First cut of renegotiation extension. (port to HEAD)
[openssl.git] / ssl / ssl.h
index 8e901b9..c4a5fc9 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -524,6 +524,7 @@ typedef struct ssl_session_st
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                        0x00000080L
 #define SSL_OP_TLS_D5_BUG                              0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                   0x00000200L
+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION       0x00000400L
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -1904,9 +1905,11 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_SETUP_WRITE_BUFFER                   291
 #define SSL_F_SSL3_WRITE_BYTES                          158
 #define SSL_F_SSL3_WRITE_PENDING                        159
+#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT       298
 #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                277
 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK        215
 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK       216
+#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT       299
 #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                278
 #define SSL_F_SSL_BAD_METHOD                            160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST                  161
@@ -1950,6 +1953,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_INIT_WBIO_BUFFER                      184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                   185
 #define SSL_F_SSL_NEW                                   186
+#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT     300
+#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT     301
 #define SSL_F_SSL_PEEK                                  270
 #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT            281
 #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT            282
@@ -2164,6 +2169,9 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_RECORD_LENGTH_MISMATCH                    213
 #define SSL_R_RECORD_TOO_LARGE                          214
 #define SSL_R_RECORD_TOO_SMALL                          298
+#define SSL_R_RENEGOTIATE_EXT_TOO_LONG                  335
+#define SSL_R_RENEGOTIATION_ENCODING_ERR                336
+#define SSL_R_RENEGOTIATION_MISMATCH                    337
 #define SSL_R_REQUIRED_CIPHER_MISSING                   215
 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                216
 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                  217