Move CT viewer extension code to crypto/x509v3

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2eccca29e0c22a649bf02633a095409d19b152e0..2c3a9a34b70409146f5e0f6ae6a1038e3d71fe8a 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -244,12 +244,14 @@ extern "C" {
 #define SSL_TXT_kDHr           "kDHr" 
 #define SSL_TXT_kDHd           "kDHd"
 #define SSL_TXT_kDH            "kDH"
-#define SSL_TXT_kEDH           "kEDH"
+#define SSL_TXT_kEDH           "kEDH" /* alias for kDHE */
+#define SSL_TXT_kDHE           "kDHE"
 #define SSL_TXT_kKRB5          "kKRB5"
 #define SSL_TXT_kECDHr         "kECDHr"
 #define SSL_TXT_kECDHe         "kECDHe"
 #define SSL_TXT_kECDH          "kECDH"
-#define SSL_TXT_kEECDH         "kEECDH"
+#define SSL_TXT_kEECDH         "kEECDH" /* alias for kECDHE */
+#define SSL_TXT_kECDHE         "kECDHE"
 #define SSL_TXT_kPSK            "kPSK"
 #define SSL_TXT_kGOST          "kGOST"
 #define SSL_TXT_kSRP           "kSRP"
@@ -267,11 +269,13 @@ extern "C" {
 
 #define        SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH             "DH"
-#define SSL_TXT_EDH            "EDH" /* same as "kEDH:-ADH" */
+#define SSL_TXT_DHE            "DHE" /* same as "kDHE:-ADH" */
+#define SSL_TXT_EDH            "EDH" /* alias for DHE */
 #define SSL_TXT_ADH            "ADH"
 #define SSL_TXT_RSA            "RSA"
 #define SSL_TXT_ECDH           "ECDH"
-#define SSL_TXT_EECDH          "EECDH" /* same as "kEECDH:-AECDH" */
+#define SSL_TXT_EECDH          "EECDH" /* alias for ECDHE" */
+#define SSL_TXT_ECDHE          "ECDHE" /* same as "kECDHE:-AECDH" */
 #define SSL_TXT_AECDH          "AECDH"
 #define SSL_TXT_ECDSA          "ECDSA"
 #define SSL_TXT_KRB5           "KRB5"
@@ -406,11 +410,11 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S
  */
 typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
                                          const unsigned char **out,
-                                         unsigned short *outlen, void *arg);
+                                         unsigned short *outlen, int *al, void *arg);
 typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
                                           const unsigned char *in,
                                           unsigned short inlen, int *al,
-                                          void *arg); 
+                                          void *arg);
 
 typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
                                          const unsigned char *in,
@@ -418,7 +422,7 @@ typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
                                          void *arg);
 typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
                                           const unsigned char **out,
-                                          unsigned short *outlen, void *arg); 
+                                          unsigned short *outlen, int *al, void *arg);
 
 typedef struct {
        unsigned short ext_type;
@@ -456,20 +460,20 @@ typedef struct {
  *     fatal TLS alert, if the callback returns zero.
  */
 typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
-            const unsigned char **out,
-            unsigned short *outlen, void *arg);
+                                        const unsigned char **out,
+                                        unsigned short *outlen, int *al, void *arg);
 typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
-            const unsigned char *in,
-            unsigned short inlen, int *al,
-            void *arg);
+                                         const unsigned char *in,
+                                         unsigned short inlen, int *al,
+                                         void *arg);
 
 typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
-            const unsigned char *in,
-            unsigned short inlen, int *al,
-            void *arg);
+                                        const unsigned char *in,
+                                        unsigned short inlen, int *al,
+                                        void *arg);
 typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
-            const unsigned char **out,
-            unsigned short *outlen, void *arg);
+                                         const unsigned char **out,
+                                         unsigned short *outlen, int *al, void *arg);
 
 typedef struct {
        unsigned short supp_data_type;
@@ -665,6 +669,9 @@ struct ssl_session_st
 #define SSL_OP_TLS_D5_BUG                              0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                   0x00000200L
 
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING                  0x0
+
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
  * the workaround is not needed.  Unfortunately some broken SSL/TLS
@@ -1938,6 +1945,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #define SSL_CTRL_GET_CHAIN_CERTS               115
 #define SSL_CTRL_SELECT_CURRENT_CERT           116
+#define SSL_CTRL_SET_CURRENT_CERT              117
+
+#define SSL_CERT_SET_FIRST                     1
+#define SSL_CERT_SET_NEXT                      2
 
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1977,6 +1988,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
 #define SSL_CTX_get_extra_chain_certs(ctx,px509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+#define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
 #define SSL_CTX_clear_extra_chain_certs(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
 
@@ -1997,6 +2010,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTX_select_current_cert(ctx,x509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
 
+#define SSL_CTX_set_current_cert(ctx, op) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+
 #define SSL_CTX_set0_verify_cert_store(ctx,st) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
 #define SSL_CTX_set1_verify_cert_store(ctx,st) \
@@ -2022,6 +2038,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
        SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
 #define SSL_select_current_cert(ctx,x509) \
        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
+#define SSL_set_current_cert(ctx,op) \
+       SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
 
 #define SSL_set0_verify_cert_store(s,st) \
        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
@@ -2353,6 +2371,7 @@ int SSL_renegotiate_abbreviated(SSL *s);
 int SSL_renegotiate_pending(SSL *s);
 int SSL_shutdown(SSL *s);
 
+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
 const SSL_METHOD *SSL_get_ssl_method(SSL *s);
 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
 const char *SSL_alert_type_string_long(int value);
@@ -2487,6 +2506,7 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s);
 const COMP_METHOD *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths);
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
 const void *SSL_get_current_compression(SSL *s);
@@ -2662,7 +2682,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_WRITE_BYTES                          158
 #define SSL_F_SSL3_WRITE_PENDING                        159
 #define SSL_F_SSL_ADD_CERT_CHAIN                        316
-#define SSL_F_SSL_ADD_CERT_TO_BUF                       317
+#define SSL_F_SSL_ADD_CERT_TO_BUF                       319
 #define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT       298
 #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                277
 #define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT          307
@@ -2716,7 +2736,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_GET_PREV_SESSION                      217
 #define SSL_F_SSL_GET_SERVER_CERT_INDEX                         322
 #define SSL_F_SSL_GET_SERVER_SEND_CERT                  182
-#define SSL_F_SSL_GET_SERVER_SEND_PKEY                  319
+#define SSL_F_SSL_GET_SERVER_SEND_PKEY                  317
 #define SSL_F_SSL_GET_SIGN_PKEY                                 183
 #define SSL_F_SSL_INIT_WBIO_BUFFER                      184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                   185