Option to disable SSL auto chain build

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index dca624091d3d82d82327335f284d54bc5421aeaf..97b313fd8762284144ee88433590ad9303a8657c 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -529,6 +529,8 @@ typedef struct ssl_session_st
 /* Never bother the application with retries if the transport
  * is blocking: */
 #define SSL_MODE_AUTO_RETRY 0x00000004L
+/* Don't attempt to automatically build certificate chain */
+#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
 
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
@@ -587,7 +589,7 @@ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
 typedef struct ssl_comp_st
        {
        int id;
-       char *name;
+       const char *name;
 #ifndef OPENSSL_NO_COMP
        COMP_METHOD *method;
 #else
@@ -726,10 +728,11 @@ struct ssl_ctx_st
 #define SSL_SESS_CACHE_SERVER                  0x0002
 #define SSL_SESS_CACHE_BOTH    (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
 #define SSL_SESS_CACHE_NO_AUTO_CLEAR           0x0080
-/* This one, when set, makes the server session-id lookup not look
- * in the cache.  If there is an application get_session callback
- * defined, this will still get called. */
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
 #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP      0x0100
+#define SSL_SESS_CACHE_NO_INTERNAL_STORE       0x0200
+#define SSL_SESS_CACHE_NO_INTERNAL \
+       (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
 
   struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
 #define SSL_CTX_sess_number(ctx) \
@@ -1240,14 +1243,12 @@ int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM t
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int    SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
                                            const char *file);
-#ifndef OPENSSL_SYS_WIN32
 #ifndef OPENSSL_SYS_VMS
 #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
 int    SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
                                           const char *dir);
 #endif
 #endif
-#endif
 
 #endif
 
@@ -1689,6 +1690,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_CIPHER_TABLE_SRC_ERROR                    139
 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG                140
 #define SSL_R_COMPRESSION_FAILURE                       141
+#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE   1120
 #define SSL_R_COMPRESSION_LIBRARY_ERROR                         142
 #define SSL_R_CONNECTION_ID_IS_DIFFERENT                143
 #define SSL_R_CONNECTION_TYPE_NOT_SET                   144
@@ -1728,6 +1730,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_LENGTH_TOO_SHORT                          160
 #define SSL_R_LIBRARY_BUG                               274
 #define SSL_R_LIBRARY_HAS_NO_CIPHERS                    161
+#define SSL_R_MASTER_KEY_TOO_LONG                       1112
 #define SSL_R_MESSAGE_TOO_LONG                          1111
 #define SSL_R_MISSING_DH_DSA_CERT                       162
 #define SSL_R_MISSING_DH_KEY                            163