X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl.h;h=2c3a9a34b70409146f5e0f6ae6a1038e3d71fe8a;hp=da777e99a5d4570a874314b38292f3fc1900f5e4;hb=ded18639d7f8ffacea10a24938cf091a0efbca40;hpb=ba168244a14bbd056e502d7daa04cae4aabe9d0d diff --git a/ssl/ssl.h b/ssl/ssl.h index da777e99a5..2c3a9a34b7 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -410,11 +410,11 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S */ typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg); + unsigned short *outlen, int *al, void *arg); typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, - void *arg); + void *arg); typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type, const unsigned char *in, @@ -422,7 +422,7 @@ typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type, void *arg); typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg); + unsigned short *outlen, int *al, void *arg); typedef struct { unsigned short ext_type; @@ -460,20 +460,20 @@ typedef struct { * fatal TLS alert, if the callback returns zero. */ typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); + const unsigned char *in, + unsigned short inlen, int *al, + void *arg); typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, void *arg); + const unsigned char **out, + unsigned short *outlen, int *al, void *arg); typedef struct { unsigned short supp_data_type; @@ -669,6 +669,9 @@ struct ssl_session_st #define SSL_OP_TLS_D5_BUG 0x00000100L #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L +/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 + /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) * the workaround is not needed. Unfortunately some broken SSL/TLS @@ -1942,6 +1945,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_CHAIN_CERTS 115 #define SSL_CTRL_SELECT_CURRENT_CERT 116 +#define SSL_CTRL_SET_CURRENT_CERT 117 + +#define SSL_CERT_SET_FIRST 1 +#define SSL_CERT_SET_NEXT 2 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1981,6 +1988,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) #define SSL_CTX_get_extra_chain_certs(ctx,px509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509) +#define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509) #define SSL_CTX_clear_extra_chain_certs(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL) @@ -2001,6 +2010,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTX_select_current_cert(ctx,x509) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) +#define SSL_CTX_set_current_cert(ctx, op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) + #define SSL_CTX_set0_verify_cert_store(ctx,st) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) #define SSL_CTX_set1_verify_cert_store(ctx,st) \ @@ -2026,6 +2038,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL) #define SSL_select_current_cert(ctx,x509) \ SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509) +#define SSL_set_current_cert(ctx,op) \ + SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL) #define SSL_set0_verify_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st) @@ -2492,6 +2506,7 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s); const COMP_METHOD *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const COMP_METHOD *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else const void *SSL_get_current_compression(SSL *s); @@ -2667,7 +2682,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL3_WRITE_BYTES 158 #define SSL_F_SSL3_WRITE_PENDING 159 #define SSL_F_SSL_ADD_CERT_CHAIN 316 -#define SSL_F_SSL_ADD_CERT_TO_BUF 317 +#define SSL_F_SSL_ADD_CERT_TO_BUF 319 #define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 #define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 @@ -2721,7 +2736,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_GET_PREV_SESSION 217 #define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 -#define SSL_F_SSL_GET_SERVER_SEND_PKEY 319 +#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 #define SSL_F_SSL_GET_SIGN_PKEY 183 #define SSL_F_SSL_INIT_WBIO_BUFFER 184 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185