New functions SSL_get_finished, SSL_get_peer_finished.

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index d4dcf4f347dba280a29e1e65aa793951a05b3b72..636b8bc2a2a82caced6c1c284c27a11e7978b226 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -215,7 +215,8 @@ typedef struct ssl_method_st
  *     Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
  *     Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
  *     Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
- *     Compression [5] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
+ *     Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'
+ *     Compression [6] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
  *     }
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -249,6 +250,9 @@ typedef struct ssl_session_st
         * (the latter is not enough as sess_cert is not retained
         * in the external representation of sessions, see ssl_asn1.c). */
        X509 *peer;
+       /* when app_verify_callback accepts a session where the peer's certificate
+        * is not ok, we must remember the error for session reuse: */
+       long verify_result; /* only for servers */
 
        int references;
        long timeout;
@@ -291,6 +295,7 @@ typedef struct ssl_session_st
 #define SSL_OP_PKCS1_CHECK_1                           0x08000000L
 #define SSL_OP_PKCS1_CHECK_2                           0x10000000L
 #define SSL_OP_NETSCAPE_CA_DN_BUG                      0x20000000L
+/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
 #define SSL_OP_NON_EXPORT_FIRST                        0x40000000L
 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG         0x80000000L
 #define SSL_OP_ALL                                     0x000FFFFFL
@@ -357,7 +362,7 @@ struct ssl_ctx_st
        struct x509_store_st /* X509_STORE */ *cert_store;
        struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSION's */
        /* Most session-ids that will be cached, default is
-        * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */
+        * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
        unsigned long session_cache_size;
        struct ssl_session_st *session_cache_head;
        struct ssl_session_st *session_cache_tail;
@@ -413,7 +418,7 @@ struct ssl_ctx_st
 
        /* if defined, these override the X509_verify_cert() calls */
 /**/   int (*app_verify_callback)();
-/**/   char *app_verify_arg;
+/**/   char *app_verify_arg; /* never used; should be void * */
 
        /* default values to use in SSL structures */
 /**/   struct cert_st /* CERT */ *cert;
@@ -424,6 +429,9 @@ struct ssl_ctx_st
 /**/   unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 /**/   int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
 
+       int purpose;            /* Purpose setting */
+       int trust;              /* Trust setting */
+
        /* Default password callback. */
 /**/   pem_password_cb *default_passwd_callback;
 
@@ -570,6 +578,9 @@ struct ssl_st
        int read_ahead;         /* Read as many input bytes as possible */
        int hit;                /* reusing a previous session */
 
+       int purpose;            /* Purpose setting */
+       int trust;              /* Trust setting */
+
        /* crypto */
        STACK_OF(SSL_CIPHER) *cipher_list;
        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
@@ -693,6 +704,13 @@ struct ssl_st
 #define SSL_ST_READ_BODY                       0xF1
 #define SSL_ST_READ_DONE                       0xF2
 
+/* Obtain latest Finished message
+ *   -- that we sent (SSL_get_finished)
+ *   -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+size_t SSL_get_finished(SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
+
 /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
  * are 'ored' with SSL_VERIFY_PEER if they are desired */
 #define SSL_VERIFY_NONE                        0x00
@@ -965,6 +983,10 @@ X509 *     SSL_get_peer_certificate(SSL *s);
 
 STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
 
+#ifdef VMS
+#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
+#endif
+
 int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
 int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
 int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
@@ -994,6 +1016,12 @@ int       SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
 SSL *  SSL_new(SSL_CTX *ctx);
 int    SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
                                   unsigned int sid_ctx_len);
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
+int SSL_set_purpose(SSL *s, int purpose);
+int SSL_CTX_set_trust(SSL_CTX *s, int trust);
+int SSL_set_trust(SSL *s, int trust);
+
 void   SSL_free(SSL *ssl);
 int    SSL_accept(SSL *ssl);
 int    SSL_connect(SSL *ssl);
@@ -1220,8 +1248,10 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_CREATE_CIPHER_LIST                    166
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
 #define SSL_F_SSL_CTX_NEW                               169
+#define SSL_F_SSL_CTX_SET_PURPOSE                       226
 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT            219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION                   170
+#define SSL_F_SSL_CTX_SET_TRUST                                 229
 #define SSL_F_SSL_CTX_USE_CERTIFICATE                   171
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1              172
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE        220
@@ -1249,9 +1279,11 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_SET_CERT                              191
 #define SSL_F_SSL_SET_FD                                192
 #define SSL_F_SSL_SET_PKEY                              193
+#define SSL_F_SSL_SET_PURPOSE                           227
 #define SSL_F_SSL_SET_RFD                               194
 #define SSL_F_SSL_SET_SESSION                           195
 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT                218
+#define SSL_F_SSL_SET_TRUST                             228
 #define SSL_F_SSL_SET_WFD                               196
 #define SSL_F_SSL_SHUTDOWN                              224
 #define SSL_F_SSL_UNDEFINED_FUNCTION                    197
@@ -1333,6 +1365,8 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_HTTP_REQUEST                              156
 #define SSL_R_INTERNAL_ERROR                            157
 #define SSL_R_INVALID_CHALLENGE_LENGTH                  158
+#define SSL_R_INVALID_PURPOSE                           278
+#define SSL_R_INVALID_TRUST                             279
 #define SSL_R_LENGTH_MISMATCH                           159
 #define SSL_R_LENGTH_TOO_SHORT                          160
 #define SSL_R_LIBRARY_BUG                               274