int not_resumable;
/* The cert is the certificate used to establish this connection */
- struct cert_st /* CERT */ *cert;
+ struct cert_st /* CERT */ *sess_cert;
+ /* XXX should be struct sess_cert_st *sess_cert */
- /* This is the cert for the other end. On servers, it will be
- * the same as cert->x509 */
+ /* This is the cert for the other end.
+ * On clients, it will be the same as sess_cert->key->x509
+ * (the latter is not enough as sess_cert is not retained
+ * in the external representation of sessions, see ssl_asn1.c). */
X509 *peer;
int references;
* a session-id is removed from the cache. Again, a return
* of 0 mens that SSLeay should not SSL_SESSION_free() since
* the application is doing something with it. */
-#ifndef NOPROTO
int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
unsigned char *data,int len,int *copy);
-#else
- int (*new_session_cb)();
- void (*remove_session_cb)();
- SSL_SESSION *(*get_session_cb)();
-#endif
-
struct
{
int sess_connect; /* SSL new conn - started */
/**/ char *app_verify_arg;
/* default values to use in SSL structures */
-/**/ struct cert_st /* CERT */ *default_cert;
+/**/ struct cert_st /* CERT */ *cert;
/**/ int read_ahead;
/**/ int verify_mode;
+/**/ int verify_depth;
+/**/ unsigned int sid_ctx_length;
+/**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
/**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
/* Default password callback. */
/* Used in SSL2 and SSL3 */
int verify_mode; /* 0 don't care about verify failure.
* 1 fail if verify fails */
+ int verify_depth;
int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
void (*info_callback)(); /* optional informational callback */
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-#ifndef NOPROTO
#ifdef HEADER_BIO_H
BIO_METHOD *BIO_f_ssl(void);
int SSL_set_cipher_list(SSL *s, char *str);
void SSL_set_read_ahead(SSL *s, int yes);
int SSL_get_verify_mode(SSL *s);
+int SSL_get_verify_depth(SSL *s);
int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
void SSL_set_verify(SSL *s, int mode,
int (*callback)(int ok,X509_STORE_CTX *ctx));
+void SSL_set_verify_depth(SSL *s, int depth);
+#ifndef NO_RSA
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+#endif
int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
#ifndef NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
-int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);
-int SSL_use_certificate_file(SSL *ssl, char *file, int type);
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int SSL_add_file_cert_subjects_to_stack(STACK *stackCAs,
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *file);
-int SSL_add_dir_cert_subjects_to_stack(STACK *stackCAs,
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *dir);
#endif
STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
int (*callback)(int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
+#ifndef NO_RSA
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+#endif
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
int SSL_CTX_check_private_key(SSL_CTX *ctx);
int SSL_check_private_key(SSL *ctx);
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len);
+
SSL * SSL_new(SSL_CTX *ctx);
int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
unsigned int sid_ctx_len);
int SSL_get_shutdown(SSL *ssl);
int SSL_version(SSL *ssl);
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx,char *CAfile,char *CApath);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+ const char *CApath);
SSL_SESSION *SSL_get_session(SSL *ssl);
SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
void SSL_set_info_callback(SSL *ssl,void (*cb)());
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
/* NB: the keylength is only applicable when export is true */
+#ifndef NO_RSA
void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
RSA *(*cb)(SSL *ssl,int export,
int keylength));
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
- DH *(*dh)(SSL *ssl,int export,int keylength));
void SSL_set_tmp_rsa_callback(SSL *ssl,
RSA *(*cb)(SSL *ssl,int export,
int keylength));
+#endif
+#ifndef NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+ DH *(*dh)(SSL *ssl,int export,int keylength));
void SSL_set_tmp_dh_callback(SSL *ssl,
DH *(*dh)(SSL *ssl,int export,int keylength));
+#endif
#ifdef HEADER_COMP_H
int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
int SSL_COMP_add_compression_method(int id,char *cm);
#endif
-#else
-
-BIO_METHOD *BIO_f_ssl();
-BIO *BIO_new_ssl();
-BIO *BIO_new_ssl_connect();
-BIO *BIO_new_buffer_ssl_connect();
-int BIO_ssl_copy_session_id();
-void BIO_ssl_shutdown();
-
-long SSL_CTX_set_timeout();
-long SSL_CTX_get_timeout();
-X509_STORE *SSL_CTX_get_cert_store();
-void SSL_CTX_set_cert_store();
-int SSL_want();
-
-int SSL_CTX_set_cipher_list();
-SSL_CTX *SSL_CTX_new();
-void SSL_CTX_free();
-void SSL_clear();
-void SSL_CTX_flush_sessions();
-
-SSL_CIPHER *SSL_get_current_cipher();
-int SSL_CIPHER_get_bits();
-char * SSL_CIPHER_get_version();
-char * SSL_CIPHER_get_name();
-
-int SSL_get_fd();
-char * SSL_get_cipher_list();
-char * SSL_get_shared_ciphers();
-int SSL_get_read_ahead();
-int SSL_pending();
-#ifndef NO_SOCK
-int SSL_set_fd();
-int SSL_set_rfd();
-int SSL_set_wfd();
-#endif
-#ifdef HEADER_BIO_H
-void SSL_set_bio();
-BIO * SSL_get_rbio();
-BIO * SSL_get_wbio();
-#endif
-int SSL_set_cipher_list();
-void SSL_set_read_ahead();
-int SSL_get_verify_mode();
-
-void SSL_set_verify();
-int SSL_use_RSAPrivateKey();
-int SSL_use_RSAPrivateKey_ASN1();
-int SSL_use_PrivateKey();
-int SSL_use_PrivateKey_ASN1();
-int SSL_use_certificate();
-int SSL_use_certificate_ASN1();
-
-#ifndef NO_STDIO
-int SSL_use_RSAPrivateKey_file();
-int SSL_use_PrivateKey_file();
-int SSL_use_certificate_file();
-int SSL_CTX_use_RSAPrivateKey_file();
-int SSL_CTX_use_PrivateKey_file();
-int SSL_CTX_use_certificate_file();
-STACK * SSL_load_client_CA_file();
-int SSL_add_file_cert_subjects_to_stack();
-int SSL_add_dir_cert_subjects_to_stack();
-#endif
-
-void ERR_load_SSL_strings();
-void SSL_load_error_strings();
-char * SSL_state_string();
-char * SSL_rstate_string();
-char * SSL_state_string_long();
-char * SSL_rstate_string_long();
-long SSL_SESSION_get_time();
-long SSL_SESSION_set_time();
-long SSL_SESSION_get_timeout();
-long SSL_SESSION_set_timeout();
-void SSL_copy_session_id();
-
-SSL_SESSION *SSL_SESSION_new();
-unsigned long SSL_SESSION_hash();
-int SSL_SESSION_cmp();
-#ifndef NO_FP_API
-int SSL_SESSION_print_fp();
-#endif
-#ifdef HEADER_BIO_H
-int SSL_SESSION_print();
-#endif
-void SSL_SESSION_free();
-int i2d_SSL_SESSION();
-int SSL_set_session();
-int SSL_CTX_add_session();
-int SSL_CTX_remove_session();
-SSL_SESSION *d2i_SSL_SESSION();
-
-#ifdef HEADER_X509_H
-X509 * SSL_get_peer_certificate();
-#endif
-
-STACK * SSL_get_peer_cert_chain();
-
-int SSL_CTX_get_verify_mode();
-int (*SSL_CTX_get_verify_callback())();
-void SSL_CTX_set_verify();
-void SSL_CTX_set_cert_verify_cb();
-int SSL_CTX_use_RSAPrivateKey();
-int SSL_CTX_use_RSAPrivateKey_ASN1();
-int SSL_CTX_use_PrivateKey();
-int SSL_CTX_use_PrivateKey_ASN1();
-int SSL_CTX_use_certificate();
-int SSL_CTX_use_certificate_ASN1();
-
-void SSL_CTX_set_default_passwd_cb();
-
-int SSL_CTX_check_private_key();
-int SSL_check_private_key();
-
-SSL * SSL_new();
-int SSL_set_session_id_context();
-void SSL_clear();
-void SSL_free();
-int SSL_accept();
-int SSL_connect();
-int SSL_read();
-int SSL_peek();
-int SSL_write();
-long SSL_ctrl();
-long SSL_CTX_ctrl();
-
-int SSL_get_error();
-char * SSL_get_version();
-
-int SSL_CTX_set_ssl_version();
-
-SSL_METHOD *SSLv2_method();
-SSL_METHOD *SSLv2_server_method();
-SSL_METHOD *SSLv2_client_method();
-
-SSL_METHOD *SSLv3_method();
-SSL_METHOD *SSLv3_server_method();
-SSL_METHOD *SSLv3_client_method();
-
-SSL_METHOD *SSLv23_method();
-SSL_METHOD *SSLv23_server_method();
-SSL_METHOD *SSLv23_client_method();
-
-SSL_METHOD *TLSv1_method();
-SSL_METHOD *TLSv1_server_method();
-SSL_METHOD *TLSv1_client_method();
-
-STACK *SSL_get_ciphers();
-
-int SSL_do_handshake();
-int SSL_renegotiate();
-int SSL_shutdown();
-
-SSL_METHOD *SSL_get_ssl_method();
-int SSL_set_ssl_method();
-char *SSL_alert_type_string_long();
-char *SSL_alert_type_string();
-char *SSL_alert_desc_string_long();
-char *SSL_alert_desc_string();
-
-void SSL_set_client_CA_list();
-void SSL_CTX_set_client_CA_list();
-STACK *SSL_get_client_CA_list();
-STACK *SSL_CTX_get_client_CA_list();
-int SSL_add_client_CA();
-int SSL_CTX_add_client_CA();
-
-void SSL_set_connect_state();
-void SSL_set_accept_state();
-
-long SSL_get_default_timeout();
-
-int SSL_library_init();
-
-char *SSL_CIPHER_description();
-STACK *SSL_dup_CA_list();
-
-SSL *SSL_dup();
-
-X509 *SSL_get_certificate();
-/* EVP * */ struct evp_pkey_st *SSL_get_privatekey();
-
-#ifdef this_is_for_mk1mf_pl
-EVP *SSL_get_privatekey();
-#endif
-
-void SSL_CTX_set_quiet_shutdown();
-int SSL_CTX_get_quiet_shutdown();
-void SSL_set_quiet_shutdown();
-int SSL_get_quiet_shutdown();
-void SSL_set_shutdown();
-int SSL_get_shutdown();
-int SSL_version();
-int SSL_CTX_set_default_verify_paths();
-int SSL_CTX_load_verify_locations();
-SSL_SESSION *SSL_get_session();
-SSL_CTX *SSL_get_SSL_CTX();
-void SSL_set_info_callback();
-void (*SSL_get_info_callback())();
-int SSL_state();
-void SSL_set_verify_result();
-long SSL_get_verify_result();
-
-int SSL_set_ex_data();
-char *SSL_get_ex_data();
-int SSL_get_ex_new_index();
-
-int SSL_SESSION_set_ex_data();
-char *SSL_SESSION_get_ex_data();
-int SSL_SESSION_get_ex_new_index();
-
-int SSL_CTX_set_ex_data();
-char *SSL_CTX_get_ex_data();
-int SSL_CTX_get_ex_new_index();
-
-int SSL_get_ex_data_X509_STORE_CTX_idx();
-int SSL_COMP_add_compression_method();
-
-/* For the next 2, the callbacks are
- * RSA *tmp_rsa_cb(SSL *ssl,int export)
- * DH *tmp_dh_cb(SSL *ssl,int export)
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
*/
-void SSL_CTX_set_tmp_rsa_callback();
-void SSL_CTX_set_tmp_dh_callback();
-
-void SSL_set_tmp_rsa_callback();
-void SSL_set_tmp_dh_callback();
-
-/* #endif */
-#endif
-
-/* BEGIN ERROR CODES */
/* Error codes for the SSL functions. */
/* Function codes. */
#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
#define SSL_F_SSL_BAD_METHOD 160
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
+#define SSL_F_SSL_CERT_DUP 221
+#define SSL_F_SSL_CERT_INST 222
#define SSL_F_SSL_CERT_INSTANTIATE 214
#define SSL_F_SSL_CERT_NEW 162
#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
#define SSL_F_SSL_CREATE_CIPHER_LIST 166
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
#define SSL_F_SSL_CTX_NEW 169
+#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
+#define SSL_R_LIBRARY_BUG 274
#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
#define SSL_R_MISSING_DH_DSA_CERT 162
#define SSL_R_MISSING_DH_KEY 163
#define SSL_R_WRONG_VERSION_NUMBER 267
#define SSL_R_X509_LIB 268
#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
-
+
#ifdef __cplusplus
}
#endif