Retry callback only after ClientHello received.

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2c3a9a34b70409146f5e0f6ae6a1038e3d71fe8a..c6cd6a9ca516393ac866a80317025721a19e8e06 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -784,9 +784,13 @@ struct ssl_session_st
 
 /* Flags for building certificate chains */
 /* Treat any existing certificates as untrusted CAs */
-#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1
+#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED         0x1
 /* Don't include root CA in chain */
-#define SSL_BUILD_CHAIN_FLAG_NO_ROOT   0x2
+#define SSL_BUILD_CHAIN_FLAG_NO_ROOT           0x2
+/* Just check certificates already there */
+#define SSL_BUILD_CHAIN_FLAG_CHECK             0x4
+/* Ignore verification errors */
+#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR      0x8
 
 /* Flags returned by SSL_check_chain */
 /* Certificate can be used with this session */
@@ -1095,7 +1099,7 @@ struct ssl_ctx_st
         */
        unsigned int max_send_fragment;
 
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
        /* Engine to pass requests for client certs to
         */
        ENGINE *client_cert_engine;
@@ -1949,6 +1953,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #define SSL_CERT_SET_FIRST                     1
 #define SSL_CERT_SET_NEXT                      2
+#define SSL_CERT_SET_SERVER                    3
 
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -2507,6 +2512,7 @@ const COMP_METHOD *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
 STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths);
+void SSL_COMP_free_compression_methods(void);
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 #else
 const void *SSL_get_current_compression(SSL *s);