#ifndef OPENSSL_NO_TLSEXT
/* Callbacks and structures for handling custom TLS Extensions:
- * cli_ext_first_cb - sends data for ClientHello TLS Extension
- * cli_ext_second_cb - receives data from ServerHello TLS Extension
- * srv_ext_first_cb - receives data from ClientHello TLS Extension
- * srv_ext_second_cb - sends data for ServerHello TLS Extension
+ * cli_ext_add_cb - sends data for ClientHello TLS Extension
+ * cli_ext_parse_cb - receives data from ServerHello TLS Extension
+ * srv_ext_parse_cb - receives data from ClientHello TLS Extension
+ * srv_ext_add_cb - sends data for ServerHello TLS Extension
*
* All these functions return nonzero on success. Zero will terminate
* the handshake (and return a specific TLS Fatal alert, if the function
* "al" is a TLS "AlertDescription" from 0-255 which WILL be sent as a
* fatal TLS alert, if the callback returns zero.
*/
-typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
+
+typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, int *al, void *arg);
-typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t *outlen, int *al,
void *arg);
-typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
- void *arg);
-typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
- const unsigned char **out,
- unsigned short *outlen, int *al, void *arg);
-
-typedef struct {
- unsigned short ext_type;
- custom_cli_ext_first_cb_fn fn1;
- custom_cli_ext_second_cb_fn fn2;
- void *arg;
-} custom_cli_ext_record;
-
-typedef struct {
- unsigned short ext_type;
- custom_srv_ext_first_cb_fn fn1;
- custom_srv_ext_second_cb_fn fn2;
- void *arg;
-} custom_srv_ext_record;
+typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+ const unsigned char *in,
+ size_t inlen, int *al,
+ void *arg);
#endif
size_t tlsext_ellipticcurvelist_length;
unsigned char *tlsext_ellipticcurvelist;
# endif /* OPENSSL_NO_EC */
- /* Arrays containing the callbacks for custom TLS Extensions. */
- custom_cli_ext_record *custom_cli_ext_records;
- size_t custom_cli_ext_records_count;
- custom_srv_ext_record *custom_srv_ext_records;
- size_t custom_srv_ext_records_count;
};
#endif
*
* Returns nonzero on success. You cannot register twice for the same
* extension number, and registering for an extension number already
- * handled by OpenSSL will succeed, but the callbacks will not be invoked.
+ * handled by OpenSSL will fail.
*
* NULL can be registered for any callback function. For the client
- * functions, a NULL custom_cli_ext_first_cb_fn sends an empty ClientHello
- * Extension, and a NULL custom_cli_ext_second_cb_fn ignores the ServerHello
+ * functions, a NULL custom_ext_add_cb sends an empty ClientHello
+ * Extension, and a NULL custom_ext_parse_cb ignores the ServerHello
* response (if any).
*
- * For the server functions, a NULL custom_srv_ext_first_cb_fn means the
+ * For the server functions, a NULL custom_ext_parse means the
* ClientHello extension's data will be ignored, but the extension will still
- * be noted and custom_srv_ext_second_cb_fn will still be invoked. A NULL
+ * be noted and custom_ext_add_cb will still be invoked. A NULL
* custom_srv_ext_second_cb doesn't send a ServerHello extension.
*/
-int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned short ext_type,
- custom_cli_ext_first_cb_fn fn1,
- custom_cli_ext_second_cb_fn fn2, void *arg);
+int SSL_CTX_set_custom_cli_ext(SSL_CTX *ctx, unsigned int ext_type,
+ custom_ext_add_cb add_cb,
+ custom_ext_parse_cb parse_cb, void *arg);
-int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type,
- custom_srv_ext_first_cb_fn fn1,
- custom_srv_ext_second_cb_fn fn2, void *arg);
+int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned int ext_type,
+ custom_ext_parse_cb parse_cb,
+ custom_ext_add_cb add_cb, void *arg);
#endif
#ifndef OPENSSL_NO_RSA
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
#endif
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
int SSL_use_certificate(SSL *ssl, X509 *x);
#define SSL_R_BAD_SRP_B_LENGTH 348
#define SSL_R_BAD_SRP_G_LENGTH 349
#define SSL_R_BAD_SRP_N_LENGTH 350
+#define SSL_R_BAD_SRP_PARAMETERS 371
#define SSL_R_BAD_SRP_S_LENGTH 351
#define SSL_R_BAD_SRTP_MKI_VALUE 352
#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353
#define SSL_R_ILLEGAL_PADDING 283
#define SSL_R_ILLEGAL_SUITEB_DIGEST 380
#define SSL_R_INCONSISTENT_COMPRESSION 340
-#define SSL_R_INVALID_AUDIT_PROOF 371
#define SSL_R_INVALID_CHALLENGE_LENGTH 158
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
-#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 393
#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313