Metrowerks for Motorola tune-up.

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 424b195f5ce31ac30d0872b92e3390f6d74ca80f..96c5a93aecacb62968ee5160f528e7337a12d957 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -215,7 +215,8 @@ typedef struct ssl_method_st
  *     Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
  *     Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
  *     Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
- *     Compression [5] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
+ *     Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'
+ *     Compression [6] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
  *     }
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -249,6 +250,9 @@ typedef struct ssl_session_st
         * (the latter is not enough as sess_cert is not retained
         * in the external representation of sessions, see ssl_asn1.c). */
        X509 *peer;
+       /* when app_verify_callback accepts a session where the peer's certificate
+        * is not ok, we must remember the error for session reuse: */
+       long verify_result; /* only for servers */
 
        int references;
        long timeout;
@@ -358,7 +362,7 @@ struct ssl_ctx_st
        struct x509_store_st /* X509_STORE */ *cert_store;
        struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSION's */
        /* Most session-ids that will be cached, default is
-        * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */
+        * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
        unsigned long session_cache_size;
        struct ssl_session_st *session_cache_head;
        struct ssl_session_st *session_cache_tail;
@@ -425,6 +429,9 @@ struct ssl_ctx_st
 /**/   unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 /**/   int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
 
+       int purpose;            /* Purpose setting */
+       int trust;              /* Trust setting */
+
        /* Default password callback. */
 /**/   pem_password_cb *default_passwd_callback;
 
@@ -571,6 +578,9 @@ struct ssl_st
        int read_ahead;         /* Read as many input bytes as possible */
        int hit;                /* reusing a previous session */
 
+       int purpose;            /* Purpose setting */
+       int trust;              /* Trust setting */
+
        /* crypto */
        STACK_OF(SSL_CIPHER) *cipher_list;
        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
@@ -999,6 +1009,12 @@ int       SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
 SSL *  SSL_new(SSL_CTX *ctx);
 int    SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
                                   unsigned int sid_ctx_len);
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
+int SSL_set_purpose(SSL *s, int purpose);
+int SSL_CTX_set_trust(SSL_CTX *s, int trust);
+int SSL_set_trust(SSL *s, int trust);
+
 void   SSL_free(SSL *ssl);
 int    SSL_accept(SSL *ssl);
 int    SSL_connect(SSL *ssl);
@@ -1225,8 +1241,10 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_CREATE_CIPHER_LIST                    166
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
 #define SSL_F_SSL_CTX_NEW                               169
+#define SSL_F_SSL_CTX_SET_PURPOSE                       226
 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT            219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION                   170
+#define SSL_F_SSL_CTX_SET_TRUST                                 229
 #define SSL_F_SSL_CTX_USE_CERTIFICATE                   171
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1              172
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE        220
@@ -1254,9 +1272,11 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_F_SSL_SET_CERT                              191
 #define SSL_F_SSL_SET_FD                                192
 #define SSL_F_SSL_SET_PKEY                              193
+#define SSL_F_SSL_SET_PURPOSE                           227
 #define SSL_F_SSL_SET_RFD                               194
 #define SSL_F_SSL_SET_SESSION                           195
 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT                218
+#define SSL_F_SSL_SET_TRUST                             228
 #define SSL_F_SSL_SET_WFD                               196
 #define SSL_F_SSL_SHUTDOWN                              224
 #define SSL_F_SSL_UNDEFINED_FUNCTION                    197
@@ -1338,6 +1358,8 @@ int SSL_COMP_add_compression_method(int id,char *cm);
 #define SSL_R_HTTP_REQUEST                              156
 #define SSL_R_INTERNAL_ERROR                            157
 #define SSL_R_INVALID_CHALLENGE_LENGTH                  158
+#define SSL_R_INVALID_PURPOSE                           278
+#define SSL_R_INVALID_TRUST                             279
 #define SSL_R_LENGTH_MISMATCH                           159
 #define SSL_R_LENGTH_TOO_SHORT                          160
 #define SSL_R_LIBRARY_BUG                               274