#define SSL_OP_TLS_D5_BUG 0x00000100L
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
+
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
* the workaround is not needed. Unfortunately some broken SSL/TLS
/* Flags for building certificate chains */
/* Treat any existing certificates as untrusted CAs */
-#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1
+#define SSL_BUILD_CHAIN_FLAG_UNTRUSTED 0x1
/* Don't include root CA in chain */
-#define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2
+#define SSL_BUILD_CHAIN_FLAG_NO_ROOT 0x2
+/* Just check certificates already there */
+#define SSL_BUILD_CHAIN_FLAG_CHECK 0x4
+/* Ignore verification errors */
+#define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR 0x8
/* Flags returned by SSL_check_chain */
/* Certificate can be used with this session */
#define SSL_CERT_SET_FIRST 1
#define SSL_CERT_SET_NEXT 2
+#define SSL_CERT_SET_SERVER 3
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
const char *SSL_COMP_get_name(const COMP_METHOD *comp);
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths);
+void SSL_COMP_free_compression_methods(void);
int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
#else
const void *SSL_get_current_compression(SSL *s);
const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
#endif
-/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */
-int X509V3_EXT_add_rfc6962(void);
-
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.