X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl.h;h=c434b86a54e204c72fde6c7e2f62e9699da4ab7a;hp=303e28c167e4db37df7130b975c5004f4a93b580;hb=b948ee27b0206a392bfd7340779b29ed9375e197;hpb=b263f2124607c42a1013b6b342341196b2bdec8d diff --git a/ssl/ssl.h b/ssl/ssl.h index 303e28c167..c434b86a54 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -266,6 +266,7 @@ extern "C" { #define SSL_TXT_aGOST94 "aGOST94" #define SSL_TXT_aGOST01 "aGOST01" #define SSL_TXT_aGOST "aGOST" +#define SSL_TXT_aSRP "aSRP" #define SSL_TXT_DSS "DSS" #define SSL_TXT_DH "DH" @@ -438,57 +439,6 @@ typedef struct { void *arg; } custom_srv_ext_record; -/* Callbacks and structures for handling Supplemental Data: - * srv_supp_data_first_cb_fn - server sends Supplemental Data - * srv_supp_data_second_cb_fn - server receives Supplemental Data - * cli_supp_data_first_cb_fn - client receives Supplemental Data - * cli_supp_data_second_cb_fn - client sends Supplemental Data - * - * All these functions return nonzero on success. Zero will terminate - * the handshake (and return a specific TLS Fatal alert, if the function - * declaration has an "al" parameter). -1 for the "sending" functions - * will result in no supplemental data entry being added to the - * supplemental data message for the provided supplemental data type. - * - * "supp_data_type" is a Supplemental Data Type from 0-65535. - * "in" is a pointer to TLS "supplemental_data_entry" being provided to the cb. - * "out" is used by the callback to return a pointer to "supplemental data" - * which OpenSSL will later copy into the TLS handshake. The contents - * of this buffer should not be changed until the handshake is complete. - * "inlen" and "outlen" are Supplemental Data lengths from 0-65535. - * "al" is a TLS "AlertDescription" from 0-255 which WILL be sent as a - * fatal TLS alert, if the callback returns zero. - */ -typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); -typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); - -typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg); -typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, int *al, void *arg); - -typedef struct { - unsigned short supp_data_type; - srv_supp_data_first_cb_fn fn1; - srv_supp_data_second_cb_fn fn2; - void *arg; -} srv_supp_data_record; - -typedef struct { - unsigned short supp_data_type; - cli_supp_data_first_cb_fn fn1; - cli_supp_data_second_cb_fn fn2; - void *arg; -} cli_supp_data_record; - #endif #ifndef OPENSSL_NO_SSL_INTERN @@ -544,7 +494,7 @@ struct ssl_method_st const SSL_CIPHER *(*get_cipher)(unsigned ncipher); const struct ssl_method_st *(*get_ssl_method)(int version); long (*get_timeout)(void); - struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ + const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ int (*ssl_version)(void); long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); @@ -662,13 +612,18 @@ struct ssl_session_st /* Allow initial connection to servers that don't support RI */ #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L -#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L +#define SSL_OP_TLSEXT_PADDING 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L #define SSL_OP_TLS_D5_BUG 0x00000100L #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L +/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 + /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) * the workaround is not needed. Unfortunately some broken SSL/TLS @@ -781,9 +736,15 @@ struct ssl_session_st /* Flags for building certificate chains */ /* Treat any existing certificates as untrusted CAs */ -#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 +#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1 /* Don't include root CA in chain */ -#define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +#define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2 +/* Just check certificates already there */ +#define SSL_BUILD_CHAIN_FLAG_CHECK 0x4 +/* Ignore verification errors */ +#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8 +/* Clear verification errors from queue */ +#define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR 0x10 /* Flags returned by SSL_check_chain */ /* Certificate can be used with this session */ @@ -1092,7 +1053,7 @@ struct ssl_ctx_st */ unsigned int max_send_fragment; -#ifndef OPENSSL_ENGINE +#ifndef OPENSSL_NO_ENGINE /* Engine to pass requests for client certs to */ ENGINE *client_cert_engine; @@ -1204,12 +1165,6 @@ struct ssl_ctx_st size_t custom_cli_ext_records_count; custom_srv_ext_record *custom_srv_ext_records; size_t custom_srv_ext_records_count; - - /* Arrays containing the callbacks for Supplemental Data. */ - cli_supp_data_record *cli_supp_data_records; - size_t cli_supp_data_records_count; - srv_supp_data_record *srv_supp_data_records; - size_t srv_supp_data_records_count; }; #endif @@ -1357,30 +1312,6 @@ int SSL_CTX_set_custom_srv_ext(SSL_CTX *ctx, unsigned short ext_type, custom_srv_ext_first_cb_fn fn1, custom_srv_ext_second_cb_fn fn2, void *arg); -/* Register callbacks to handle Supplemental Data as client or server. - * - * For SSL_CTX_set_srv_supp_data, a NULL srv_supp_data_first_cb_fn results in no supplemental data - * being sent by the server for that TLS extension. - * A NULL srv_supp_data_second_cb_fn results in no supplemental data - * being received by the server for that TLS extension. - * - * For SSL_CTX_set_cli_supp_data, a NULL cli_supp_data_first_cb_fn results in no supplemental data - * being received by the client for that TLS extension. - * A NULL cli_supp_data_second_cb_fn results in no supplemental data - * being sent by the client for that TLS extension. - * - * Returns nonzero on success. You cannot register twice for the same supp_data_type. - */ -int SSL_CTX_set_srv_supp_data(SSL_CTX *ctx, - unsigned short supp_data_type, - srv_supp_data_first_cb_fn fn1, - srv_supp_data_second_cb_fn fn2, void *arg); - -int SSL_CTX_set_cli_supp_data(SSL_CTX *ctx, - unsigned short supp_data_type, - cli_supp_data_first_cb_fn fn1, - cli_supp_data_second_cb_fn fn2, void *arg); - #endif #define SSL_NOTHING 1 @@ -1946,6 +1877,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CERT_SET_FIRST 1 #define SSL_CERT_SET_NEXT 2 +#define SSL_CERT_SET_SERVER 3 + +#define SSL_CTRL_SET_DH_AUTO 118 #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) @@ -1972,6 +1906,11 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +#define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +#define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) + #define SSL_need_tmp_RSA(ssl) \ SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) #define SSL_set_tmp_rsa(ssl,rsa) \ @@ -2218,6 +2157,7 @@ int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); #endif #ifndef OPENSSL_NO_BIO int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); +int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); #endif void SSL_SESSION_free(SSL_SESSION *ses); int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); @@ -2361,6 +2301,7 @@ const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); int SSL_do_handshake(SSL *s); int SSL_renegotiate(SSL *s); @@ -2504,6 +2445,7 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s); const char *SSL_COMP_get_name(const COMP_METHOD *comp); STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); +void SSL_COMP_free_compression_methods(void); int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); #else const void *SSL_get_current_compression(SSL *s); @@ -2554,8 +2496,79 @@ void SSL_trace(int write_p, int version, int content_type, const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); #endif -/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */ -int X509V3_EXT_add_rfc6962(void); +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +#define SSL_SECOP_OTHER_TYPE 0xffff0000 +#define SSL_SECOP_OTHER_NONE 0 +#define SSL_SECOP_OTHER_CIPHER (1 << 16) +#define SSL_SECOP_OTHER_CURVE (2 << 16) +#define SSL_SECOP_OTHER_DH (3 << 16) +#define SSL_SECOP_OTHER_PKEY (4 << 16) +#define SSL_SECOP_OTHER_SIGALG (5 << 16) +#define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +#define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +#define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +#define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +#define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +#define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +#define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +#define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +#define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_DH) +/* Whether to use SSLv2 compatible client hello */ +#define SSL_SECOP_SSL2_COMPAT (8 | SSL_SECOP_OTHER_NONE) +/* SSL/TLS version */ +#define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +#define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +#define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +#define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +#define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +#define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +#define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +#define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +#define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +#define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +#define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +#define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +#define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *s, int level); +int SSL_get_security_level(const SSL *s); +void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)); +int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex); +void SSL_set0_security_ex_data(SSL *s, void *ex); +void *SSL_get0_security_ex_data(const SSL *s); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +int SSL_CTX_get_security_level(const SSL_CTX *ctx); +void SSL_CTX_set_security_callback(SSL_CTX *ctx, int (*cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex)); +int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex); +void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -2566,8 +2579,6 @@ void ERR_load_SSL_strings(void); /* Error codes for the SSL functions. */ /* Function codes. */ -#define SSL_F_AUTHZ_FIND_DATA 330 -#define SSL_F_AUTHZ_VALIDATE 323 #define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 #define SSL_F_CLIENT_CERTIFICATE 100 #define SSL_F_CLIENT_FINISHED 167 @@ -2611,7 +2622,6 @@ void ERR_load_SSL_strings(void); #define SSL_F_GET_SERVER_HELLO 109 #define SSL_F_GET_SERVER_VERIFY 110 #define SSL_F_I2D_SSL_SESSION 111 -#define SSL_F_READ_AUTHZ 329 #define SSL_F_READ_N 112 #define SSL_F_REQUEST_CERTIFICATE 113 #define SSL_F_SERVER_FINISH 239 @@ -2694,10 +2704,12 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_BAD_METHOD 160 #define SSL_F_SSL_BUILD_CERT_CHAIN 332 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +#define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 339 #define SSL_F_SSL_CERT_DUP 221 #define SSL_F_SSL_CERT_INST 222 #define SSL_F_SSL_CERT_INSTANTIATE 214 #define SSL_F_SSL_CERT_NEW 162 +#define SSL_F_SSL_CERT_SET0_CHAIN 340 #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 #define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 #define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 @@ -2717,7 +2729,6 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 #define SSL_F_SSL_CTX_SET_TRUST 229 -#define SSL_F_SSL_CTX_USE_AUTHZ 324 #define SSL_F_SSL_CTX_USE_CERTIFICATE 171 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 @@ -2759,7 +2770,6 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_SESSION_PRINT_FP 190 #define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 #define SSL_F_SSL_SESS_CERT_NEW 225 -#define SSL_F_SSL_SET_AUTHZ 325 #define SSL_F_SSL_SET_CERT 191 #define SSL_F_SSL_SET_CIPHER_LIST 271 #define SSL_F_SSL_SET_FD 192 @@ -2776,7 +2786,6 @@ void ERR_load_SSL_strings(void); #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 #define SSL_F_SSL_UNDEFINED_FUNCTION 197 #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 -#define SSL_F_SSL_USE_AUTHZ 328 #define SSL_F_SSL_USE_CERTIFICATE 198 #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 @@ -2795,21 +2804,16 @@ void ERR_load_SSL_strings(void); #define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 #define SSL_F_TLS1_ENC 210 #define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 -#define SSL_F_TLS1_GET_CLIENT_SUPPLEMENTAL_DATA 335 -#define SSL_F_TLS1_GET_SERVER_SUPPLEMENTAL_DATA 326 #define SSL_F_TLS1_HEARTBEAT 315 #define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 #define SSL_F_TLS1_PRF 284 -#define SSL_F_TLS1_SEND_CLIENT_SUPPLEMENTAL_DATA 338 -#define SSL_F_TLS1_SEND_SERVER_SUPPLEMENTAL_DATA 327 #define SSL_F_TLS1_SETUP_KEY_BLOCK 211 #define SSL_F_WRITE_PENDING 212 /* Reason codes. */ #define SSL_R_APP_DATA_IN_HANDSHAKE 100 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 -#define SSL_R_AUTHZ_DATA_TOO_LARGE 375 #define SSL_R_BAD_ALERT_RECORD 101 #define SSL_R_BAD_AUTHENTICATION_TYPE 102 #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 @@ -2858,6 +2862,8 @@ void ERR_load_SSL_strings(void); #define SSL_R_BN_LIB 130 #define SSL_R_CA_DN_LENGTH_MISMATCH 131 #define SSL_R_CA_DN_TOO_LONG 132 +#define SSL_R_CA_KEY_TOO_SMALL 397 +#define SSL_R_CA_MD_TOO_WEAK 398 #define SSL_R_CCS_RECEIVED_EARLY 133 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 #define SSL_R_CERT_CB_ERROR 377 @@ -2879,6 +2885,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_DATA_LENGTH_TOO_LONG 146 #define SSL_R_DECRYPTION_FAILED 147 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +#define SSL_R_DH_KEY_TOO_SMALL 394 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 #define SSL_R_DIGEST_CHECK_FAILED 149 #define SSL_R_DTLS_MESSAGE_TOO_BIG 334 @@ -2888,6 +2895,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +#define SSL_R_EE_KEY_TOO_SMALL 399 #define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 @@ -2903,7 +2911,6 @@ void ERR_load_SSL_strings(void); #define SSL_R_ILLEGAL_SUITEB_DIGEST 380 #define SSL_R_INCONSISTENT_COMPRESSION 340 #define SSL_R_INVALID_AUDIT_PROOF 371 -#define SSL_R_INVALID_AUTHZ_DATA 374 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 #define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 @@ -2915,6 +2922,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 #define SSL_R_INVALID_TRUST 279 #define SSL_R_KEY_ARG_TOO_LONG 284 +#define SSL_R_KEY_TOO_SMALL 395 #define SSL_R_KRB5 285 #define SSL_R_KRB5_C_CC_PRINC 286 #define SSL_R_KRB5_C_GET_CRED 287 @@ -3094,7 +3102,6 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNEXPECTED_RECORD 245 #define SSL_R_UNINITIALIZED 276 #define SSL_R_UNKNOWN_ALERT_TYPE 246 -#define SSL_R_UNKNOWN_AUTHZ_DATA_TYPE 372 #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 #define SSL_R_UNKNOWN_CIPHER_RETURNED 248 #define SSL_R_UNKNOWN_CIPHER_TYPE 249 @@ -3106,7 +3113,6 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 #define SSL_R_UNKNOWN_SSL_VERSION 254 #define SSL_R_UNKNOWN_STATE 255 -#define SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE 373 #define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 #define SSL_R_UNSUPPORTED_CIPHER 256 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 @@ -3116,6 +3122,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_UNSUPPORTED_SSL_VERSION 259 #define SSL_R_UNSUPPORTED_STATUS_TYPE 329 #define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +#define SSL_R_VERSION_TOO_LOW 396 #define SSL_R_WRITE_BIO_NOT_SET 260 #define SSL_R_WRONG_CERTIFICATE_TYPE 383 #define SSL_R_WRONG_CIPHER_RETURNED 261