#endif
/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
+/*-
+ * Version 0 - initial version
* Version 1 - added the optional peer certificate
*/
#define SSL_SESSION_ASN1_VERSION 0x0001
#define SSL_TXT_ALL "ALL"
-/*
+/*-
* COMPLEMENTOF* definitions. These identifiers are used to (de-select)
* ciphers normally not being used.
* Example: "RC4" will activate all ciphers using RC4 including ciphers
long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
};
-/* Lets make this into an ASN.1 type structure as follows
+/*-
+ * Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
* SSLversion INTEGER, -- SSL version number
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L
+/* Does nothing: retained for compatibiity */
+#define SSL_OP_EPHEMERAL_RSA 0x0
/* Set on servers to choose the cipher according to the server's
* preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
#define SSL_set_mtu(ssl, mtu) \
SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+#define DTLS_set_link_mtu(ssl, mtu) \
+ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+#define DTLS_get_link_min_mtu(ssl) \
+ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
#define SSL_get_secure_renegotiation_support(ssl) \
SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
/* Default values used when no per-SSL value is defined follow */
- void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
+ /* used if SSL's info_callback is NULL */
+ void (*info_callback)(const SSL *ssl,int type,int val);
/* what we put in client cert requests */
STACK_OF(X509_NAME) *client_CA;
int verify_mode;
unsigned int sid_ctx_length;
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
- int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
+ /* called 'verify_callback' in the SSL */
+ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
* (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
*/
int version;
- int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+ /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+ int type;
- const SSL_METHOD *method; /* SSLv3 */
+ /* SSLv3 */
+ const SSL_METHOD *method;
/* There are 2 BIO's even though they are normally both the
* same. This is so data can be read and written to different
* handlers */
#ifndef OPENSSL_NO_BIO
- BIO *rbio; /* used by SSL_read */
- BIO *wbio; /* used by SSL_write */
- BIO *bbio; /* used during session-id reuse to concatenate
- * messages */
+ /* used by SSL_read */
+ BIO *rbio;
+ /* used by SSL_write */
+ BIO *wbio;
+ /* used during session-id reuse to concatenate messages */
+ BIO *bbio;
#else
- char *rbio; /* used by SSL_read */
- char *wbio; /* used by SSL_write */
+ /* used by SSL_read */
+ char *rbio;
+ /* used by SSL_write */
+ char *wbio;
char *bbio;
#endif
/* This holds a variable that indicates what we were doing
* test instead of an "init" member.
*/
- int server; /* are we the server side? - mostly used by SSL_clear*/
+ /* are we the server side? - mostly used by SSL_clear*/
+ int server;
- int new_session;/* Generate a new session or reuse an old one.
- * NB: For servers, the 'new' session may actually be a previously
- * cached session or even the previous session unless
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
- int quiet_shutdown;/* don't send shutdown packets */
- int shutdown; /* we have shut things down, 0x01 sent, 0x02
- * for received */
- int state; /* where we are */
- int rstate; /* where we are when reading */
+ /*
+ * Generate a new session or reuse an old one.
+ * NB: For servers, the 'new' session may actually be a previously
+ * cached session or even the previous session unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+ */
+ int new_session;
+ /* don't send shutdown packets */
+ int quiet_shutdown;
+ /* we have shut things down, 0x01 sent, 0x02 for received */
+ int shutdown;
+ /* where we are */
+ int state;
+ /* where we are when reading */
+ int rstate;
BUF_MEM *init_buf; /* buffer used during init */
void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
GEN_SESSION_CB generate_session_id;
/* Used in SSL2 and SSL3 */
- int verify_mode; /* 0 don't care about verify failure.
- * 1 fail if verify fails */
- int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
+ /*
+ * 0 don't care about verify failure.
+ * 1 fail if verify fails
+ */
+ int verify_mode;
+ /* fail if callback returns 0 */
+ int (*verify_callback)(int ok,X509_STORE_CTX *ctx);
- void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
+ /* optional informational callback */
+ void (*info_callback)(const SSL *ssl,int type,int val);
- int error; /* error bytes to be written */
- int error_code; /* actual code */
+ /* error bytes to be written */
+ int error;
+ /* actual code */
+ int error_code;
#ifndef OPENSSL_NO_KRB5
- KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
+ /* Kerberos 5 context */
+ KSSL_CTX *kssl_ctx;
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_PSK
STACK_OF(X509_NAME) *client_CA;
int references;
- unsigned long options; /* protocol behaviour */
- unsigned long mode; /* API behaviour */
+ /* protocol behaviour */
+ unsigned long options;
+ /* API behaviour */
+ unsigned long mode;
long max_cert_list;
int first_packet;
- int client_version; /* what was passed, used for
- * SSLv3/TLS rollback check */
+ /* what was passed, used for SSLv3/TLS rollback check */
+ int client_version;
unsigned int max_send_fragment;
#ifndef OPENSSL_NO_TLSEXT
/* TLS extension debug callback */
void *arg);
void *tlsext_debug_arg;
char *tlsext_hostname;
- int servername_done; /* no further mod of servername
- 0 : call the servername extension callback.
- 1 : prepare 2, allow last ack just after in server callback.
- 2 : don't call servername callback, no ack in server hello
- */
+ /*-
+ * no further mod of servername
+ * 0 : call the servername extension callback.
+ * 1 : prepare 2, allow last ack just after in server callback.
+ * 2 : don't call servername callback, no ack in server hello
+ */
+ int servername_done;
/* certificate status request info */
/* Status type or -1 if no status type */
int tlsext_status_type;
int tlsext_ticket_expected;
#ifndef OPENSSL_NO_EC
size_t tlsext_ecpointformatlist_length;
- unsigned char *tlsext_ecpointformatlist; /* our list */
+ /* our list */
+ unsigned char *tlsext_ecpointformatlist;
size_t tlsext_ellipticcurvelist_length;
- unsigned char *tlsext_ellipticcurvelist; /* our list */
+ /* our list */
+ unsigned char *tlsext_ellipticcurvelist;
#endif /* OPENSSL_NO_EC */
/* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
#define session_ctx initial_ctx
- STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */
- SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */
+ /* What we'll do */
+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+ /* What's been chosen */
+ SRTP_PROTECTION_PROFILE *srtp_profile;
- unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated?
- 0: disabled
- 1: enabled
- 2: enabled, but not allowed to send Requests
- */
- unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
- unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
+ /*-
+ * Is use of the Heartbeat extension negotiated?
+ * 0: disabled
+ * 1: enabled
+ * 2: enabled, but not allowed to send Requests
+ */
+ unsigned int tlsext_heartbeat;
+ /* Indicates if a HeartbeatRequest is in flight */
+ unsigned int tlsext_hb_pending;
+ /* HeartbeatRequest sequence number */
+ unsigned int tlsext_hb_seq;
#else
#define session_ctx ctx
#endif /* OPENSSL_NO_TLSEXT */
- int renegotiate;/* 1 if we are renegotiating.
- * 2 if we are a server and are inside a handshake
- * (i.e. not just sending a HelloRequest) */
+ /*-
+ * 1 if we are renegotiating.
+ * 2 if we are a server and are inside a handshake
+ * (i.e. not just sending a HelloRequest)
+ */
+ int renegotiate;
#ifndef OPENSSL_NO_SRP
- SRP_CTX srp_ctx; /* ctx for SRP authentication */
+ /* ctx for SRP authentication */
+ SRP_CTX srp_ctx;
#endif
};
#define SSL_ST_READ_BODY 0xF1
#define SSL_ST_READ_DONE 0xF2
-/* Obtain latest Finished message
+/*-
+ * Obtain latest Finished message
* -- that we sent (SSL_get_finished)
* -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
#define SSL_CTRL_CHECK_PROTO_VERSION 119
+#define DTLS_CTRL_SET_LINK_MTU 120
+#define DTLS_CTRL_GET_LINK_MIN_MTU 121
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
+#endif
-const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */
const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */