Return previous compression methods when setting them.

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 4e405943b18753f31f51a79f44e2b3516859a154..13e7b7218f299dc9743b0c325270da78ad1559f0 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -244,12 +244,14 @@ extern "C" {
 #define SSL_TXT_kDHr           "kDHr" 
 #define SSL_TXT_kDHd           "kDHd"
 #define SSL_TXT_kDH            "kDH"
-#define SSL_TXT_kEDH           "kEDH"
+#define SSL_TXT_kEDH           "kEDH" /* alias for kDHE */
+#define SSL_TXT_kDHE           "kDHE"
 #define SSL_TXT_kKRB5          "kKRB5"
 #define SSL_TXT_kECDHr         "kECDHr"
 #define SSL_TXT_kECDHe         "kECDHe"
 #define SSL_TXT_kECDH          "kECDH"
-#define SSL_TXT_kEECDH         "kEECDH"
+#define SSL_TXT_kEECDH         "kEECDH" /* alias for kECDHE */
+#define SSL_TXT_kECDHE         "kECDHE"
 #define SSL_TXT_kPSK            "kPSK"
 #define SSL_TXT_kGOST          "kGOST"
 #define SSL_TXT_kSRP           "kSRP"
@@ -267,11 +269,13 @@ extern "C" {
 
 #define        SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH             "DH"
-#define SSL_TXT_EDH            "EDH" /* same as "kEDH:-ADH" */
+#define SSL_TXT_DHE            "DHE" /* same as "kDHE:-ADH" */
+#define SSL_TXT_EDH            "EDH" /* alias for DHE */
 #define SSL_TXT_ADH            "ADH"
 #define SSL_TXT_RSA            "RSA"
 #define SSL_TXT_ECDH           "ECDH"
-#define SSL_TXT_EECDH          "EECDH" /* same as "kEECDH:-AECDH" */
+#define SSL_TXT_EECDH          "EECDH" /* alias for ECDHE" */
+#define SSL_TXT_ECDHE          "ECDHE" /* same as "kECDHE:-AECDH" */
 #define SSL_TXT_AECDH          "AECDH"
 #define SSL_TXT_ECDSA          "ECDSA"
 #define SSL_TXT_KRB5           "KRB5"
@@ -406,11 +410,11 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, S
  */
 typedef int (*custom_cli_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
                                          const unsigned char **out,
-                                         unsigned short *outlen, void *arg);
+                                         unsigned short *outlen, int *al, void *arg);
 typedef int (*custom_cli_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
                                           const unsigned char *in,
                                           unsigned short inlen, int *al,
-                                          void *arg); 
+                                          void *arg);
 
 typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
                                          const unsigned char *in,
@@ -418,7 +422,7 @@ typedef int (*custom_srv_ext_first_cb_fn)(SSL *s, unsigned short ext_type,
                                          void *arg);
 typedef int (*custom_srv_ext_second_cb_fn)(SSL *s, unsigned short ext_type,
                                           const unsigned char **out,
-                                          unsigned short *outlen, void *arg); 
+                                          unsigned short *outlen, int *al, void *arg);
 
 typedef struct {
        unsigned short ext_type;
@@ -456,20 +460,20 @@ typedef struct {
  *     fatal TLS alert, if the callback returns zero.
  */
 typedef int (*srv_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
-            const unsigned char **out,
-            unsigned short *outlen, void *arg);
+                                        const unsigned char **out,
+                                        unsigned short *outlen, int *al, void *arg);
 typedef int (*srv_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
-            const unsigned char *in,
-            unsigned short inlen, int *al,
-            void *arg);
+                                         const unsigned char *in,
+                                         unsigned short inlen, int *al,
+                                         void *arg);
 
 typedef int (*cli_supp_data_first_cb_fn)(SSL *s, unsigned short supp_data_type,
-            const unsigned char *in,
-            unsigned short inlen, int *al,
-            void *arg);
+                                        const unsigned char *in,
+                                        unsigned short inlen, int *al,
+                                        void *arg);
 typedef int (*cli_supp_data_second_cb_fn)(SSL *s, unsigned short supp_data_type,
-            const unsigned char **out,
-            unsigned short *outlen, void *arg);
+                                         const unsigned char **out,
+                                         unsigned short *outlen, int *al, void *arg);
 
 typedef struct {
        unsigned short supp_data_type;
@@ -1278,9 +1282,11 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
                                    unsigned *len);
 #endif
 
+#ifndef OPENSSL_NO_TLSEXT
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
                          const unsigned char *in, unsigned int inlen,
                          const unsigned char *client, unsigned int client_len);
+#endif
 
 #define OPENSSL_NPN_UNSUPPORTED        0
 #define OPENSSL_NPN_NEGOTIATED 1
@@ -1936,6 +1942,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #define SSL_CTRL_GET_CHAIN_CERTS               115
 #define SSL_CTRL_SELECT_CURRENT_CERT           116
+#define SSL_CTRL_SET_CURRENT_CERT              117
+
+#define SSL_CERT_SET_FIRST                     1
+#define SSL_CERT_SET_NEXT                      2
 
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1975,6 +1985,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
 #define SSL_CTX_get_extra_chain_certs(ctx,px509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+#define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
 #define SSL_CTX_clear_extra_chain_certs(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
 
@@ -1995,6 +2007,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTX_select_current_cert(ctx,x509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
 
+#define SSL_CTX_set_current_cert(ctx, op) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+
 #define SSL_CTX_set0_verify_cert_store(ctx,st) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
 #define SSL_CTX_set1_verify_cert_store(ctx,st) \
@@ -2020,6 +2035,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
        SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
 #define SSL_select_current_cert(ctx,x509) \
        SSL_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)x509)
+#define SSL_set_current_cert(ctx,op) \
+       SSL_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
 
 #define SSL_set0_verify_cert_store(s,st) \
        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)st)
@@ -2259,6 +2276,9 @@ int SSL_set_trust(SSL *s, int trust);
 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
 
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
+
 #ifndef OPENSSL_NO_SRP
 int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
 int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
@@ -2348,6 +2368,7 @@ int SSL_renegotiate_abbreviated(SSL *s);
 int SSL_renegotiate_pending(SSL *s);
 int SSL_shutdown(SSL *s);
 
+const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);
 const SSL_METHOD *SSL_get_ssl_method(SSL *s);
 int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
 const char *SSL_alert_type_string_long(int value);
@@ -2375,7 +2396,10 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 SSL *SSL_dup(SSL *ssl);
 
 X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
+
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
 
 void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
 int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
@@ -2479,6 +2503,7 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s);
 const COMP_METHOD *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths);
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
 const void *SSL_get_current_compression(SSL *s);