BYTES 1016
-#define SSL_F_DTLS1_READ_FAILED 1001
-#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 1017
-#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 1018
-#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 1019
-#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 1020
-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 1002
-#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 1021
-#define SSL_F_DTLS1_SEND_SERVER_HELLO 1022
-#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 1023
-#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 1024
+#define SSL_F_DTLS1_ACCEPT 246
+#define SSL_F_DTLS1_BUFFER_RECORD 247
+#define SSL_F_DTLS1_CLIENT_HELLO 248
+#define SSL_F_DTLS1_CONNECT 249
+#define SSL_F_DTLS1_ENC 250
+#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
+#define SSL_F_DTLS1_GET_MESSAGE 252
+#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
+#define SSL_F_DTLS1_GET_RECORD 254
+#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
+#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
+#define SSL_F_DTLS1_PROCESS_RECORD 257
+#define SSL_F_DTLS1_READ_BYTES 258
+#define SSL_F_DTLS1_READ_FAILED 259
+#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
+#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
+#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
+#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
+#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
+#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
+#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
+#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
+#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
#define SSL_F_GET_CLIENT_FINISHED 105
#define SSL_F_GET_CLIENT_HELLO 106
#define SSL_F_GET_CLIENT_MASTER_KEY 107
#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
#define SSL_F_SSL3_WRITE_BYTES 158
#define SSL_F_SSL3_WRITE_PENDING 159
+#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
+#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278
#define SSL_F_SSL_BAD_METHOD 160
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
#define SSL_F_SSL_CERT_DUP 221
#define SSL_F_SSL_CTRL 232
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
#define SSL_F_SSL_CTX_NEW 169
-#define SSL_F_SSL_CTX_SET_CIPHER_LIST 1026
+#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
#define SSL_F_SSL_CTX_SET_PURPOSE 226
#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
+#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
#define SSL_F_SSL_INIT_WBIO_BUFFER 184
#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
#define SSL_F_SSL_NEW 186
-#define SSL_F_SSL_PEEK 1025
+#define SSL_F_SSL_PEEK 270
#define SSL_F_SSL_READ 223
#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
#define SSL_F_SSL_SESSION_PRINT_FP 190
#define SSL_F_SSL_SESS_CERT_NEW 225
#define SSL_F_SSL_SET_CERT 191
-#define SSL_F_SSL_SET_CIPHER_LIST 1027
+#define SSL_F_SSL_SET_CIPHER_LIST 271
#define SSL_F_SSL_SET_FD 192
#define SSL_F_SSL_SET_PKEY 193
#define SSL_F_SSL_SET_PURPOSE 227
#define SSL_F_SSL_USE_PRIVATEKEY 201
#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
+#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273
#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
#define SSL_F_SSL_WRITE 208
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
+#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274
#define SSL_F_TLS1_ENC 210
+#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
+#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
#define SSL_F_WRITE_PENDING 212
#define SSL_R_BAD_DH_P_LENGTH 110
#define SSL_R_BAD_DIGEST_LENGTH 111
#define SSL_R_BAD_DSA_SIGNATURE 112
-#define SSL_R_BAD_ECC_CERT 1117
-#define SSL_R_BAD_ECDSA_SIGNATURE 1112
-#define SSL_R_BAD_ECPOINT 1113
+#define SSL_R_BAD_ECC_CERT 304
+#define SSL_R_BAD_ECDSA_SIGNATURE 305
+#define SSL_R_BAD_ECPOINT 306
#define SSL_R_BAD_HELLO_REQUEST 105
#define SSL_R_BAD_LENGTH 271
#define SSL_R_BAD_MAC_DECODE 113
#define SSL_R_BAD_MESSAGE_TYPE 114
#define SSL_R_BAD_PACKET_LENGTH 115
#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
+#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316
#define SSL_R_BAD_RESPONSE_ARGUMENT 117
#define SSL_R_BAD_RSA_DECRYPT 118
#define SSL_R_BAD_RSA_ENCRYPT 119
#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
+#define SSL_R_CLIENTHELLO_TLSEXT 226
#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
#define SSL_R_COMPRESSION_FAILURE 141
-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 1120
+#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
#define SSL_R_CONNECTION_TYPE_NOT_SET 144
-#define SSL_R_COOKIE_MISMATCH 2002
+#define SSL_R_COOKIE_MISMATCH 308
#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
#define SSL_R_DATA_LENGTH_TOO_LONG 146
#define SSL_R_DECRYPTION_FAILED 147
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109
+#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
#define SSL_R_DIGEST_CHECK_FAILED 149
-#define SSL_R_DUPLICATE_COMPRESSION_ID 1121
-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 1119
+#define SSL_R_DUPLICATE_COMPRESSION_ID 309
+#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092
+#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
#define SSL_R_HTTPS_PROXY_REQUEST 155
#define SSL_R_HTTP_REQUEST 156
-#define SSL_R_ILLEGAL_PADDING 1110
+#define SSL_R_ILLEGAL_PADDING 283
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
-#define SSL_R_KEY_ARG_TOO_LONG 1112
-#define SSL_R_KRB5 1104
-#define SSL_R_KRB5_C_CC_PRINC 1094
-#define SSL_R_KRB5_C_GET_CRED 1095
-#define SSL_R_KRB5_C_INIT 1096
-#define SSL_R_KRB5_C_MK_REQ 1097
-#define SSL_R_KRB5_S_BAD_TICKET 1098
-#define SSL_R_KRB5_S_INIT 1099
-#define SSL_R_KRB5_S_RD_REQ 1108
-#define SSL_R_KRB5_S_TKT_EXPIRED 1105
-#define SSL_R_KRB5_S_TKT_NYV 1106
-#define SSL_R_KRB5_S_TKT_SKEW 1107
+#define SSL_R_KEY_ARG_TOO_LONG 284
+#define SSL_R_KRB5 285
+#define SSL_R_KRB5_C_CC_PRINC 286
+#define SSL_R_KRB5_C_GET_CRED 287
+#define SSL_R_KRB5_C_INIT 288
+#define SSL_R_KRB5_C_MK_REQ 289
+#define SSL_R_KRB5_S_BAD_TICKET 290
+#define SSL_R_KRB5_S_INIT 291
+#define SSL_R_KRB5_S_RD_REQ 292
+#define SSL_R_KRB5_S_TKT_EXPIRED 293
+#define SSL_R_KRB5_S_TKT_NYV 294
+#define SSL_R_KRB5_S_TKT_SKEW 295
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
-#define SSL_R_MASTER_KEY_TOO_LONG 1112
-#define SSL_R_MESSAGE_TOO_LONG 1111
+#define SSL_R_MESSAGE_TOO_LONG 296
#define SSL_R_MISSING_DH_DSA_CERT 162
#define SSL_R_MISSING_DH_KEY 163
#define SSL_R_MISSING_DH_RSA_CERT 164
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
#define SSL_R_MISSING_RSA_SIGNING_CERT 170
#define SSL_R_MISSING_TMP_DH_KEY 171
-#define SSL_R_MISSING_TMP_ECDH_KEY 1114
+#define SSL_R_MISSING_TMP_ECDH_KEY 311
#define SSL_R_MISSING_TMP_RSA_KEY 172
#define SSL_R_MISSING_TMP_RSA_PKEY 173
#define SSL_R_MISSING_VERIFY_MESSAGE 174
#define SSL_R_NULL_SSL_CTX 195
#define SSL_R_NULL_SSL_METHOD_PASSED 196
#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
+#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
#define SSL_R_PACKET_LENGTH_TOO_LONG 198
+#define SSL_R_PARSE_TLSEXT 227
#define SSL_R_PATH_TOO_LONG 270
#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
#define SSL_R_PEER_ERROR 200
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
+#define SSL_R_PSK_IDENTITY_NOT_FOUND 223
+#define SSL_R_PSK_NO_CLIENT_CB 224
+#define SSL_R_PSK_NO_SERVER_CB 225
#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
#define SSL_R_PUBLIC_KEY_NOT_RSA 210
#define SSL_R_READ_BIO_NOT_SET 211
-#define SSL_R_READ_TIMEOUT_EXPIRED 2001
+#define SSL_R_READ_TIMEOUT_EXPIRED 312
#define SSL_R_READ_WRONG_PACKET_TYPE 212
#define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214
-#define SSL_R_RECORD_TOO_SMALL 1093
+#define SSL_R_RECORD_TOO_SMALL 298
#define SSL_R_REQUIRED_CIPHER_MISSING 215
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
+#define SSL_R_SERVERHELLO_TLSEXT 275
#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 1114
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
+#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
+#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227
#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
#define SSL_R_SSL_HANDSHAKE_FAILURE 229
#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102
-#define SSL_R_SSL_SESSION_ID_CONFLICT 1103
+#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
+#define SSL_R_SSL_SESSION_ID_CONFLICT 302
#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101
+#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
+#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
+#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
+#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
+#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
+#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
+#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 1115
+#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 1116
+#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
#define SSL_R_UNKNOWN_STATE 255
#define SSL_R_UNSUPPORTED_CIPHER 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 1118
-#define SSL_R_UNSUPPORTED_OPTION 1091
+#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
#define SSL_R_UNSUPPORTED_PROTOCOL 258
#define SSL_R_UNSUPPORTED_SSL_VERSION 259
#define SSL_R_WRITE_BIO_NOT_SET 260