/* 'DEFAULT' at the start of the cipher list insert the following string
* in addition to this being the default cipher string */
-#ifndef NO_RSA
#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH"
-#else
-#define SSL_ALLOW_ADH
-#define SSL_DEFAULT_CIPHER_LIST "ALL:ADH+3DES:ADH+RC4:ADH+DES:@STRENGTH"
-#endif
/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
#define SSL_SENT_SHUTDOWN 1
long (*get_timeout)(void);
struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
int (*ssl_version)();
+ long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)());
+ long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)());
} SSL_METHOD;
/* Lets make this into an ASN.1 type structure as follows
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
struct x509_store_st /* X509_STORE */ *cert_store;
- struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSION's */
+ struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
/* Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
unsigned long session_cache_size;
unsigned char *packet;
unsigned int packet_length;
- struct ssl2_ctx_st *s2; /* SSLv2 variables */
- struct ssl3_ctx_st *s3; /* SSLv3 variables */
+ struct ssl2_state_st *s2; /* SSLv2 variables */
+ struct ssl3_state_st *s3; /* SSLv3 variables */
int read_ahead; /* Read as many input bytes as possible
* (for non-blocking reads) */
STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
- /* These are the ones being used, the ones is SSL_SESSION are
+ /* These are the ones being used, the ones in SSL_SESSION are
* the ones to be 'copied' into these ones */
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
unsigned long mode; /* API behaviour */
int first_packet;
int client_version; /* what was passed, used for
- * SSLv3/TLS rolback check */
+ * SSLv3/TLS rollback check */
};
#include <openssl/ssl2.h>
#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
#include <openssl/ssl23.h>
-/* compatablity */
+/* compatibility */
#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
/* The following are the possible values for ssl->state are are
- * used to indicate where we are upto in the SSL connection establishment.
+ * used to indicate where we are up to in the SSL connection establishment.
* The macros that follow are about the only things you should need to use
* and even then, only when using non-blocking IO.
* It can also be useful to work out where you were when the connection
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
#define SSL_VERIFY_CLIENT_ONCE 0x04
+#define OpenSSL_add_ssl_algorithms() SSL_library_init()
#define SSLeay_add_ssl_algorithms() SSL_library_init()
-/* this is for backward compatablility */
+/* this is for backward compatibility */
#if 0 /* NEW_SSLEAY */
#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
#endif
-/* More backward compatablity */
+/* More backward compatibility */
#define SSL_get_cipher(s) \
SSL_CIPHER_get_name(SSL_get_current_cipher(s))
#define SSL_get_cipher_bits(s,np) \
#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICION TLS1_AD_EXPORT_RESTRICION/* fatal */
+#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
-#define SSL_AD_USER_CANCLED TLS1_AD_USER_CANCLED
+#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
#define SSL_ERROR_NONE 0
long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
int SSL_get_error(SSL *s,int ret_code);
-char * SSL_get_version(SSL *s);
+const char *SSL_get_version(SSL *s);
/* This sets the 'default' SSL version that SSL_new() will create */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath);
+#define SSL_get0_session SSL_get_session /* just peek at pointer */
SSL_SESSION *SSL_get_session(SSL *ssl);
+SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
void SSL_set_info_callback(SSL *ssl,void (*cb)());
void (*SSL_get_info_callback(SSL *ssl))();
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION 1060
+#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
-#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
+#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
#define SSL_R_UNKNOWN_STATE 255
#define SSL_R_UNSUPPORTED_CIPHER 256
#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
+#define SSL_R_UNSUPPORTED_OPTION 1091
#define SSL_R_UNSUPPORTED_PROTOCOL 258
#define SSL_R_UNSUPPORTED_SSL_VERSION 259
#define SSL_R_WRITE_BIO_NOT_SET 260