X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssl.h;h=a48d597d2439d0c9d149053f58bb090d9fe1007b;hp=9605e343dd2ff35efdc5fafab46efa22e33e0997;hb=ca8e5b9b8ad3c199943ad7850bf66bc03279c0b9;hpb=61f5b6f33807306d09bccbc2dcad474d1d04ca40

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 9605e343dd..a48d597d24 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -63,7 +63,7 @@
 extern "C" {
 #endif
 
-#include "safestack.h"
+#include <openssl/safestack.h>
 
 /* SSLeay version number for ASN.1 encoding of the session information */
 /* Version 0 - initial version
@@ -144,11 +144,11 @@ extern "C" {
 #define SSL_SENT_SHUTDOWN	1
 #define SSL_RECEIVED_SHUTDOWN	2
 
-#include "crypto.h"
-#include "lhash.h"
-#include "buffer.h"
-#include "bio.h"
-#include "x509.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
 
 #define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
 #define SSL_FILETYPE_PEM	X509_FILETYPE_PEM
@@ -242,6 +242,7 @@ typedef struct ssl_session_st
 
 	/* The cert is the certificate used to establish this connection */
 	struct cert_st /* CERT */ *cert;
+	/* XXX should be struct sess_cert_st *sess_cert */
 
 	/* This is the cert for the other end.  On servers, it will be
 	 * the same as cert->x509 */
@@ -358,17 +359,10 @@ struct ssl_ctx_st
 	 * a session-id is removed from the cache.  Again, a return
 	 * of 0 mens that SSLeay should not SSL_SESSION_free() since
 	 * the application is doing something with it. */
-#ifndef NOPROTO
 	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
 	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
 	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
 		unsigned char *data,int len,int *copy);
-#else
-	int (*new_session_cb)();
-	void (*remove_session_cb)();
-	SSL_SESSION *(*get_session_cb)();
-#endif
-
 	struct
 		{
 		int sess_connect;	/* SSL new conn - started */
@@ -398,9 +392,12 @@ struct ssl_ctx_st
 /**/	char *app_verify_arg;
 
 	/* default values to use in SSL structures */
-/**/	struct cert_st /* CERT */ *default_cert;
+/**/	struct cert_st /* CERT */ *cert;
 /**/	int read_ahead;
 /**/	int verify_mode;
+/**/	int verify_depth;
+/**/	unsigned int sid_ctx_length;
+/**/	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 /**/	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx);
 
 	/* Default password callback. */
@@ -578,6 +575,7 @@ struct ssl_st
 	/* Used in SSL2 and SSL3 */
 	int verify_mode;	/* 0 don't care about verify failure.
 				 * 1 fail if verify fails */
+	int verify_depth;
 	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
 	void (*info_callback)(); /* optional informational callback */
 
@@ -603,10 +601,10 @@ struct ssl_st
 				 * SSLv3/TLS rolback check */
 	};
 
-#include "ssl2.h"
-#include "ssl3.h"
-#include "tls1.h" /* This is mostly sslv3 with a few tweaks */
-#include "ssl23.h"
+#include <openssl/ssl2.h>
+#include <openssl/ssl3.h>
+#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+#include <openssl/ssl23.h>
 
 /* compatablity */
 #define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))
@@ -810,7 +808,6 @@ struct ssl_st
 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
 
-#ifndef NOPROTO
 
 #ifdef HEADER_BIO_H
 BIO_METHOD *BIO_f_ssl(void);
@@ -857,10 +854,14 @@ BIO *	SSL_get_wbio(SSL *s);
 int	SSL_set_cipher_list(SSL *s, char *str);
 void	SSL_set_read_ahead(SSL *s, int yes);
 int	SSL_get_verify_mode(SSL *s);
+int	SSL_get_verify_depth(SSL *s);
 int	(*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
 void	SSL_set_verify(SSL *s, int mode,
 		       int (*callback)(int ok,X509_STORE_CTX *ctx));
+void	SSL_set_verify_depth(SSL *s, int depth);
+#ifndef NO_RSA
 int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+#endif
 int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
@@ -868,16 +869,17 @@ int	SSL_use_certificate(SSL *ssl, X509 *x);
 int	SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
 
 #ifndef NO_STDIO
-int	SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
-int	SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);
-int	SSL_use_certificate_file(SSL *ssl, char *file, int type);
-int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);
-int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);
-int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);
+int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int	SSL_add_file_cert_subjects_to_stack(STACK *stackCAs,
+int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
 					    const char *file);
-int	SSL_add_dir_cert_subjects_to_stack(STACK *stackCAs,
+int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
 					   const char *dir);
 #endif
 
@@ -916,11 +918,15 @@ X509 *	SSL_get_peer_certificate(SSL *s);
 STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
 
 int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
 int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
 void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
 			int (*callback)(int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
 void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
+#ifndef NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+#endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
@@ -933,6 +939,9 @@ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
 int SSL_CTX_check_private_key(SSL_CTX *ctx);
 int SSL_check_private_key(SSL *ctx);
 
+int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+				       unsigned int sid_ctx_len);
+
 SSL *	SSL_new(SSL_CTX *ctx);
 int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
 				   unsigned int sid_ctx_len);
@@ -1010,7 +1019,8 @@ void SSL_set_shutdown(SSL *ssl,int mode);
 int SSL_get_shutdown(SSL *ssl);
 int SSL_version(SSL *ssl);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx,char *CAfile,char *CApath);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+	const char *CApath);
 SSL_SESSION *SSL_get_session(SSL *ssl);
 SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
 void SSL_set_info_callback(SSL *ssl,void (*cb)());
@@ -1054,17 +1064,21 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
 
      /* NB: the keylength is only applicable when export is true */
+#ifndef NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
 				  RSA *(*cb)(SSL *ssl,int export,
 					     int keylength));
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-				 DH *(*dh)(SSL *ssl,int export,int keylength));
 
 void SSL_set_tmp_rsa_callback(SSL *ssl,
 				  RSA *(*cb)(SSL *ssl,int export,
 					     int keylength));
+#endif
+#ifndef NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+				 DH *(*dh)(SSL *ssl,int export,int keylength));
 void SSL_set_tmp_dh_callback(SSL *ssl,
 				 DH *(*dh)(SSL *ssl,int export,int keylength));
+#endif
 
 #ifdef HEADER_COMP_H
 int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
@@ -1072,240 +1086,11 @@ int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
 int SSL_COMP_add_compression_method(int id,char *cm);
 #endif
 
-#else
-
-BIO_METHOD *BIO_f_ssl();
-BIO *BIO_new_ssl();
-BIO *BIO_new_ssl_connect();
-BIO *BIO_new_buffer_ssl_connect();
-int BIO_ssl_copy_session_id();
-void BIO_ssl_shutdown();
-
-long SSL_CTX_set_timeout();
-long SSL_CTX_get_timeout();
-X509_STORE *SSL_CTX_get_cert_store();
-void SSL_CTX_set_cert_store();
-int SSL_want();
-
-int	SSL_CTX_set_cipher_list();
-SSL_CTX *SSL_CTX_new();
-void	SSL_CTX_free();
-void	SSL_clear();
-void	SSL_CTX_flush_sessions();
-
-SSL_CIPHER *SSL_get_current_cipher();
-int	SSL_CIPHER_get_bits();
-char *	SSL_CIPHER_get_version();
-char *	SSL_CIPHER_get_name();
-
-int	SSL_get_fd();
-char  * SSL_get_cipher_list();
-char *	SSL_get_shared_ciphers();
-int	SSL_get_read_ahead();
-int	SSL_pending();
-#ifndef NO_SOCK
-int	SSL_set_fd();
-int	SSL_set_rfd();
-int	SSL_set_wfd();
-#endif
-#ifdef HEADER_BIO_H
-void	SSL_set_bio();
-BIO *	SSL_get_rbio();
-BIO *	SSL_get_wbio();
-#endif
-int	SSL_set_cipher_list();
-void	SSL_set_read_ahead();
-int	SSL_get_verify_mode();
-
-void	SSL_set_verify();
-int	SSL_use_RSAPrivateKey();
-int	SSL_use_RSAPrivateKey_ASN1();
-int	SSL_use_PrivateKey();
-int	SSL_use_PrivateKey_ASN1();
-int	SSL_use_certificate();
-int	SSL_use_certificate_ASN1();
-
-#ifndef NO_STDIO
-int	SSL_use_RSAPrivateKey_file();
-int	SSL_use_PrivateKey_file();
-int	SSL_use_certificate_file();
-int	SSL_CTX_use_RSAPrivateKey_file();
-int	SSL_CTX_use_PrivateKey_file();
-int	SSL_CTX_use_certificate_file();
-STACK * SSL_load_client_CA_file();
-int	SSL_add_file_cert_subjects_to_stack();
-int	SSL_add_dir_cert_subjects_to_stack();
-#endif
-
-void	ERR_load_SSL_strings();
-void	SSL_load_error_strings();
-char * 	SSL_state_string();
-char * 	SSL_rstate_string();
-char * 	SSL_state_string_long();
-char * 	SSL_rstate_string_long();
-long	SSL_SESSION_get_time();
-long	SSL_SESSION_set_time();
-long	SSL_SESSION_get_timeout();
-long	SSL_SESSION_set_timeout();
-void	SSL_copy_session_id();
-
-SSL_SESSION *SSL_SESSION_new();
-unsigned long SSL_SESSION_hash();
-int	SSL_SESSION_cmp();
-#ifndef NO_FP_API
-int	SSL_SESSION_print_fp();
-#endif
-#ifdef HEADER_BIO_H
-int	SSL_SESSION_print();
-#endif
-void	SSL_SESSION_free();
-int	i2d_SSL_SESSION();
-int	SSL_set_session();
-int	SSL_CTX_add_session();
-int	SSL_CTX_remove_session();
-SSL_SESSION *d2i_SSL_SESSION();
-
-#ifdef HEADER_X509_H
-X509 *	SSL_get_peer_certificate();
-#endif
-
-STACK *	SSL_get_peer_cert_chain();
-
-int SSL_CTX_get_verify_mode();
-int (*SSL_CTX_get_verify_callback())();
-void SSL_CTX_set_verify();
-void SSL_CTX_set_cert_verify_cb();
-int SSL_CTX_use_RSAPrivateKey();
-int SSL_CTX_use_RSAPrivateKey_ASN1();
-int SSL_CTX_use_PrivateKey();
-int SSL_CTX_use_PrivateKey_ASN1();
-int SSL_CTX_use_certificate();
-int SSL_CTX_use_certificate_ASN1();
-
-void SSL_CTX_set_default_passwd_cb();
-
-int SSL_CTX_check_private_key();
-int SSL_check_private_key();
-
-SSL *	SSL_new();
-int	SSL_set_session_id_context();
-void    SSL_clear();
-void	SSL_free();
-int 	SSL_accept();
-int 	SSL_connect();
-int 	SSL_read();
-int 	SSL_peek();
-int 	SSL_write();
-long	SSL_ctrl();
-long	SSL_CTX_ctrl();
-
-int	SSL_get_error();
-char *	SSL_get_version();
-
-int SSL_CTX_set_ssl_version();
-
-SSL_METHOD *SSLv2_method();
-SSL_METHOD *SSLv2_server_method();
-SSL_METHOD *SSLv2_client_method();
-
-SSL_METHOD *SSLv3_method();
-SSL_METHOD *SSLv3_server_method();
-SSL_METHOD *SSLv3_client_method();
-
-SSL_METHOD *SSLv23_method();
-SSL_METHOD *SSLv23_server_method();
-SSL_METHOD *SSLv23_client_method();
-
-SSL_METHOD *TLSv1_method();
-SSL_METHOD *TLSv1_server_method();
-SSL_METHOD *TLSv1_client_method();
-
-STACK *SSL_get_ciphers();
-
-int SSL_do_handshake();
-int SSL_renegotiate();
-int SSL_shutdown();
-
-SSL_METHOD *SSL_get_ssl_method();
-int SSL_set_ssl_method();
-char *SSL_alert_type_string_long();
-char *SSL_alert_type_string();
-char *SSL_alert_desc_string_long();
-char *SSL_alert_desc_string();
-
-void SSL_set_client_CA_list();
-void SSL_CTX_set_client_CA_list();
-STACK *SSL_get_client_CA_list();
-STACK *SSL_CTX_get_client_CA_list();
-int SSL_add_client_CA();
-int SSL_CTX_add_client_CA();
-
-void SSL_set_connect_state();
-void SSL_set_accept_state();
-
-long SSL_get_default_timeout();
-
-int SSL_library_init();
-
-char *SSL_CIPHER_description();
-STACK *SSL_dup_CA_list();
-
-SSL *SSL_dup();
-
-X509 *SSL_get_certificate();
-/* EVP * */ struct evp_pkey_st *SSL_get_privatekey();
-
-#ifdef this_is_for_mk1mf_pl
-EVP *SSL_get_privatekey();
-#endif
-
-void SSL_CTX_set_quiet_shutdown();
-int SSL_CTX_get_quiet_shutdown();
-void SSL_set_quiet_shutdown();
-int SSL_get_quiet_shutdown();
-void SSL_set_shutdown();
-int SSL_get_shutdown();
-int SSL_version();
-int SSL_CTX_set_default_verify_paths();
-int SSL_CTX_load_verify_locations();
-SSL_SESSION *SSL_get_session();
-SSL_CTX *SSL_get_SSL_CTX();
-void SSL_set_info_callback();
-void (*SSL_get_info_callback())();
-int SSL_state();
-void SSL_set_verify_result();
-long SSL_get_verify_result();
-
-int SSL_set_ex_data();
-char *SSL_get_ex_data();
-int SSL_get_ex_new_index();
-
-int SSL_SESSION_set_ex_data();
-char *SSL_SESSION_get_ex_data();
-int SSL_SESSION_get_ex_new_index();
-
-int SSL_CTX_set_ex_data();
-char *SSL_CTX_get_ex_data();
-int SSL_CTX_get_ex_new_index();
-
-int SSL_get_ex_data_X509_STORE_CTX_idx();
-int SSL_COMP_add_compression_method();
-
-/* For the next 2, the callbacks are 
- * RSA *tmp_rsa_cb(SSL *ssl,int export)
- * DH *tmp_dh_cb(SSL *ssl,int export)
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
  */
-void SSL_CTX_set_tmp_rsa_callback();
-void SSL_CTX_set_tmp_dh_callback();
-
-void SSL_set_tmp_rsa_callback();
-void SSL_set_tmp_dh_callback();
 
-/* #endif */
-
-#endif
-
-/* BEGIN ERROR CODES */
 /* Error codes for the SSL functions. */
 
 /* Function codes. */
@@ -1374,6 +1159,8 @@ void SSL_set_tmp_dh_callback();
 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216
 #define SSL_F_SSL_BAD_METHOD				 160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
+#define SSL_F_SSL_CERT_DUP				 221
+#define SSL_F_SSL_CERT_INST				 222
 #define SSL_F_SSL_CERT_INSTANTIATE			 214
 #define SSL_F_SSL_CERT_NEW				 162
 #define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
@@ -1382,9 +1169,11 @@ void SSL_set_tmp_dh_callback();
 #define SSL_F_SSL_CREATE_CIPHER_LIST			 166
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
 #define SSL_F_SSL_CTX_NEW				 169
+#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
 #define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
 #define SSL_F_SSL_CTX_USE_CERTIFICATE			 171
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220
 #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173
 #define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174
 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175
@@ -1492,6 +1281,7 @@ void SSL_set_tmp_dh_callback();
 #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
 #define SSL_R_LENGTH_MISMATCH				 159
 #define SSL_R_LENGTH_TOO_SHORT				 160
+#define SSL_R_LIBRARY_BUG				 274
 #define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
 #define SSL_R_MISSING_DH_DSA_CERT			 162
 #define SSL_R_MISSING_DH_KEY				 163
@@ -1626,7 +1416,7 @@ void SSL_set_tmp_dh_callback();
 #define SSL_R_WRONG_VERSION_NUMBER			 267
 #define SSL_R_X509_LIB					 268
 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269
- 
+
 #ifdef  __cplusplus
 }
 #endif