#ifndef HEADER_SSL_H
#define HEADER_SSL_H
-#ifdef __cplusplus
-extern "C" {
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+#else
+# define OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+# undef OPENSSL_ALGORITHM_DEFINES
#endif
+#ifndef NO_COMP
+#include <openssl/comp.h>
+#endif
+#ifndef NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef NO_X509
+#include <openssl/x509.h>
+#endif
+#ifndef NO_KRB5
+#include <openssl/kssl.h>
+#endif
#include <openssl/safestack.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* SSLeay version number for ASN.1 encoding of the session information */
/* Version 0 - initial version
* Version 1 - added the optional peer certificate
#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
+/* VRS Additional Kerberos5 entries
+ */
+#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
+#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
+#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
+#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
+#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
+
#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
#define SSL_MAX_SID_CTX_LENGTH 32
#define SSL_TXT_eNULL "eNULL"
#define SSL_TXT_NULL "NULL"
+#define SSL_TXT_kKRB5 "kKRB5"
+#define SSL_TXT_aKRB5 "aKRB5"
+#define SSL_TXT_KRB5 "KRB5"
+
#define SSL_TXT_kRSA "kRSA"
#define SSL_TXT_kDHr "kDHr"
#define SSL_TXT_kDHd "kDHd"
#define SSL_TXT_RC4 "RC4"
#define SSL_TXT_RC2 "RC2"
#define SSL_TXT_IDEA "IDEA"
+#define SSL_TXT_AES "AES"
#define SSL_TXT_MD5 "MD5"
#define SSL_TXT_SHA1 "SHA1"
#define SSL_TXT_SHA "SHA"
#define SSL_SENT_SHUTDOWN 1
#define SSL_RECEIVED_SHUTDOWN 2
+#ifdef __cplusplus
+}
+#endif
+
#include <openssl/crypto.h>
#include <openssl/lhash.h>
#include <openssl/buffer.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2)
#define NO_SSL2
#endif
* the misconception that non-blocking SSL_write() behaves like
* non-blocking write(): */
#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+/* Never bother the application with retries if the transport
+ * is blocking: */
+#define SSL_MODE_AUTO_RETRY 0x00000004L
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
* they cannot be used to clear bits. */
#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
typedef struct ssl_comp_st
-{
- int id;
- char *name;
-#ifdef HEADER_COMP_H
- COMP_METHOD *method;
+ {
+ int id;
+ char *name;
+#ifndef NO_COMP
+ COMP_METHOD *method;
#else
- char *method;
+ char *method;
#endif
-} SSL_COMP;
+ } SSL_COMP;
DECLARE_STACK_OF(SSL_COMP)
* SSL_SESSION_free() when it has finished using it. Otherwise,
* on 0, it means the callback has finished with it.
* If remove_session_cb is not null, it will be called when
- * a session-id is removed from the cache. Again, a return
- * of 0 mens that SSLeay should not SSL_SESSION_free() since
- * the application is doing something with it. */
+ * a session-id is removed from the cache. After the call,
+ * OpenSSL will SSL_SESSION_free() it. */
int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
* defined, this will still get called. */
#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
+ struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
#define SSL_CTX_sess_number(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
#define SSL_CTX_sess_connect(ctx) \
* same. This is so data can be read and written to different
* handlers */
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
BIO *rbio; /* used by SSL_read */
BIO *wbio; /* used by SSL_write */
- BIO *bbio; /* used during session-id reuse to concatinate
+ BIO *bbio; /* used during session-id reuse to concatenate
* messages */
#else
char *rbio; /* used by SSL_read */
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
const EVP_MD *read_hash; /* used for mac generation */
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
COMP_CTX *expand; /* uncompress */
#else
char *expand;
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
const EVP_MD *write_hash; /* used for mac generation */
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
COMP_CTX *compress; /* compression */
#else
char *compress;
int error; /* error bytes to be written */
int error_code; /* actual code */
+#ifndef NO_KRB5
+ KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
+#endif /* NO_KRB5 */
+
SSL_CTX *ctx;
/* set this flag to 1 and a sleep(1) is put into all SSL_read()
* and SSL_write() calls, good for nbio debuging :-) */
* SSLv3/TLS rollback check */
};
+#ifdef __cplusplus
+}
+#endif
+
#include <openssl/ssl2.h>
#include <openssl/ssl3.h>
#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
#include <openssl/ssl23.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* compatibility */
#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
#define SSL_ERROR_ZERO_RETURN 6
#define SSL_ERROR_WANT_CONNECT 7
+#define SSL_ERROR_WANT_ACCEPT 8
#define SSL_CTRL_NEED_TMP_RSA 1
#define SSL_CTRL_SET_TMP_RSA 2
#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_sub_to_stack
#endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
int SSL_set_rfd(SSL *s, int fd);
int SSL_set_wfd(SSL *s, int fd);
#endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
BIO * SSL_get_rbio(SSL *s);
BIO * SSL_get_wbio(SSL *s);
#ifndef NO_FP_API
int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
#endif
-#ifdef HEADER_BIO_H
+#ifndef NO_BIO
int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
#endif
void SSL_SESSION_free(SSL_SESSION *ses);
#define SSL_CTX_get_read_ahead(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
#define SSL_CTX_set_read_ahead(ctx,m) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
/* NB: the keylength is only applicable when is_export is true */
#ifndef NO_RSA
int keylength));
#endif
-#ifdef HEADER_COMP_H
+#ifndef NO_COMP
int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
#else
int SSL_COMP_add_compression_method(int id,char *cm);
#define SSL_F_SSL2_ACCEPT 122
#define SSL_F_SSL2_CONNECT 123
#define SSL_F_SSL2_ENC_INIT 124
+#define SSL_F_SSL2_PEEK 234
#define SSL_F_SSL2_READ 125
+#define SSL_F_SSL2_READ_INTERNAL 236
#define SSL_F_SSL2_SET_CERTIFICATE 126
#define SSL_F_SSL2_WRITE 127
#define SSL_F_SSL3_ACCEPT 128
+#define SSL_F_SSL3_CALLBACK_CTRL 233
#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
#define SSL_F_SSL3_CLIENT_HELLO 131
#define SSL_F_SSL3_GET_SERVER_DONE 145
#define SSL_F_SSL3_GET_SERVER_HELLO 146
#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
+#define SSL_F_SSL3_PEEK 235
#define SSL_F_SSL3_READ_BYTES 148
#define SSL_F_SSL3_READ_N 149
#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
#define SSL_R_DIGEST_CHECK_FAILED 149
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
+#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KRB5_C_CC_PRINC 1094
+#define SSL_R_KRB5_C_GET_CRED 1095
+#define SSL_R_KRB5_C_INIT 1096
+#define SSL_R_KRB5_C_MK_REQ 1097
+#define SSL_R_KRB5_S_BAD_TICKET 1098
+#define SSL_R_KRB5_S_INIT 1099
+#define SSL_R_KRB5_S_RD_REQ 1100
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
#define SSL_R_READ_WRONG_PACKET_TYPE 212
#define SSL_R_RECORD_LENGTH_MISMATCH 213
#define SSL_R_RECORD_TOO_LARGE 214
+#define SSL_R_RECORD_TOO_SMALL 1093
#define SSL_R_REQUIRED_CIPHER_MISSING 215
#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217