X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl.h;h=79033329f0bd09150b57eae4ad6aa2a675f7c7dd;hp=8983cf97fa600ffe9bf76e5e9d91733179f62da4;hb=9d1a01be8f84143618fc862e1222eb714949fdc1;hpb=673eadec2c9032e938040d5eba241baed30d2c10 diff --git a/ssl/ssl.h b/ssl/ssl.h index 8983cf97fa..79033329f0 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -123,8 +123,9 @@ extern "C" { #define SSL_TXT_MD5 "MD5" #define SSL_TXT_SHA1 "SHA1" #define SSL_TXT_SHA "SHA" -#define SSL_TXT_EXP40 "EXP" +#define SSL_TXT_EXP "EXP" #define SSL_TXT_EXPORT "EXPORT" +#define SSL_TXT_EXP40 "EXPORT40" #define SSL_TXT_EXP56 "EXPORT56" #define SSL_TXT_SSLV2 "SSLv2" #define SSL_TXT_SSLV3 "SSLv3" @@ -134,10 +135,10 @@ extern "C" { /* 'DEFAULT' at the start of the cipher list insert the following string * in addition to this being the default cipher string */ #ifndef NO_RSA -#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" +#define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH" #else #define SSL_ALLOW_ADH -#define SSL_DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP" +#define SSL_DEFAULT_CIPHER_LIST "ALL:ADH+3DES:ADH+RC4:ADH+DES:@STRENGTH" #endif /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ @@ -151,6 +152,10 @@ extern "C" { #include #include +#if (defined(NO_RSA) || defined(NO_MD5)) && !defined(NO_SSL2) +#define NO_SSL2 +#endif + #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 #define SSL_FILETYPE_PEM X509_FILETYPE_PEM @@ -166,8 +171,12 @@ typedef struct ssl_cipher_st const char *name; /* text name */ unsigned long id; /* id, 4 bytes, first is version */ unsigned long algorithms; /* what ciphers are used */ + unsigned long algo_strength; /* strength and export flags */ unsigned long algorithm2; /* Extra flags */ + int strength_bits; /* Number of bits really used */ + int alg_bits; /* Number of bits for algorithm */ unsigned long mask; /* used for matching */ + unsigned long mask_strength; /* also used for matching */ } SSL_CIPHER; DECLARE_STACK_OF(SSL_CIPHER) @@ -215,7 +224,8 @@ typedef struct ssl_method_st * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context - * Compression [5] IMPLICIT ASN1_OBJECT -- compression OID XXXXX + * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' + * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX * } * Look in ssl/ssl_asn1.c for more details * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). @@ -249,6 +259,9 @@ typedef struct ssl_session_st * (the latter is not enough as sess_cert is not retained * in the external representation of sessions, see ssl_asn1.c). */ X509 *peer; + /* when app_verify_callback accepts a session where the peer's certificate + * is not ok, we must remember the error for session reuse: */ + long verify_result; /* only for servers */ int references; long timeout; @@ -281,32 +294,54 @@ typedef struct ssl_session_st #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L #define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L -/* If set, only use tmp_dh parameters once */ +/* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L /* Set to also use the tmp_rsa key when doing RSA operations. */ #define SSL_OP_EPHEMERAL_RSA 0x00200000L -/* The next flag deliberatly changes the ciphertest, this is a check +/* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */ #define SSL_OP_PKCS1_CHECK_1 0x08000000L #define SSL_OP_PKCS1_CHECK_2 0x10000000L #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L +/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */ #define SSL_OP_NON_EXPORT_FIRST 0x40000000L #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L #define SSL_OP_ALL 0x000FFFFFL +#define SSL_OP_NO_SSLv2 0x01000000L +#define SSL_OP_NO_SSLv3 0x02000000L +#define SSL_OP_NO_TLSv1 0x04000000L + +/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): */ +#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L +/* Make it possible to retry SSL_write() with changed buffer location + * (buffer contents must stay the same!); this is not the default to avoid + * the misconception that non-blocking SSL_write() behaves like + * non-blocking write(): */ +#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L + +/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, + * they cannot be used to clear bits. */ + #define SSL_CTX_set_options(ctx,op) \ SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,op,NULL) #define SSL_CTX_get_options(ctx) \ SSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,0,NULL) #define SSL_set_options(ssl,op) \ - SSL_ctrl(ssl,SSL_CTRL_OPTIONS,0,NULL) + SSL_ctrl(ssl,SSL_CTRL_OPTIONS,op,NULL) #define SSL_get_options(ssl) \ SSL_ctrl(ssl,SSL_CTRL_OPTIONS,0,NULL) -#define SSL_OP_NO_SSLv2 0x01000000L -#define SSL_OP_NO_SSLv3 0x02000000L -#define SSL_OP_NO_TLSv1 0x04000000L +#define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,op,NULL) +#define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_MODE,0,NULL) +#define SSL_set_mode(ssl,op) \ + SSL_ctrl(ssl,SSL_CTRL_MODE,op,NULL) +#define SSL_get_mode(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_MODE,0,NULL) #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) @@ -327,6 +362,7 @@ struct ssl_ctx_st { SSL_METHOD *method; unsigned long options; + unsigned long mode; STACK_OF(SSL_CIPHER) *cipher_list; /* same as above but sorted for lookup */ @@ -335,7 +371,7 @@ struct ssl_ctx_st struct x509_store_st /* X509_STORE */ *cert_store; struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSION's */ /* Most session-ids that will be cached, default is - * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */ + * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ unsigned long session_cache_size; struct ssl_session_st *session_cache_head; struct ssl_session_st *session_cache_tail; @@ -391,7 +427,7 @@ struct ssl_ctx_st /* if defined, these override the X509_verify_cert() calls */ /**/ int (*app_verify_callback)(); -/**/ char *app_verify_arg; +/**/ char *app_verify_arg; /* never used; should be void * */ /* default values to use in SSL structures */ /**/ struct cert_st /* CERT */ *cert; @@ -402,13 +438,19 @@ struct ssl_ctx_st /**/ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; /**/ int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ + /* Default password callback. */ /**/ pem_password_cb *default_passwd_callback; + /* Default password callback user data. */ +/**/ void *default_passwd_callback_userdata; + /* get client cert callback */ /**/ int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */); - /* what we put in client requests */ + /* what we put in client cert requests */ STACK_OF(X509_NAME) *client_CA; /**/ int quiet_shutdown; @@ -542,14 +584,18 @@ struct ssl_st struct ssl2_ctx_st *s2; /* SSLv2 variables */ struct ssl3_ctx_st *s3; /* SSLv3 variables */ - int read_ahead; /* Read as many input bytes as possible */ + int read_ahead; /* Read as many input bytes as possible + * (for non-blocking reads) */ int hit; /* reusing a previous session */ + int purpose; /* Purpose setting */ + int trust; /* Trust setting */ + /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; - /* These are the ones being used, the ones is SSL_SESSION are + /* These are the ones being used, the ones in SSL_SESSION are * the ones to be 'copied' into these ones */ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ @@ -605,7 +651,8 @@ struct ssl_st STACK_OF(X509_NAME) *client_CA; int references; - unsigned long options; + unsigned long options; /* protocol behaviour */ + unsigned long mode; /* API behaviour */ int first_packet; int client_version; /* what was passed, used for * SSLv3/TLS rolback check */ @@ -667,6 +714,13 @@ struct ssl_st #define SSL_ST_READ_BODY 0xF1 #define SSL_ST_READ_DONE 0xF2 +/* Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ +size_t SSL_get_finished(SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); + /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options * are 'ored' with SSL_VERIFY_PEER if they are desired */ #define SSL_VERIFY_NONE 0x00 @@ -704,16 +758,16 @@ struct ssl_st (bp),(unsigned char **)(s_id)) #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \ bp,(unsigned char *)s_id) -#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \ - (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb) -#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb) +#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ + (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) +#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u) #define PEM_write_SSL_SESSION(fp,x) \ PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ - PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL) + PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) #define PEM_write_bio_SSL_SESSION(bp,x) \ PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ - PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL) + PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL) #endif #define SSL_AD_REASON_OFFSET 1000 @@ -748,7 +802,7 @@ struct ssl_st #define SSL_ERROR_WANT_READ 2 #define SSL_ERROR_WANT_WRITE 3 #define SSL_ERROR_WANT_X509_LOOKUP 4 -#define SSL_ERROR_SYSCALL 5 /* look at errno */ +#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ #define SSL_ERROR_ZERO_RETURN 6 #define SSL_ERROR_WANT_CONNECT 7 @@ -780,6 +834,7 @@ struct ssl_st #define SSL_CTRL_SESS_TIMEOUTS 30 #define SSL_CTRL_SESS_CACHE_FULL 31 #define SSL_CTRL_OPTIONS 32 +#define SSL_CTRL_MODE 33 #define SSL_CTRL_GET_READ_AHEAD 40 #define SSL_CTRL_SET_READ_AHEAD 41 @@ -840,7 +895,7 @@ void BIO_ssl_shutdown(BIO *ssl_bio); #endif -int SSL_CTX_set_cipher_list(SSL_CTX *,char *str); +int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); void SSL_CTX_free(SSL_CTX *); long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); @@ -872,7 +927,7 @@ void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); BIO * SSL_get_rbio(SSL *s); BIO * SSL_get_wbio(SSL *s); #endif -int SSL_set_cipher_list(SSL *s, char *str); +int SSL_set_cipher_list(SSL *s, const char *str); void SSL_set_read_ahead(SSL *s, int yes); int SSL_get_verify_mode(SSL *s); int SSL_get_verify_depth(SSL *s); @@ -938,6 +993,10 @@ X509 * SSL_get_peer_certificate(SSL *s); STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s); +#ifdef VMS +#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud +#endif + int SSL_CTX_get_verify_mode(SSL_CTX *ctx); int SSL_CTX_get_verify_depth(SSL_CTX *ctx); int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *); @@ -955,7 +1014,8 @@ int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); -void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *); +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); int SSL_CTX_check_private_key(SSL_CTX *ctx); int SSL_check_private_key(SSL *ctx); @@ -966,6 +1026,12 @@ int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, SSL * SSL_new(SSL_CTX *ctx); int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, unsigned int sid_ctx_len); + +int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); +int SSL_set_purpose(SSL *s, int purpose); +int SSL_CTX_set_trust(SSL_CTX *s, int trust); +int SSL_set_trust(SSL *s, int trust); + void SSL_free(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); @@ -976,7 +1042,7 @@ long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg); int SSL_get_error(SSL *s,int ret_code); -char * SSL_get_version(SSL *s); +const char *SSL_get_version(SSL *s); /* This sets the 'default' SSL version that SSL_new() will create */ int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); @@ -1025,7 +1091,7 @@ long SSL_get_default_timeout(SSL *s); int SSL_library_init(void ); char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); -STACK *SSL_dup_CA_list(STACK *sk); +STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); SSL *SSL_dup(SSL *ssl); @@ -1042,7 +1108,9 @@ int SSL_version(SSL *ssl); int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); +#define SSL_get0_session SSL_get_session /* just peek at pointer */ SSL_SESSION *SSL_get_session(SSL *ssl); +SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); void SSL_set_info_callback(SSL *ssl,void (*cb)()); void (*SSL_get_info_callback(SSL *ssl))(); @@ -1053,18 +1121,18 @@ long SSL_get_verify_result(SSL *ssl); int SSL_set_ex_data(SSL *ssl,int idx,void *data); void *SSL_get_ex_data(SSL *ssl,int idx); -int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(), - int (*dup_func)(), void (*free_func)()); +int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx); -int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(), - int (*dup_func)(), void (*free_func)()); +int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx); -int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), - int (*dup_func)(), void (*free_func)()); +int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int SSL_get_ex_data_X509_STORE_CTX_idx(void ); @@ -1084,21 +1152,23 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void ); #define SSL_CTX_set_read_ahead(ctx,m) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL) - /* NB: the keylength is only applicable when export is true */ + /* NB: the keylength is only applicable when is_export is true */ #ifndef NO_RSA void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, - RSA *(*cb)(SSL *ssl,int export, + RSA *(*cb)(SSL *ssl,int is_export, int keylength)); void SSL_set_tmp_rsa_callback(SSL *ssl, - RSA *(*cb)(SSL *ssl,int export, + RSA *(*cb)(SSL *ssl,int is_export, int keylength)); #endif #ifndef NO_DH void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, - DH *(*dh)(SSL *ssl,int export,int keylength)); + DH *(*dh)(SSL *ssl,int is_export, + int keylength)); void SSL_set_tmp_dh_callback(SSL *ssl, - DH *(*dh)(SSL *ssl,int export,int keylength)); + DH *(*dh)(SSL *ssl,int is_export, + int keylength)); #endif #ifdef HEADER_COMP_H @@ -1185,13 +1255,17 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_F_SSL_CERT_INSTANTIATE 214 #define SSL_F_SSL_CERT_NEW 162 #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 #define SSL_F_SSL_CLEAR 164 #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 #define SSL_F_SSL_CREATE_CIPHER_LIST 166 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 #define SSL_F_SSL_CTX_NEW 169 +#define SSL_F_SSL_CTX_SET_PURPOSE 226 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +#define SSL_F_SSL_CTX_SET_TRUST 229 #define SSL_F_SSL_CTX_USE_CERTIFICATE 171 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 @@ -1219,9 +1293,11 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_F_SSL_SET_CERT 191 #define SSL_F_SSL_SET_FD 192 #define SSL_F_SSL_SET_PKEY 193 +#define SSL_F_SSL_SET_PURPOSE 227 #define SSL_F_SSL_SET_RFD 194 #define SSL_F_SSL_SET_SESSION 195 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +#define SSL_F_SSL_SET_TRUST 228 #define SSL_F_SSL_SET_WFD 196 #define SSL_F_SSL_SHUTDOWN 224 #define SSL_F_SSL_UNDEFINED_FUNCTION 197 @@ -1248,7 +1324,6 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_BAD_AUTHENTICATION_TYPE 102 #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 #define SSL_R_BAD_CHECKSUM 104 -#define SSL_R_BAD_CLIENT_REQUEST 105 #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 #define SSL_R_BAD_DECOMPRESSION 107 #define SSL_R_BAD_DH_G_LENGTH 108 @@ -1256,6 +1331,7 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_BAD_DH_P_LENGTH 110 #define SSL_R_BAD_DIGEST_LENGTH 111 #define SSL_R_BAD_DSA_SIGNATURE 112 +#define SSL_R_BAD_HELLO_REQUEST 105 #define SSL_R_BAD_LENGTH 271 #define SSL_R_BAD_MAC_DECODE 113 #define SSL_R_BAD_MESSAGE_TYPE 114 @@ -1303,6 +1379,9 @@ int SSL_COMP_add_compression_method(int id,char *cm); #define SSL_R_HTTP_REQUEST 156 #define SSL_R_INTERNAL_ERROR 157 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 +#define SSL_R_INVALID_COMMAND 280 +#define SSL_R_INVALID_PURPOSE 278 +#define SSL_R_INVALID_TRUST 279 #define SSL_R_LENGTH_MISMATCH 159 #define SSL_R_LENGTH_TOO_SHORT 160 #define SSL_R_LIBRARY_BUG 274