ssl.h

00001 /* ssl/ssl.h */
00002 /* Copyright (C) 1995-1998 Eric Young ([email protected])
00003  * All rights reserved.
00004  *
00005  * This package is an SSL implementation written
00006  * by Eric Young ([email protected]).
00007  * The implementation was written so as to conform with Netscapes SSL.
00008  * 
00009  * This library is free for commercial and non-commercial use as long as
00010  * the following conditions are aheared to.  The following conditions
00011  * apply to all code found in this distribution, be it the RC4, RSA,
00012  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
00013  * included with this distribution is covered by the same copyright terms
00014  * except that the holder is Tim Hudson ([email protected]).
00015  * 
00016  * Copyright remains Eric Young's, and as such any Copyright notices in
00017  * the code are not to be removed.
00018  * If this package is used in a product, Eric Young should be given attribution
00019  * as the author of the parts of the library used.
00020  * This can be in the form of a textual message at program startup or
00021  * in documentation (online or textual) provided with the package.
00022  * 
00023  * Redistribution and use in source and binary forms, with or without
00024  * modification, are permitted provided that the following conditions
00025  * are met:
00026  * 1. Redistributions of source code must retain the copyright
00027  *    notice, this list of conditions and the following disclaimer.
00028  * 2. Redistributions in binary form must reproduce the above copyright
00029  *    notice, this list of conditions and the following disclaimer in the
00030  *    documentation and/or other materials provided with the distribution.
00031  * 3. All advertising materials mentioning features or use of this software
00032  *    must display the following acknowledgement:
00033  *    "This product includes cryptographic software written by
00034  *     Eric Young ([email protected])"
00035  *    The word 'cryptographic' can be left out if the rouines from the library
00036  *    being used are not cryptographic related :-).
00037  * 4. If you include any Windows specific code (or a derivative thereof) from 
00038  *    the apps directory (application code) you must include an acknowledgement:
00039  *    "This product includes software written by Tim Hudson ([email protected])"
00040  * 
00041  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
00042  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00043  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00044  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
00045  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
00046  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
00047  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00048  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
00049  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
00050  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
00051  * SUCH DAMAGE.
00052  * 
00053  * The licence and distribution terms for any publically available version or
00054  * derivative of this code cannot be changed.  i.e. this code cannot simply be
00055  * copied and put under another distribution licence
00056  * [including the GNU Public Licence.]
00057  */
00058 /* ====================================================================
00059  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
00060  *
00061  * Redistribution and use in source and binary forms, with or without
00062  * modification, are permitted provided that the following conditions
00063  * are met:
00064  *
00065  * 1. Redistributions of source code must retain the above copyright
00066  *    notice, this list of conditions and the following disclaimer. 
00067  *
00068  * 2. Redistributions in binary form must reproduce the above copyright
00069  *    notice, this list of conditions and the following disclaimer in
00070  *    the documentation and/or other materials provided with the
00071  *    distribution.
00072  *
00073  * 3. All advertising materials mentioning features or use of this
00074  *    software must display the following acknowledgment:
00075  *    "This product includes software developed by the OpenSSL Project
00076  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
00077  *
00078  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
00079  *    endorse or promote products derived from this software without
00080  *    prior written permission. For written permission, please contact
00081  *    [email protected]
00082  *
00083  * 5. Products derived from this software may not be called "OpenSSL"
00084  *    nor may "OpenSSL" appear in their names without prior written
00085  *    permission of the OpenSSL Project.
00086  *
00087  * 6. Redistributions of any form whatsoever must retain the following
00088  *    acknowledgment:
00089  *    "This product includes software developed by the OpenSSL Project
00090  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
00091  *
00092  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
00093  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00094  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
00095  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
00096  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00097  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
00098  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
00099  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
00101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
00103  * OF THE POSSIBILITY OF SUCH DAMAGE.
00104  * ====================================================================
00105  *
00106  * This product includes cryptographic software written by Eric Young
00107  * ([email protected]).  This product includes software written by Tim
00108  * Hudson ([email protected]).
00109  *
00110  */
00111 /* ====================================================================
00112  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
00113  *
00114  * Redistribution and use in source and binary forms, with or without
00115  * modification, are permitted provided that the following conditions
00116  * are met:
00117  *
00118  * 1. Redistributions of source code must retain the above copyright
00119  *    notice, this list of conditions and the following disclaimer. 
00120  *
00121  * 2. Redistributions in binary form must reproduce the above copyright
00122  *    notice, this list of conditions and the following disclaimer in
00123  *    the documentation and/or other materials provided with the
00124  *    distribution.
00125  *
00126  * 3. All advertising materials mentioning features or use of this
00127  *    software must display the following acknowledgment:
00128  *    "This product includes software developed by the OpenSSL Project
00129  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
00130  *
00131  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
00132  *    endorse or promote products derived from this software without
00133  *    prior written permission. For written permission, please contact
00134  *    [email protected]
00135  *
00136  * 5. Products derived from this software may not be called "OpenSSL"
00137  *    nor may "OpenSSL" appear in their names without prior written
00138  *    permission of the OpenSSL Project.
00139  *
00140  * 6. Redistributions of any form whatsoever must retain the following
00141  *    acknowledgment:
00142  *    "This product includes software developed by the OpenSSL Project
00143  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
00144  *
00145  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
00146  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00147  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
00148  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
00149  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00150  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
00151  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
00152  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00153  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
00154  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00155  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
00156  * OF THE POSSIBILITY OF SUCH DAMAGE.
00157  * ====================================================================
00158  *
00159  * This product includes cryptographic software written by Eric Young
00160  * ([email protected]).  This product includes software written by Tim
00161  * Hudson ([email protected]).
00162  *
00163  */
00164 /* ====================================================================
00165  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
00166  * ECC cipher suite support in OpenSSL originally developed by 
00167  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
00168  */
00169 
00170 #ifndef HEADER_SSL_H 
00171 #define HEADER_SSL_H 
00172 
00173 #if (defined(__SYMBIAN32__) && !defined(SYMBIAN))
00174 #define SYMBIAN
00175 #endif
00176 
00177 #include <openssl/e_os2.h>
00178 
00179 #ifndef OPENSSL_NO_COMP
00180 #include <openssl/comp.h>
00181 #endif
00182 #ifndef OPENSSL_NO_BIO
00183 #include <openssl/bio.h>
00184 #endif
00185 #ifndef OPENSSL_NO_DEPRECATED
00186 #ifndef OPENSSL_NO_X509
00187 #include <openssl/x509.h>
00188 #endif
00189 #include <openssl/crypto.h>
00190 #include <openssl/lhash.h>
00191 #include <openssl/buffer.h>
00192 #endif
00193 #include <openssl/pem.h>
00194 
00195 #include <openssl/kssl.h>
00196 #include <openssl/safestack.h>
00197 #include <openssl/symhacks.h>
00198 
00199 #ifdef  __cplusplus
00200 extern "C" {
00201 #endif
00202 
00203 /* SSLeay version number for ASN.1 encoding of the session information */
00204 /* Version 0 - initial version
00205  * Version 1 - added the optional peer certificate
00206  */
00207 #define SSL_SESSION_ASN1_VERSION 0x0001
00208 
00209 /* text strings for the ciphers */
00210 #define SSL_TXT_NULL_WITH_MD5           SSL2_TXT_NULL_WITH_MD5                  
00211 #define SSL_TXT_RC4_128_WITH_MD5        SSL2_TXT_RC4_128_WITH_MD5               
00212 #define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5    
00213 #define SSL_TXT_RC2_128_CBC_WITH_MD5    SSL2_TXT_RC2_128_CBC_WITH_MD5           
00214 #define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5    
00215 #define SSL_TXT_IDEA_128_CBC_WITH_MD5   SSL2_TXT_IDEA_128_CBC_WITH_MD5          
00216 #define SSL_TXT_DES_64_CBC_WITH_MD5     SSL2_TXT_DES_64_CBC_WITH_MD5            
00217 #define SSL_TXT_DES_64_CBC_WITH_SHA     SSL2_TXT_DES_64_CBC_WITH_SHA            
00218 #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5    
00219 #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA    
00220 
00221 /*    VRS Additional Kerberos5 entries
00222  */
00223 #define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
00224 #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
00225 #define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
00226 #define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
00227 #define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
00228 #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
00229 #define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
00230 #define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
00231 
00232 #define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
00233 #define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
00234 #define SSL_TXT_KRB5_RC4_40_SHA       SSL3_TXT_KRB5_RC4_40_SHA
00235 #define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
00236 #define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
00237 #define SSL_TXT_KRB5_RC4_40_MD5       SSL3_TXT_KRB5_RC4_40_MD5
00238 
00239 #define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
00240 #define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
00241 #define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
00242 #define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
00243 #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
00244 #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
00245 #define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
00246 
00247 #define SSL_MAX_SSL_SESSION_ID_LENGTH           32
00248 #define SSL_MAX_SID_CTX_LENGTH                  32
00249 
00250 #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
00251 #define SSL_MAX_KEY_ARG_LENGTH                  8
00252 #define SSL_MAX_MASTER_KEY_LENGTH               48
00253 
00254 /* These are used to specify which ciphers to use and not to use */
00255 #define SSL_TXT_LOW             "LOW"
00256 #define SSL_TXT_MEDIUM          "MEDIUM"
00257 #define SSL_TXT_HIGH            "HIGH"
00258 #define SSL_TXT_kFZA            "kFZA"
00259 #define SSL_TXT_aFZA            "aFZA"
00260 #define SSL_TXT_eFZA            "eFZA"
00261 #define SSL_TXT_FZA             "FZA"
00262 
00263 #define SSL_TXT_aNULL           "aNULL"
00264 #define SSL_TXT_eNULL           "eNULL"
00265 #define SSL_TXT_NULL            "NULL"
00266 
00267 #define SSL_TXT_kKRB5           "kKRB5"
00268 #define SSL_TXT_aKRB5           "aKRB5"
00269 #define SSL_TXT_KRB5            "KRB5"
00270 
00271 #define SSL_TXT_kRSA            "kRSA"
00272 #define SSL_TXT_kDHr            "kDHr"
00273 #define SSL_TXT_kDHd            "kDHd"
00274 #define SSL_TXT_kEDH            "kEDH"
00275 #define SSL_TXT_aRSA            "aRSA"
00276 #define SSL_TXT_aDSS            "aDSS"
00277 #define SSL_TXT_aDH             "aDH"
00278 #define SSL_TXT_DSS             "DSS"
00279 #define SSL_TXT_DH              "DH"
00280 #define SSL_TXT_EDH             "EDH"
00281 #define SSL_TXT_ADH             "ADH"
00282 #define SSL_TXT_RSA             "RSA"
00283 #define SSL_TXT_DES             "DES"
00284 #define SSL_TXT_3DES            "3DES"
00285 #define SSL_TXT_RC4             "RC4"
00286 #define SSL_TXT_RC2             "RC2"
00287 #define SSL_TXT_IDEA            "IDEA"
00288 #define SSL_TXT_AES             "AES"
00289 #define SSL_TXT_MD5             "MD5"
00290 #define SSL_TXT_SHA1            "SHA1"
00291 #define SSL_TXT_SHA             "SHA"
00292 #define SSL_TXT_EXP             "EXP"
00293 #define SSL_TXT_EXPORT          "EXPORT"
00294 #define SSL_TXT_EXP40           "EXPORT40"
00295 #define SSL_TXT_EXP56           "EXPORT56"
00296 #define SSL_TXT_SSLV2           "SSLv2"
00297 #define SSL_TXT_SSLV3           "SSLv3"
00298 #define SSL_TXT_TLSV1           "TLSv1"
00299 #define SSL_TXT_ALL             "ALL"
00300 #define SSL_TXT_ECC             "ECCdraft" /* ECC ciphersuites are not yet official */
00301 
00302 /*
00303  * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
00304  * ciphers normally not being used.
00305  * Example: "RC4" will activate all ciphers using RC4 including ciphers
00306  * without authentication, which would normally disabled by DEFAULT (due
00307  * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
00308  * will make sure that it is also disabled in the specific selection.
00309  * COMPLEMENTOF* identifiers are portable between version, as adjustments
00310  * to the default cipher setup will also be included here.
00311  *
00312  * COMPLEMENTOFDEFAULT does not experience the same special treatment that
00313  * DEFAULT gets, as only selection is being done and no sorting as needed
00314  * for DEFAULT.
00315  */
00316 #define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
00317 #define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
00318 
00319 /* The following cipher list is used by default.
00320  * It also is substituted when an application-defined cipher list string
00321  * starts with 'DEFAULT'. */
00322 #define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
00323 
00324 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
00325 #define SSL_SENT_SHUTDOWN       1
00326 #define SSL_RECEIVED_SHUTDOWN   2
00327 
00328 #ifdef __cplusplus
00329 }
00330 #endif
00331 
00332 #ifdef  __cplusplus
00333 extern "C" {
00334 #endif
00335 
00336 #if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
00337 #define OPENSSL_NO_SSL2
00338 #endif
00339 
00340 #define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
00341 #define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
00342 
00343 /* This is needed to stop compilers complaining about the
00344  * 'struct ssl_st *' function parameters used to prototype callbacks
00345  * in SSL_CTX. */
00346 typedef struct ssl_st *ssl_crock_st;
00347 
00348 /* used to hold info on the particular ciphers used */
00349 typedef struct ssl_cipher_st
00350         {
00351         int valid;
00352         const char *name;               /* text name */
00353         unsigned long id;               /* id, 4 bytes, first is version */
00354         unsigned long algorithms;       /* what ciphers are used */
00355         unsigned long algo_strength;    /* strength and export flags */
00356         unsigned long algorithm2;       /* Extra flags */
00357         int strength_bits;              /* Number of bits really used */
00358         int alg_bits;                   /* Number of bits for algorithm */
00359         unsigned long mask;             /* used for matching */
00360         unsigned long mask_strength;    /* also used for matching */
00361         } SSL_CIPHER;
00362 
00363 DECLARE_STACK_OF(SSL_CIPHER)
00364 
00365 typedef struct ssl_st SSL;
00366 typedef struct ssl_ctx_st SSL_CTX;
00367 
00368 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
00369 typedef struct ssl_method_st
00370         {
00371         int version;
00372         int (*ssl_new)(SSL *s);
00373         void (*ssl_clear)(SSL *s);
00374         void (*ssl_free)(SSL *s);
00375         int (*ssl_accept)(SSL *s);
00376         int (*ssl_connect)(SSL *s);
00377         int (*ssl_read)(SSL *s,void *buf,int len);
00378         int (*ssl_peek)(SSL *s,void *buf,int len);
00379         int (*ssl_write)(SSL *s,const void *buf,int len);
00380         int (*ssl_shutdown)(SSL *s);
00381         int (*ssl_renegotiate)(SSL *s);
00382         int (*ssl_renegotiate_check)(SSL *s);
00383         long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
00384                 max, int *ok);
00385         int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
00386                 int peek);
00387         int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
00388         int (*ssl_dispatch_alert)(SSL *s);
00389         long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
00390         long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
00391         SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
00392         int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
00393         int (*ssl_pending)(const SSL *s);
00394         int (*num_ciphers)(void);
00395         SSL_CIPHER *(*get_cipher)(unsigned ncipher);
00396         struct ssl_method_st *(*get_ssl_method)(int version);
00397         long (*get_timeout)(void);
00398         struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
00399         int (*ssl_version)(void);
00400         long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
00401         long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
00402         } SSL_METHOD;
00403 
00404 /* Lets make this into an ASN.1 type structure as follows
00405  * SSL_SESSION_ID ::= SEQUENCE {
00406  *      version                 INTEGER,        -- structure version number
00407  *      SSLversion              INTEGER,        -- SSL version number
00408  *      Cipher                  OCTET_STRING,   -- the 3 byte cipher ID
00409  *      Session_ID              OCTET_STRING,   -- the Session ID
00410  *      Master_key              OCTET_STRING,   -- the master key
00411  *      KRB5_principal          OCTET_STRING    -- optional Kerberos principal
00412  *      Key_Arg [ 0 ] IMPLICIT  OCTET_STRING,   -- the optional Key argument
00413  *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
00414  *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
00415  *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
00416  *      Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
00417  *      Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'
00418  *      Compression [6] IMPLICIT ASN1_OBJECT    -- compression OID XXXXX
00419  *      }
00420  * Look in ssl/ssl_asn1.c for more details
00421  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
00422  */
00423 typedef struct ssl_session_st
00424         {
00425         int ssl_version;        /* what ssl version session info is
00426                                  * being kept in here? */
00427 
00428         /* only really used in SSLv2 */
00429         unsigned int key_arg_length;
00430         unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
00431         int master_key_length;
00432         unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
00433         /* session_id - valid? */
00434         unsigned int session_id_length;
00435         unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
00436         /* this is used to determine whether the session is being reused in
00437          * the appropriate context. It is up to the application to set this,
00438          * via SSL_new */
00439         unsigned int sid_ctx_length;
00440         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
00441 
00442 #ifndef OPENSSL_NO_KRB5
00443         unsigned int krb5_client_princ_len;
00444         unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
00445 #endif /* OPENSSL_NO_KRB5 */
00446 
00447         int not_resumable;
00448 
00449         /* The cert is the certificate used to establish this connection */
00450         struct sess_cert_st /* SESS_CERT */ *sess_cert;
00451 
00452         /* This is the cert for the other end.
00453          * On clients, it will be the same as sess_cert->peer_key->x509
00454          * (the latter is not enough as sess_cert is not retained
00455          * in the external representation of sessions, see ssl_asn1.c). */
00456         X509 *peer;
00457         /* when app_verify_callback accepts a session where the peer's certificate
00458          * is not ok, we must remember the error for session reuse: */
00459         long verify_result; /* only for servers */
00460 
00461         int references;
00462         long timeout;
00463         long time;
00464 
00465         int compress_meth;              /* Need to lookup the method */
00466 
00467         SSL_CIPHER *cipher;
00468         unsigned long cipher_id;        /* when ASN.1 loaded, this
00469                                          * needs to be used to load
00470                                          * the 'cipher' structure */
00471 
00472         STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
00473 
00474         CRYPTO_EX_DATA ex_data; /* application specific data */
00475 
00476         /* These are used to make removal of session-ids more
00477          * efficient and to implement a maximum cache size. */
00478         struct ssl_session_st *prev,*next;
00479         } SSL_SESSION;
00480 
00481 
00482 #define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x00000001L
00483 #define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x00000002L
00484 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
00485 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x00000010L
00486 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
00487 #define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x00000040L /* no effect since 0.9.7h and 0.9.8b */
00488 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
00489 #define SSL_OP_TLS_D5_BUG                               0x00000100L
00490 #define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
00491 
00492 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
00493  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
00494  * the workaround is not needed.  Unfortunately some broken SSL/TLS
00495  * implementations cannot handle it at all, which is why we include
00496  * it in SSL_OP_ALL. */
00497 #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
00498 
00499 /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
00500  *             This used to be 0x000FFFFFL before 0.9.7. */
00501 #define SSL_OP_ALL                                      0x00000FFFL
00502 
00503 /* DTLS options */
00504 #define SSL_OP_NO_QUERY_MTU                 0x00001000L
00505 /* Turn on Cookie Exchange (on relevant for servers) */
00506 #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
00507 
00508 /* As server, disallow session resumption on renegotiation */
00509 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
00510 /* If set, always create a new key when using tmp_ecdh parameters */
00511 #define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
00512 /* If set, always create a new key when using tmp_dh parameters */
00513 #define SSL_OP_SINGLE_DH_USE                            0x00100000L
00514 /* Set to always use the tmp_rsa key when doing RSA operations,
00515  * even when this violates protocol specs */
00516 #define SSL_OP_EPHEMERAL_RSA                            0x00200000L
00517 /* Set on servers to choose the cipher according to the server's
00518  * preferences */
00519 #define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000L
00520 /* If set, a server will allow a client to issue a SSLv3.0 version number
00521  * as latest version supported in the premaster secret, even when TLSv1.0
00522  * (version 3.1) was announced in the client hello. Normally this is
00523  * forbidden to prevent version rollback attacks. */
00524 #define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000L
00525 
00526 #define SSL_OP_NO_SSLv2                                 0x01000000L
00527 #define SSL_OP_NO_SSLv3                                 0x02000000L
00528 #define SSL_OP_NO_TLSv1                                 0x04000000L
00529 
00530 /* The next flag deliberately changes the ciphertest, this is a check
00531  * for the PKCS#1 attack */
00532 #define SSL_OP_PKCS1_CHECK_1                            0x08000000L
00533 #define SSL_OP_PKCS1_CHECK_2                            0x10000000L
00534 #define SSL_OP_NETSCAPE_CA_DN_BUG                       0x20000000L
00535 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x40000000L
00536 
00537 
00538 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
00539  * when just a single record has been written): */
00540 #define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
00541 /* Make it possible to retry SSL_write() with changed buffer location
00542  * (buffer contents must stay the same!); this is not the default to avoid
00543  * the misconception that non-blocking SSL_write() behaves like
00544  * non-blocking write(): */
00545 #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
00546 /* Never bother the application with retries if the transport
00547  * is blocking: */
00548 #define SSL_MODE_AUTO_RETRY 0x00000004L
00549 /* Don't attempt to automatically build certificate chain */
00550 #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
00551 
00552 
00553 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
00554  * they cannot be used to clear bits. */
00555 
00556 #define SSL_CTX_set_options(ctx,op) \
00557         SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
00558 #define SSL_CTX_get_options(ctx) \
00559         SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
00560 #define SSL_set_options(ssl,op) \
00561         SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
00562 #define SSL_get_options(ssl) \
00563         SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
00564 
00565 #define SSL_CTX_set_mode(ctx,op) \
00566         SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
00567 #define SSL_CTX_get_mode(ctx) \
00568         SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
00569 #define SSL_set_mode(ssl,op) \
00570         SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
00571 #define SSL_get_mode(ssl) \
00572         SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
00573 #define SSL_set_mtu(ssl, mtu) \
00574         SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
00575 
00576 
00577 IMPORT_C void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
00578 IMPORT_C void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
00579 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
00580 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
00581 
00582 
00583 
00584 #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
00585 #define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
00586 #else
00587 #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
00588 #endif
00589 
00590 #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
00591 
00592 /* This callback type is used inside SSL_CTX, SSL, and in the functions that set
00593  * them. It is used to override the generation of SSL/TLS session IDs in a
00594  * server. Return value should be zero on an error, non-zero to proceed. Also,
00595  * callbacks should themselves check if the id they generate is unique otherwise
00596  * the SSL handshake will fail with an error - callbacks can do this using the
00597  * 'ssl' value they're passed by;
00598  *      SSL_has_matching_session_id(ssl, id, *id_len)
00599  * The length value passed in is set at the maximum size the session ID can be.
00600  * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
00601  * can alter this length to be less if desired, but under SSLv2 session IDs are
00602  * supposed to be fixed at 16 bytes so the id will be padded after the callback
00603  * returns in this case. It is also an error for the callback to set the size to
00604  * zero. */
00605 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
00606                                 unsigned int *id_len);
00607 
00608 typedef struct ssl_comp_st
00609         {
00610         int id;
00611         const char *name;
00612 #ifndef OPENSSL_NO_COMP
00613         COMP_METHOD *method;
00614 #else
00615         char *method;
00616 #endif
00617         } SSL_COMP;
00618 
00619 DECLARE_STACK_OF(SSL_COMP)
00620 
00621 struct ssl_ctx_st
00622         {
00623         SSL_METHOD *method;
00624 
00625         STACK_OF(SSL_CIPHER) *cipher_list;
00626         /* same as above but sorted for lookup */
00627         STACK_OF(SSL_CIPHER) *cipher_list_by_id;
00628 
00629         struct x509_store_st /* X509_STORE */ *cert_store;
00630         struct lhash_st /* LHASH */ *sessions;  /* a set of SSL_SESSIONs */
00631         /* Most session-ids that will be cached, default is
00632          * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
00633         unsigned long session_cache_size;
00634         struct ssl_session_st *session_cache_head;
00635         struct ssl_session_st *session_cache_tail;
00636 
00637         /* This can have one of 2 values, ored together,
00638          * SSL_SESS_CACHE_CLIENT,
00639          * SSL_SESS_CACHE_SERVER,
00640          * Default is SSL_SESSION_CACHE_SERVER, which means only
00641          * SSL_accept which cache SSL_SESSIONS. */
00642         int session_cache_mode;
00643 
00644         /* If timeout is not 0, it is the default timeout value set
00645          * when SSL_new() is called.  This has been put in to make
00646          * life easier to set things up */
00647         long session_timeout;
00648 
00649         /* If this callback is not null, it will be called each
00650          * time a session id is added to the cache.  If this function
00651          * returns 1, it means that the callback will do a
00652          * SSL_SESSION_free() when it has finished using it.  Otherwise,
00653          * on 0, it means the callback has finished with it.
00654          * If remove_session_cb is not null, it will be called when
00655          * a session-id is removed from the cache.  After the call,
00656          * OpenSSL will SSL_SESSION_free() it. */
00657         int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
00658         void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
00659         SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
00660                 unsigned char *data,int len,int *copy);
00661 
00662         struct
00663                 {
00664                 int sess_connect;       /* SSL new conn - started */
00665                 int sess_connect_renegotiate;/* SSL reneg - requested */
00666                 int sess_connect_good;  /* SSL new conne/reneg - finished */
00667                 int sess_accept;        /* SSL new accept - started */
00668                 int sess_accept_renegotiate;/* SSL reneg - requested */
00669                 int sess_accept_good;   /* SSL accept/reneg - finished */
00670                 int sess_miss;          /* session lookup misses  */
00671                 int sess_timeout;       /* reuse attempt on timeouted session */
00672                 int sess_cache_full;    /* session removed due to full cache */
00673                 int sess_hit;           /* session reuse actually done */
00674                 int sess_cb_hit;        /* session-id that was not
00675                                          * in the cache was
00676                                          * passed back via the callback.  This
00677                                          * indicates that the application is
00678                                          * supplying session-id's from other
00679                                          * processes - spooky :-) */
00680                 } stats;
00681 
00682         int references;
00683 
00684         /* if defined, these override the X509_verify_cert() calls */
00685         int (*app_verify_callback)(X509_STORE_CTX *, void *);
00686         void *app_verify_arg;
00687         /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
00688          * ('app_verify_callback' was called with just one argument) */
00689 
00690         /* Default password callback. */
00691         pem_password_cb *default_passwd_callback;
00692 
00693         /* Default password callback user data. */
00694         void *default_passwd_callback_userdata;
00695 
00696         /* get client cert callback */
00697         int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
00698 
00699     /* cookie generate callback */
00700     int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
00701         unsigned int *cookie_len);
00702 
00703     /* verify cookie callback */
00704     int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
00705         unsigned int cookie_len);
00706 
00707         CRYPTO_EX_DATA ex_data;
00708 
00709         const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
00710         const EVP_MD *md5;      /* For SSLv3/TLSv1 'ssl3-md5' */
00711         const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
00712 
00713         STACK_OF(X509) *extra_certs;
00714         STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
00715 
00716 
00717         /* Default values used when no per-SSL value is defined follow */
00718 
00719         void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
00720 
00721         /* what we put in client cert requests */
00722         STACK_OF(X509_NAME) *client_CA;
00723 
00724 
00725         /* Default values to use in SSL structures follow (these are copied by SSL_new) */
00726 
00727         unsigned long options;
00728         unsigned long mode;
00729         long max_cert_list;
00730 
00731         struct cert_st /* CERT */ *cert;
00732         int read_ahead;
00733 
00734         /* callback that allows applications to peek at protocol messages */
00735         void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
00736         void *msg_callback_arg;
00737 
00738         int verify_mode;
00739         unsigned int sid_ctx_length;
00740         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
00741         int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
00742 
00743         /* Default generate session ID callback. */
00744         GEN_SESSION_CB generate_session_id;
00745 
00746         X509_VERIFY_PARAM *param;
00747 
00748 #if 0
00749         int purpose;            /* Purpose setting */
00750         int trust;              /* Trust setting */
00751 #endif
00752 
00753         int quiet_shutdown;
00754         };
00755 
00756 #define SSL_SESS_CACHE_OFF                      0x0000
00757 #define SSL_SESS_CACHE_CLIENT                   0x0001
00758 #define SSL_SESS_CACHE_SERVER                   0x0002
00759 #define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
00760 #define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
00761 /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
00762 #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
00763 #define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
00764 #define SSL_SESS_CACHE_NO_INTERNAL \
00765         (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
00766 
00767 IMPORT_C  struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
00768 #define SSL_CTX_sess_number(ctx) \
00769         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
00770 #define SSL_CTX_sess_connect(ctx) \
00771         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
00772 #define SSL_CTX_sess_connect_good(ctx) \
00773         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
00774 #define SSL_CTX_sess_connect_renegotiate(ctx) \
00775         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
00776 #define SSL_CTX_sess_accept(ctx) \
00777         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
00778 #define SSL_CTX_sess_accept_renegotiate(ctx) \
00779         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
00780 #define SSL_CTX_sess_accept_good(ctx) \
00781         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
00782 #define SSL_CTX_sess_hits(ctx) \
00783         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
00784 #define SSL_CTX_sess_cb_hits(ctx) \
00785         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
00786 #define SSL_CTX_sess_misses(ctx) \
00787         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
00788 #define SSL_CTX_sess_timeouts(ctx) \
00789         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
00790 #define SSL_CTX_sess_cache_full(ctx) \
00791         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
00792 
00793 #define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
00794 #define SSL_CTX_sess_get_new_cb(ctx)    ((ctx)->new_session_cb)
00795 #define SSL_CTX_sess_set_remove_cb(ctx,cb)      ((ctx)->remove_session_cb=(cb))
00796 #define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
00797 #define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
00798 #define SSL_CTX_sess_get_get_cb(ctx)    ((ctx)->get_session_cb)
00799 #define SSL_CTX_set_info_callback(ctx,cb)       ((ctx)->info_callback=(cb))
00800 #define SSL_CTX_get_info_callback(ctx)          ((ctx)->info_callback)
00801 #define SSL_CTX_set_client_cert_cb(ctx,cb)      ((ctx)->client_cert_cb=(cb))
00802 #define SSL_CTX_get_client_cert_cb(ctx)         ((ctx)->client_cert_cb)
00803 #define SSL_CTX_set_cookie_generate_cb(ctx,cb) ((ctx)->app_gen_cookie_cb=(cb))
00804 #define SSL_CTX_set_cookie_verify_cb(ctx,cb) ((ctx)->app_verify_cookie_cb=(cb))
00805 
00806 #define SSL_NOTHING     1
00807 #define SSL_WRITING     2
00808 #define SSL_READING     3
00809 #define SSL_X509_LOOKUP 4
00810 
00811 /* These will only be used when doing non-blocking IO */
00812 #define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
00813 #define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
00814 #define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
00815 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
00816 
00817 struct ssl_st
00818         {
00819         /* protocol version
00820          * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
00821          */
00822         int version;
00823         int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
00824 
00825         SSL_METHOD *method; /* SSLv3 */
00826 
00827         /* There are 2 BIO's even though they are normally both the
00828          * same.  This is so data can be read and written to different
00829          * handlers */
00830 
00831 #ifndef OPENSSL_NO_BIO
00832         BIO *rbio; /* used by SSL_read */
00833         BIO *wbio; /* used by SSL_write */
00834         BIO *bbio; /* used during session-id reuse to concatenate
00835                     * messages */
00836 #else
00837         char *rbio; /* used by SSL_read */
00838         char *wbio; /* used by SSL_write */
00839         char *bbio;
00840 #endif
00841         /* This holds a variable that indicates what we were doing
00842          * when a 0 or -1 is returned.  This is needed for
00843          * non-blocking IO so we know what request needs re-doing when
00844          * in SSL_accept or SSL_connect */
00845         int rwstate;
00846 
00847         /* true when we are actually in SSL_accept() or SSL_connect() */
00848         int in_handshake;
00849         int (*handshake_func)(SSL *);
00850 
00851         /* Imagine that here's a boolean member "init" that is
00852          * switched as soon as SSL_set_{accept/connect}_state
00853          * is called for the first time, so that "state" and
00854          * "handshake_func" are properly initialized.  But as
00855          * handshake_func is == 0 until then, we use this
00856          * test instead of an "init" member.
00857          */
00858 
00859         int server;     /* are we the server side? - mostly used by SSL_clear*/
00860 
00861         int new_session;/* 1 if we are to use a new session.
00862                          * 2 if we are a server and are inside a handshake
00863                          *   (i.e. not just sending a HelloRequest)
00864                          * NB: For servers, the 'new' session may actually be a previously
00865                          * cached session or even the previous session unless
00866                          * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
00867         int quiet_shutdown;/* don't send shutdown packets */
00868         int shutdown;   /* we have shut things down, 0x01 sent, 0x02
00869                          * for received */
00870         int state;      /* where we are */
00871         int rstate;     /* where we are when reading */
00872 
00873         BUF_MEM *init_buf;      /* buffer used during init */
00874         void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
00875         int init_num;           /* amount read/written */
00876         int init_off;           /* amount read/written */
00877 
00878         /* used internally to point at a raw packet */
00879         unsigned char *packet;
00880         unsigned int packet_length;
00881 
00882         struct ssl2_state_st *s2; /* SSLv2 variables */
00883         struct ssl3_state_st *s3; /* SSLv3 variables */
00884         struct dtls1_state_st *d1; /* DTLSv1 variables */
00885 
00886         int read_ahead;         /* Read as many input bytes as possible
00887                                  * (for non-blocking reads) */
00888 
00889         /* callback that allows applications to peek at protocol messages */
00890         void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
00891         void *msg_callback_arg;
00892 
00893         int hit;                /* reusing a previous session */
00894 
00895         X509_VERIFY_PARAM *param;
00896 
00897 #if 0
00898         int purpose;            /* Purpose setting */
00899         int trust;              /* Trust setting */
00900 #endif
00901 
00902         /* crypto */
00903         STACK_OF(SSL_CIPHER) *cipher_list;
00904         STACK_OF(SSL_CIPHER) *cipher_list_by_id;
00905 
00906         /* These are the ones being used, the ones in SSL_SESSION are
00907          * the ones to be 'copied' into these ones */
00908 
00909         EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
00910         const EVP_MD *read_hash;                /* used for mac generation */
00911 #ifndef OPENSSL_NO_COMP
00912         COMP_CTX *expand;                       /* uncompress */
00913 #else
00914         char *expand;
00915 #endif
00916 
00917         EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
00918         const EVP_MD *write_hash;               /* used for mac generation */
00919 #ifndef OPENSSL_NO_COMP
00920         COMP_CTX *compress;                     /* compression */
00921 #else
00922         char *compress; 
00923 #endif
00924 
00925         /* session info */
00926 
00927         /* client cert? */
00928         /* This is used to hold the server certificate used */
00929         struct cert_st /* CERT */ *cert;
00930 
00931         /* the session_id_context is used to ensure sessions are only reused
00932          * in the appropriate context */
00933         unsigned int sid_ctx_length;
00934         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
00935 
00936         /* This can also be in the session once a session is established */
00937         SSL_SESSION *session;
00938 
00939         /* Default generate session ID callback. */
00940         GEN_SESSION_CB generate_session_id;
00941 
00942         /* Used in SSL2 and SSL3 */
00943         int verify_mode;        /* 0 don't care about verify failure.
00944                                  * 1 fail if verify fails */
00945         int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
00946 
00947         void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
00948 
00949         int error;              /* error bytes to be written */
00950         int error_code;         /* actual code */
00951 
00952 #ifndef OPENSSL_NO_KRB5
00953         KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
00954 #endif  /* OPENSSL_NO_KRB5 */
00955 
00956         SSL_CTX *ctx;
00957         /* set this flag to 1 and a sleep(1) is put into all SSL_read()
00958          * and SSL_write() calls, good for nbio debuging :-) */
00959         int debug;      
00960 
00961         /* extra application data */
00962         long verify_result;
00963         CRYPTO_EX_DATA ex_data;
00964 
00965         /* for server side, keep the list of CA_dn we can use */
00966         STACK_OF(X509_NAME) *client_CA;
00967 
00968         int references;
00969         unsigned long options; /* protocol behaviour */
00970         unsigned long mode; /* API behaviour */
00971         long max_cert_list;
00972         int first_packet;
00973         int client_version;     /* what was passed, used for
00974                                  * SSLv3/TLS rollback check */
00975         };
00976 
00977 #ifdef __cplusplus
00978 }
00979 #endif
00980 
00981 #include <openssl/ssl2.h>
00982 #include <openssl/ssl3.h>
00983 #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
00984 #include <openssl/dtls1.h> /* Datagram TLS */
00985 #include <openssl/ssl23.h>
00986 
00987 #ifdef  __cplusplus
00988 extern "C" {
00989 #endif
00990 
00991 /* compatibility */
00992 #define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
00993 #define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
00994 #define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
00995 #define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
00996 #define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
00997 #define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
00998 
00999 /* The following are the possible values for ssl->state are are
01000  * used to indicate where we are up to in the SSL connection establishment.
01001  * The macros that follow are about the only things you should need to use
01002  * and even then, only when using non-blocking IO.
01003  * It can also be useful to work out where you were when the connection
01004  * failed */
01005 
01006 #define SSL_ST_CONNECT                  0x1000
01007 #define SSL_ST_ACCEPT                   0x2000
01008 #define SSL_ST_MASK                     0x0FFF
01009 #define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
01010 #define SSL_ST_BEFORE                   0x4000
01011 #define SSL_ST_OK                       0x03
01012 #define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
01013 
01014 #define SSL_CB_LOOP                     0x01
01015 #define SSL_CB_EXIT                     0x02
01016 #define SSL_CB_READ                     0x04
01017 #define SSL_CB_WRITE                    0x08
01018 #define SSL_CB_ALERT                    0x4000 /* used in callback */
01019 #define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
01020 #define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
01021 #define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
01022 #define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
01023 #define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
01024 #define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
01025 #define SSL_CB_HANDSHAKE_START          0x10
01026 #define SSL_CB_HANDSHAKE_DONE           0x20
01027 
01028 /* Is the SSL_connection established? */
01029 #define SSL_get_state(a)                SSL_state(a)
01030 #define SSL_is_init_finished(a)         (SSL_state(a) == SSL_ST_OK)
01031 #define SSL_in_init(a)                  (SSL_state(a)&SSL_ST_INIT)
01032 #define SSL_in_before(a)                (SSL_state(a)&SSL_ST_BEFORE)
01033 #define SSL_in_connect_init(a)          (SSL_state(a)&SSL_ST_CONNECT)
01034 #define SSL_in_accept_init(a)           (SSL_state(a)&SSL_ST_ACCEPT)
01035 
01036 /* The following 2 states are kept in ssl->rstate when reads fail,
01037  * you should not need these */
01038 #define SSL_ST_READ_HEADER                      0xF0
01039 #define SSL_ST_READ_BODY                        0xF1
01040 #define SSL_ST_READ_DONE                        0xF2
01041 
01042 /* Obtain latest Finished message
01043  *   -- that we sent (SSL_get_finished)
01044  *   -- that we expected from peer (SSL_get_peer_finished).
01045  * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
01046 IMPORT_C size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
01047 IMPORT_C size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
01048 
01049 /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
01050  * are 'ored' with SSL_VERIFY_PEER if they are desired */
01051 #define SSL_VERIFY_NONE                 0x00
01052 #define SSL_VERIFY_PEER                 0x01
01053 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
01054 #define SSL_VERIFY_CLIENT_ONCE          0x04
01055 
01056 #define OpenSSL_add_ssl_algorithms()    SSL_library_init()
01057 #define SSLeay_add_ssl_algorithms()     SSL_library_init()
01058 
01059 /* this is for backward compatibility */
01060 #if 0 /* NEW_SSLEAY */
01061 #define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
01062 #define SSL_set_pref_cipher(c,n)        SSL_set_cipher_list(c,n)
01063 #define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
01064 #define SSL_remove_session(a,b)         SSL_CTX_remove_session((a),(b))
01065 #define SSL_flush_sessions(a,b)         SSL_CTX_flush_sessions((a),(b))
01066 #endif
01067 /* More backward compatibility */
01068 #define SSL_get_cipher(s) \
01069                 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
01070 #define SSL_get_cipher_bits(s,np) \
01071                 SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
01072 #define SSL_get_cipher_version(s) \
01073                 SSL_CIPHER_get_version(SSL_get_current_cipher(s))
01074 #define SSL_get_cipher_name(s) \
01075                 SSL_CIPHER_get_name(SSL_get_current_cipher(s))
01076 #define SSL_get_time(a)         SSL_SESSION_get_time(a)
01077 #define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
01078 #define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
01079 #define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
01080 
01081 #if 1 /*SSLEAY_MACROS*/
01082 #define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
01083 #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
01084 #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
01085         (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
01086 #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
01087 #define PEM_write_SSL_SESSION(fp,x) \
01088         PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
01089                 PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
01090 #define PEM_write_bio_SSL_SESSION(bp,x) \
01091         PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
01092 #endif
01093 
01094 #define SSL_AD_REASON_OFFSET            1000
01095 /* These alert types are for SSLv3 and TLSv1 */
01096 #define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
01097 #define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
01098 #define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC     /* fatal */
01099 #define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
01100 #define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
01101 #define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
01102 #define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE/* fatal */
01103 #define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE /* Not for TLS */
01104 #define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
01105 #define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
01106 #define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
01107 #define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
01108 #define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
01109 #define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
01110 #define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA      /* fatal */
01111 #define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED   /* fatal */
01112 #define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR    /* fatal */
01113 #define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
01114 #define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION/* fatal */
01115 #define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION /* fatal */
01116 #define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
01117 #define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR  /* fatal */
01118 #define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
01119 #define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
01120 
01121 #define SSL_ERROR_NONE                  0
01122 #define SSL_ERROR_SSL                   1
01123 #define SSL_ERROR_WANT_READ             2
01124 #define SSL_ERROR_WANT_WRITE            3
01125 #define SSL_ERROR_WANT_X509_LOOKUP      4
01126 #define SSL_ERROR_SYSCALL               5 /* look at error stack/return value/errno */
01127 #define SSL_ERROR_ZERO_RETURN           6
01128 #define SSL_ERROR_WANT_CONNECT          7
01129 #define SSL_ERROR_WANT_ACCEPT           8
01130 
01131 #define SSL_CTRL_NEED_TMP_RSA                   1
01132 #define SSL_CTRL_SET_TMP_RSA                    2
01133 #define SSL_CTRL_SET_TMP_DH                     3
01134 #define SSL_CTRL_SET_TMP_ECDH                   4
01135 #define SSL_CTRL_SET_TMP_RSA_CB                 5
01136 #define SSL_CTRL_SET_TMP_DH_CB                  6
01137 #define SSL_CTRL_SET_TMP_ECDH_CB                7
01138 
01139 #define SSL_CTRL_GET_SESSION_REUSED             8
01140 #define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
01141 #define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
01142 #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
01143 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
01144 #define SSL_CTRL_GET_FLAGS                      13
01145 #define SSL_CTRL_EXTRA_CHAIN_CERT               14
01146 
01147 #define SSL_CTRL_SET_MSG_CALLBACK               15
01148 #define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
01149 
01150 /* only applies to datagram connections */
01151 #define SSL_CTRL_SET_MTU                17
01152 /* Stats */
01153 #define SSL_CTRL_SESS_NUMBER                    20
01154 #define SSL_CTRL_SESS_CONNECT                   21
01155 #define SSL_CTRL_SESS_CONNECT_GOOD              22
01156 #define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
01157 #define SSL_CTRL_SESS_ACCEPT                    24
01158 #define SSL_CTRL_SESS_ACCEPT_GOOD               25
01159 #define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
01160 #define SSL_CTRL_SESS_HIT                       27
01161 #define SSL_CTRL_SESS_CB_HIT                    28
01162 #define SSL_CTRL_SESS_MISSES                    29
01163 #define SSL_CTRL_SESS_TIMEOUTS                  30
01164 #define SSL_CTRL_SESS_CACHE_FULL                31
01165 #define SSL_CTRL_OPTIONS                        32
01166 #define SSL_CTRL_MODE                           33
01167 
01168 #define SSL_CTRL_GET_READ_AHEAD                 40
01169 #define SSL_CTRL_SET_READ_AHEAD                 41
01170 #define SSL_CTRL_SET_SESS_CACHE_SIZE            42
01171 #define SSL_CTRL_GET_SESS_CACHE_SIZE            43
01172 #define SSL_CTRL_SET_SESS_CACHE_MODE            44
01173 #define SSL_CTRL_GET_SESS_CACHE_MODE            45
01174 
01175 #define SSL_CTRL_GET_MAX_CERT_LIST              50
01176 #define SSL_CTRL_SET_MAX_CERT_LIST              51
01177 
01178 #define SSL_session_reused(ssl) \
01179         SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
01180 #define SSL_num_renegotiations(ssl) \
01181         SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
01182 #define SSL_clear_num_renegotiations(ssl) \
01183         SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
01184 #define SSL_total_renegotiations(ssl) \
01185         SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
01186 
01187 #define SSL_CTX_need_tmp_RSA(ctx) \
01188         SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
01189 #define SSL_CTX_set_tmp_rsa(ctx,rsa) \
01190         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
01191 #define SSL_CTX_set_tmp_dh(ctx,dh) \
01192         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
01193 #define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
01194         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
01195 
01196 #define SSL_need_tmp_RSA(ssl) \
01197         SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
01198 #define SSL_set_tmp_rsa(ssl,rsa) \
01199         SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
01200 #define SSL_set_tmp_dh(ssl,dh) \
01201         SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
01202 #define SSL_set_tmp_ecdh(ssl,ecdh) \
01203         SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
01204 
01205 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
01206         SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
01207 
01208 #ifndef OPENSSL_NO_BIO
01209 IMPORT_C BIO_METHOD *BIO_f_ssl(void);
01210 IMPORT_C BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
01211 IMPORT_C BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
01212 IMPORT_C BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
01213 IMPORT_C int BIO_ssl_copy_session_id(BIO *to,BIO *from);
01214 IMPORT_C void BIO_ssl_shutdown(BIO *ssl_bio);
01215 
01216 #endif
01217 
01218 IMPORT_C int    SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
01219 IMPORT_C SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
01220 IMPORT_C void   SSL_CTX_free(SSL_CTX *);
01221 IMPORT_C long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
01222 IMPORT_C long SSL_CTX_get_timeout(const SSL_CTX *ctx);
01223 IMPORT_C X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
01224 IMPORT_C void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
01225 IMPORT_C int SSL_want(const SSL *s);
01226 IMPORT_C int    SSL_clear(SSL *s);
01227 
01228 IMPORT_C void   SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
01229 
01230 IMPORT_C SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
01231 IMPORT_C int    SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
01232 IMPORT_C char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
01233 IMPORT_C const char *   SSL_CIPHER_get_name(const SSL_CIPHER *c);
01234 
01235 IMPORT_C int    SSL_get_fd(const SSL *s);
01236 IMPORT_C int    SSL_get_rfd(const SSL *s);
01237 IMPORT_C int    SSL_get_wfd(const SSL *s);
01238 IMPORT_C const char  * SSL_get_cipher_list(const SSL *s,int n);
01239 IMPORT_C char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
01240 IMPORT_C int    SSL_get_read_ahead(const SSL * s);
01241 IMPORT_C int    SSL_pending(const SSL *s);
01242 #ifndef OPENSSL_NO_SOCK
01243 IMPORT_C int    SSL_set_fd(SSL *s, int fd);
01244 IMPORT_C int    SSL_set_rfd(SSL *s, int fd);
01245 IMPORT_C int    SSL_set_wfd(SSL *s, int fd);
01246 #endif
01247 #ifndef OPENSSL_NO_BIO
01248 IMPORT_C void   SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
01249 IMPORT_C BIO *  SSL_get_rbio(const SSL *s);
01250 IMPORT_C BIO *  SSL_get_wbio(const SSL *s);
01251 #endif
01252 IMPORT_C int    SSL_set_cipher_list(SSL *s, const char *str);
01253 IMPORT_C void   SSL_set_read_ahead(SSL *s, int yes);
01254 IMPORT_C int    SSL_get_verify_mode(const SSL *s);
01255 IMPORT_C int    SSL_get_verify_depth(const SSL *s);
01256 IMPORT_C int    (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
01257 IMPORT_C void   SSL_set_verify(SSL *s, int mode,
01258                        int (*callback)(int ok,X509_STORE_CTX *ctx));
01259 IMPORT_C void   SSL_set_verify_depth(SSL *s, int depth);
01260 #ifndef OPENSSL_NO_RSA
01261 IMPORT_C int    SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
01262 #endif
01263 IMPORT_C int    SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
01264 IMPORT_C int    SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
01265 IMPORT_C int    SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
01266 IMPORT_C int    SSL_use_certificate(SSL *ssl, X509 *x);
01267 IMPORT_C int    SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
01268 
01269 #ifndef OPENSSL_NO_STDIO
01270 IMPORT_C int    SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
01271 IMPORT_C int    SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
01272 IMPORT_C int    SSL_use_certificate_file(SSL *ssl, const char *file, int type);
01273 IMPORT_C int    SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
01274 IMPORT_C int    SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
01275 IMPORT_C int    SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
01276 IMPORT_C int    SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
01277 IMPORT_C STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
01278 IMPORT_C int    SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
01279                                             const char *file);
01280 #ifndef OPENSSL_SYS_VMS
01281 #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
01282 IMPORT_C int    SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
01283                                            const char *dir);
01284 #endif
01285 #endif
01286 
01287 #endif
01288 
01289 IMPORT_C void   SSL_load_error_strings(void );
01290 IMPORT_C const char *SSL_state_string(const SSL *s);
01291 IMPORT_C const char *SSL_rstate_string(const SSL *s);
01292 IMPORT_C const char *SSL_state_string_long(const SSL *s);
01293 IMPORT_C const char *SSL_rstate_string_long(const SSL *s);
01294 IMPORT_C long   SSL_SESSION_get_time(const SSL_SESSION *s);
01295 IMPORT_C long   SSL_SESSION_set_time(SSL_SESSION *s, long t);
01296 IMPORT_C long   SSL_SESSION_get_timeout(const SSL_SESSION *s);
01297 IMPORT_C long   SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
01298 IMPORT_C void   SSL_copy_session_id(SSL *to,const SSL *from);
01299 
01300 IMPORT_C SSL_SESSION *SSL_SESSION_new(void);
01301 IMPORT_C unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
01302 IMPORT_C int    SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
01303 IMPORT_C const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
01304 #ifndef OPENSSL_NO_FP_API
01305 IMPORT_C int    SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
01306 #endif
01307 #ifndef OPENSSL_NO_BIO
01308 IMPORT_C int    SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
01309 #endif
01310 IMPORT_C void   SSL_SESSION_free(SSL_SESSION *ses);
01311 IMPORT_C int    i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
01312 IMPORT_C int    SSL_set_session(SSL *to, SSL_SESSION *session);
01313 IMPORT_C int    SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
01314 IMPORT_C int    SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
01315 IMPORT_C int    SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
01316 IMPORT_C int    SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
01317 IMPORT_C int    SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
01318                                         unsigned int id_len);
01319 IMPORT_C SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
01320                              long length);
01321 
01322 #ifdef HEADER_X509_H
01323 IMPORT_C X509 * SSL_get_peer_certificate(const SSL *s);
01324 #endif
01325 
01326 IMPORT_C STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
01327 
01328 IMPORT_C int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
01329 IMPORT_C int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
01330 IMPORT_C int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
01331 IMPORT_C void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
01332                         int (*callback)(int, X509_STORE_CTX *));
01333 IMPORT_C void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
01334 IMPORT_C void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
01335 #ifndef OPENSSL_NO_RSA
01336 IMPORT_C int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
01337 #endif
01338 IMPORT_C int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
01339 IMPORT_C int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
01340 IMPORT_C int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
01341         const unsigned char *d, long len);
01342 IMPORT_C int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
01343 IMPORT_C int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
01344 
01345 IMPORT_C void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
01346 IMPORT_C void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
01347 
01348 IMPORT_C int SSL_CTX_check_private_key(const SSL_CTX *ctx);
01349 IMPORT_C int SSL_check_private_key(const SSL *ctx);
01350 
01351 IMPORT_C int    SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
01352                                        unsigned int sid_ctx_len);
01353 
01354 IMPORT_C SSL *  SSL_new(SSL_CTX *ctx);
01355 IMPORT_C int    SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
01356                                    unsigned int sid_ctx_len);
01357 
01358 IMPORT_C int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
01359 IMPORT_C int SSL_set_purpose(SSL *s, int purpose);
01360 IMPORT_C int SSL_CTX_set_trust(SSL_CTX *s, int trust);
01361 IMPORT_C int SSL_set_trust(SSL *s, int trust);
01362 
01363 IMPORT_C void   SSL_free(SSL *ssl);
01364 IMPORT_C int    SSL_accept(SSL *ssl);
01365 IMPORT_C int    SSL_connect(SSL *ssl);
01366 IMPORT_C int    SSL_read(SSL *ssl,void *buf,int num);
01367 IMPORT_C int    SSL_peek(SSL *ssl,void *buf,int num);
01368 IMPORT_C int    SSL_write(SSL *ssl,const void *buf,int num);
01369 IMPORT_C long   SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
01370 IMPORT_C long   SSL_callback_ctrl(SSL *, int, void (*)(void));
01371 IMPORT_C long   SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
01372 IMPORT_C long   SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
01373 
01374 IMPORT_C int    SSL_get_error(const SSL *s,int ret_code);
01375 IMPORT_C const char *SSL_get_version(const SSL *s);
01376 
01377 /* This sets the 'default' SSL version that SSL_new() will create */
01378 IMPORT_C int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
01379 
01380 IMPORT_C SSL_METHOD *SSLv2_method(void);                /* SSLv2 */
01381 IMPORT_C SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
01382 IMPORT_C SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
01383 
01384 IMPORT_C SSL_METHOD *SSLv3_method(void);                /* SSLv3 */
01385 IMPORT_C SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
01386 IMPORT_C SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
01387 
01388 IMPORT_C SSL_METHOD *SSLv23_method(void);       /* SSLv3 but can rollback to v2 */
01389 IMPORT_C SSL_METHOD *SSLv23_server_method(void);        /* SSLv3 but can rollback to v2 */
01390 IMPORT_C SSL_METHOD *SSLv23_client_method(void);        /* SSLv3 but can rollback to v2 */
01391 
01392 IMPORT_C SSL_METHOD *TLSv1_method(void);                /* TLSv1.0 */
01393 IMPORT_C SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
01394 IMPORT_C SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
01395 
01396 IMPORT_C SSL_METHOD *DTLSv1_method(void);               /* DTLSv1.0 */
01397 IMPORT_C SSL_METHOD *DTLSv1_server_method(void);        /* DTLSv1.0 */
01398 IMPORT_C SSL_METHOD *DTLSv1_client_method(void);        /* DTLSv1.0 */
01399 
01400 IMPORT_C STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
01401 
01402 IMPORT_C int SSL_do_handshake(SSL *s);
01403 IMPORT_C int SSL_renegotiate(SSL *s);
01404 IMPORT_C int SSL_renegotiate_pending(SSL *s);
01405 IMPORT_C int SSL_shutdown(SSL *s);
01406 
01407 IMPORT_C SSL_METHOD *SSL_get_ssl_method(SSL *s);
01408 IMPORT_C int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
01409 IMPORT_C const char *SSL_alert_type_string_long(int value);
01410 IMPORT_C const char *SSL_alert_type_string(int value);
01411 IMPORT_C const char *SSL_alert_desc_string_long(int value);
01412 IMPORT_C const char *SSL_alert_desc_string(int value);
01413 
01414 IMPORT_C void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
01415 IMPORT_C void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
01416 IMPORT_C STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
01417 IMPORT_C STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
01418 IMPORT_C int SSL_add_client_CA(SSL *ssl,X509 *x);
01419 IMPORT_C int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
01420 
01421 IMPORT_C void SSL_set_connect_state(SSL *s);
01422 IMPORT_C void SSL_set_accept_state(SSL *s);
01423 
01424 IMPORT_C long SSL_get_default_timeout(const SSL *s);
01425 
01426 IMPORT_C int SSL_library_init(void );
01427 
01428 IMPORT_C char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
01429 IMPORT_C STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
01430 
01431 IMPORT_C SSL *SSL_dup(SSL *ssl);
01432 
01433 IMPORT_C X509 *SSL_get_certificate(const SSL *ssl);
01434 IMPORT_C /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
01435 
01436 IMPORT_C void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
01437 IMPORT_C int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
01438 IMPORT_C void SSL_set_quiet_shutdown(SSL *ssl,int mode);
01439 IMPORT_C int SSL_get_quiet_shutdown(const SSL *ssl);
01440 IMPORT_C void SSL_set_shutdown(SSL *ssl,int mode);
01441 IMPORT_C int SSL_get_shutdown(const SSL *ssl);
01442 IMPORT_C int SSL_version(const SSL *ssl);
01443 IMPORT_C int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
01444 IMPORT_C int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
01445         const char *CApath);
01446 #define SSL_get0_session SSL_get_session /* just peek at pointer */
01447 IMPORT_C SSL_SESSION *SSL_get_session(const SSL *ssl);
01448 IMPORT_C SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
01449 IMPORT_C SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
01450 IMPORT_C void SSL_set_info_callback(SSL *ssl,
01451                            void (*cb)(const SSL *ssl,int type,int val));
01452 IMPORT_C void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
01453 IMPORT_C int SSL_state(const SSL *ssl);
01454 
01455 IMPORT_C void SSL_set_verify_result(SSL *ssl,long v);
01456 IMPORT_C long SSL_get_verify_result(const SSL *ssl);
01457 
01458 IMPORT_C int SSL_set_ex_data(SSL *ssl,int idx,void *data);
01459 IMPORT_C void *SSL_get_ex_data(const SSL *ssl,int idx);
01460 IMPORT_C int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
01461         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
01462 
01463 IMPORT_C int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
01464 IMPORT_C void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
01465 IMPORT_C int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
01466         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
01467 
01468 IMPORT_C int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
01469 IMPORT_C void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
01470 IMPORT_C int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
01471         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
01472 
01473 IMPORT_C int SSL_get_ex_data_X509_STORE_CTX_idx(void );
01474 
01475 #define SSL_CTX_sess_set_cache_size(ctx,t) \
01476         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
01477 #define SSL_CTX_sess_get_cache_size(ctx) \
01478         SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
01479 #define SSL_CTX_set_session_cache_mode(ctx,m) \
01480         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
01481 #define SSL_CTX_get_session_cache_mode(ctx) \
01482         SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
01483 
01484 #define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
01485 #define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
01486 #define SSL_CTX_get_read_ahead(ctx) \
01487         SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
01488 #define SSL_CTX_set_read_ahead(ctx,m) \
01489         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
01490 #define SSL_CTX_get_max_cert_list(ctx) \
01491         SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
01492 #define SSL_CTX_set_max_cert_list(ctx,m) \
01493         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
01494 #define SSL_get_max_cert_list(ssl) \
01495         SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
01496 #define SSL_set_max_cert_list(ssl,m) \
01497         SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
01498 
01499      /* NB: the keylength is only applicable when is_export is true */
01500 #ifndef OPENSSL_NO_RSA
01501 IMPORT_C void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
01502                                   RSA *(*cb)(SSL *ssl,int is_export,
01503                                              int keylength));
01504 
01505 IMPORT_C void SSL_set_tmp_rsa_callback(SSL *ssl,
01506                                   RSA *(*cb)(SSL *ssl,int is_export,
01507                                              int keylength));
01508 #endif
01509 #ifndef OPENSSL_NO_DH
01510 IMPORT_C void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
01511                                  DH *(*dh)(SSL *ssl,int is_export,
01512                                            int keylength));
01513 IMPORT_C void SSL_set_tmp_dh_callback(SSL *ssl,
01514                                  DH *(*dh)(SSL *ssl,int is_export,
01515                                            int keylength));
01516 #endif
01517 
01518 #ifndef OPENSSL_NO_COMP
01519 IMPORT_C const COMP_METHOD *SSL_get_current_compression(SSL *s);
01520 IMPORT_C const COMP_METHOD *SSL_get_current_expansion(SSL *s);
01521 IMPORT_C const char *SSL_COMP_get_name(const COMP_METHOD *comp);
01522 IMPORT_C STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
01523 IMPORT_C int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
01524 #else
01525 IMPORT_C const void *SSL_get_current_compression(SSL *s);
01526 IMPORT_C const void *SSL_get_current_expansion(SSL *s);
01527 IMPORT_C const char *SSL_COMP_get_name(const void *comp);
01528 IMPORT_C void *SSL_COMP_get_compression_methods(void);
01529 IMPORT_C int SSL_COMP_add_compression_method(int id,void *cm);
01530 #endif
01531 
01532 /* BEGIN ERROR CODES */
01533 /* The following lines are auto generated by the script mkerr.pl. Any changes
01534  * made after this point may be overwritten when the script is next run.
01535  */
01536 IMPORT_C void ERR_load_SSL_strings(void);
01537 
01538 /* Error codes for the SSL functions. */
01539 
01540 /* Function codes. */
01541 #define SSL_F_CLIENT_CERTIFICATE                         100
01542 #define SSL_F_CLIENT_FINISHED                            167
01543 #define SSL_F_CLIENT_HELLO                               101
01544 #define SSL_F_CLIENT_MASTER_KEY                          102
01545 #define SSL_F_D2I_SSL_SESSION                            103
01546 #define SSL_F_DO_DTLS1_WRITE                             245
01547 #define SSL_F_DO_SSL3_WRITE                              104
01548 #define SSL_F_DTLS1_ACCEPT                               246
01549 #define SSL_F_DTLS1_BUFFER_RECORD                        247
01550 #define SSL_F_DTLS1_CLIENT_HELLO                         248
01551 #define SSL_F_DTLS1_CONNECT                              249
01552 #define SSL_F_DTLS1_ENC                                  250
01553 #define SSL_F_DTLS1_GET_HELLO_VERIFY                     251
01554 #define SSL_F_DTLS1_GET_MESSAGE                          252
01555 #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                 253
01556 #define SSL_F_DTLS1_GET_RECORD                           254
01557 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                    255
01558 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE           256
01559 #define SSL_F_DTLS1_PROCESS_RECORD                       257
01560 #define SSL_F_DTLS1_READ_BYTES                           258
01561 #define SSL_F_DTLS1_READ_FAILED                          259
01562 #define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST             260
01563 #define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE              261
01564 #define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE             262
01565 #define SSL_F_DTLS1_SEND_CLIENT_VERIFY                   263
01566 #define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST            264
01567 #define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE              265
01568 #define SSL_F_DTLS1_SEND_SERVER_HELLO                    266
01569 #define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE             267
01570 #define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
01571 #define SSL_F_GET_CLIENT_FINISHED                        105
01572 #define SSL_F_GET_CLIENT_HELLO                           106
01573 #define SSL_F_GET_CLIENT_MASTER_KEY                      107
01574 #define SSL_F_GET_SERVER_FINISHED                        108
01575 #define SSL_F_GET_SERVER_HELLO                           109
01576 #define SSL_F_GET_SERVER_VERIFY                          110
01577 #define SSL_F_I2D_SSL_SESSION                            111
01578 #define SSL_F_READ_N                                     112
01579 #define SSL_F_REQUEST_CERTIFICATE                        113
01580 #define SSL_F_SERVER_FINISH                              239
01581 #define SSL_F_SERVER_HELLO                               114
01582 #define SSL_F_SERVER_VERIFY                              240
01583 #define SSL_F_SSL23_ACCEPT                               115
01584 #define SSL_F_SSL23_CLIENT_HELLO                         116
01585 #define SSL_F_SSL23_CONNECT                              117
01586 #define SSL_F_SSL23_GET_CLIENT_HELLO                     118
01587 #define SSL_F_SSL23_GET_SERVER_HELLO                     119
01588 #define SSL_F_SSL23_PEEK                                 237
01589 #define SSL_F_SSL23_READ                                 120
01590 #define SSL_F_SSL23_WRITE                                121
01591 #define SSL_F_SSL2_ACCEPT                                122
01592 #define SSL_F_SSL2_CONNECT                               123
01593 #define SSL_F_SSL2_ENC_INIT                              124
01594 #define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
01595 #define SSL_F_SSL2_PEEK                                  234
01596 #define SSL_F_SSL2_READ                                  125
01597 #define SSL_F_SSL2_READ_INTERNAL                         236
01598 #define SSL_F_SSL2_SET_CERTIFICATE                       126
01599 #define SSL_F_SSL2_WRITE                                 127
01600 #define SSL_F_SSL3_ACCEPT                                128
01601 #define SSL_F_SSL3_CALLBACK_CTRL                         233
01602 #define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
01603 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
01604 #define SSL_F_SSL3_CLIENT_HELLO                          131
01605 #define SSL_F_SSL3_CONNECT                               132
01606 #define SSL_F_SSL3_CTRL                                  213
01607 #define SSL_F_SSL3_CTX_CTRL                              133
01608 #define SSL_F_SSL3_ENC                                   134
01609 #define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
01610 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
01611 #define SSL_F_SSL3_GET_CERT_VERIFY                       136
01612 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
01613 #define SSL_F_SSL3_GET_CLIENT_HELLO                      138
01614 #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE               139
01615 #define SSL_F_SSL3_GET_FINISHED                          140
01616 #define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
01617 #define SSL_F_SSL3_GET_MESSAGE                           142
01618 #define SSL_F_SSL3_GET_RECORD                            143
01619 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
01620 #define SSL_F_SSL3_GET_SERVER_DONE                       145
01621 #define SSL_F_SSL3_GET_SERVER_HELLO                      146
01622 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
01623 #define SSL_F_SSL3_PEEK                                  235
01624 #define SSL_F_SSL3_READ_BYTES                            148
01625 #define SSL_F_SSL3_READ_N                                149
01626 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST              150
01627 #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
01628 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
01629 #define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
01630 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
01631 #define SSL_F_SSL3_SEND_SERVER_HELLO                     242
01632 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
01633 #define SSL_F_SSL3_SETUP_BUFFERS                         156
01634 #define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
01635 #define SSL_F_SSL3_WRITE_BYTES                           158
01636 #define SSL_F_SSL3_WRITE_PENDING                         159
01637 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
01638 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
01639 #define SSL_F_SSL_BAD_METHOD                             160
01640 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
01641 #define SSL_F_SSL_CERT_DUP                               221
01642 #define SSL_F_SSL_CERT_INST                              222
01643 #define SSL_F_SSL_CERT_INSTANTIATE                       214
01644 #define SSL_F_SSL_CERT_NEW                               162
01645 #define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
01646 #define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
01647 #define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
01648 #define SSL_F_SSL_CLEAR                                  164
01649 #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
01650 #define SSL_F_SSL_CREATE_CIPHER_LIST                     166
01651 #define SSL_F_SSL_CTRL                                   232
01652 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
01653 #define SSL_F_SSL_CTX_NEW                                169
01654 #define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
01655 #define SSL_F_SSL_CTX_SET_PURPOSE                        226
01656 #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
01657 #define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
01658 #define SSL_F_SSL_CTX_SET_TRUST                          229
01659 #define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
01660 #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
01661 #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE         220
01662 #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
01663 #define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
01664 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
01665 #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
01666 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
01667 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
01668 #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
01669 #define SSL_F_SSL_DO_HANDSHAKE                           180
01670 #define SSL_F_SSL_GET_NEW_SESSION                        181
01671 #define SSL_F_SSL_GET_PREV_SESSION                       217
01672 #define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
01673 #define SSL_F_SSL_GET_SIGN_PKEY                          183
01674 #define SSL_F_SSL_INIT_WBIO_BUFFER                       184
01675 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
01676 #define SSL_F_SSL_NEW                                    186
01677 #define SSL_F_SSL_PEEK                                   270
01678 #define SSL_F_SSL_READ                                   223
01679 #define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
01680 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
01681 #define SSL_F_SSL_SESSION_NEW                            189
01682 #define SSL_F_SSL_SESSION_PRINT_FP                       190
01683 #define SSL_F_SSL_SESS_CERT_NEW                          225
01684 #define SSL_F_SSL_SET_CERT                               191
01685 #define SSL_F_SSL_SET_CIPHER_LIST                        271
01686 #define SSL_F_SSL_SET_FD                                 192
01687 #define SSL_F_SSL_SET_PKEY                               193
01688 #define SSL_F_SSL_SET_PURPOSE                            227
01689 #define SSL_F_SSL_SET_RFD                                194
01690 #define SSL_F_SSL_SET_SESSION                            195
01691 #define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
01692 #define SSL_F_SSL_SET_TRUST                              228
01693 #define SSL_F_SSL_SET_WFD                                196
01694 #define SSL_F_SSL_SHUTDOWN                               224
01695 #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION               243
01696 #define SSL_F_SSL_UNDEFINED_FUNCTION                     197
01697 #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
01698 #define SSL_F_SSL_USE_CERTIFICATE                        198
01699 #define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
01700 #define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
01701 #define SSL_F_SSL_USE_PRIVATEKEY                         201
01702 #define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
01703 #define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
01704 #define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
01705 #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
01706 #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
01707 #define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
01708 #define SSL_F_SSL_WRITE                                  208
01709 #define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
01710 #define SSL_F_TLS1_ENC                                   210
01711 #define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
01712 #define SSL_F_WRITE_PENDING                              212
01713 
01714 /* Reason codes. */
01715 #define SSL_R_APP_DATA_IN_HANDSHAKE                      100
01716 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
01717 #define SSL_R_BAD_ALERT_RECORD                           101
01718 #define SSL_R_BAD_AUTHENTICATION_TYPE                    102
01719 #define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
01720 #define SSL_R_BAD_CHECKSUM                               104
01721 #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
01722 #define SSL_R_BAD_DECOMPRESSION                          107
01723 #define SSL_R_BAD_DH_G_LENGTH                            108
01724 #define SSL_R_BAD_DH_PUB_KEY_LENGTH                      109
01725 #define SSL_R_BAD_DH_P_LENGTH                            110
01726 #define SSL_R_BAD_DIGEST_LENGTH                          111
01727 #define SSL_R_BAD_DSA_SIGNATURE                          112
01728 #define SSL_R_BAD_ECC_CERT                               304
01729 #define SSL_R_BAD_ECDSA_SIGNATURE                        305
01730 #define SSL_R_BAD_ECPOINT                                306
01731 #define SSL_R_BAD_HELLO_REQUEST                          105
01732 #define SSL_R_BAD_LENGTH                                 271
01733 #define SSL_R_BAD_MAC_DECODE                             113
01734 #define SSL_R_BAD_MESSAGE_TYPE                           114
01735 #define SSL_R_BAD_PACKET_LENGTH                          115
01736 #define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
01737 #define SSL_R_BAD_RESPONSE_ARGUMENT                      117
01738 #define SSL_R_BAD_RSA_DECRYPT                            118
01739 #define SSL_R_BAD_RSA_ENCRYPT                            119
01740 #define SSL_R_BAD_RSA_E_LENGTH                           120
01741 #define SSL_R_BAD_RSA_MODULUS_LENGTH                     121
01742 #define SSL_R_BAD_RSA_SIGNATURE                          122
01743 #define SSL_R_BAD_SIGNATURE                              123
01744 #define SSL_R_BAD_SSL_FILETYPE                           124
01745 #define SSL_R_BAD_SSL_SESSION_ID_LENGTH                  125
01746 #define SSL_R_BAD_STATE                                  126
01747 #define SSL_R_BAD_WRITE_RETRY                            127
01748 #define SSL_R_BIO_NOT_SET                                128
01749 #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
01750 #define SSL_R_BN_LIB                                     130
01751 #define SSL_R_CA_DN_LENGTH_MISMATCH                      131
01752 #define SSL_R_CA_DN_TOO_LONG                             132
01753 #define SSL_R_CCS_RECEIVED_EARLY                         133
01754 #define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
01755 #define SSL_R_CERT_LENGTH_MISMATCH                       135
01756 #define SSL_R_CHALLENGE_IS_DIFFERENT                     136
01757 #define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
01758 #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
01759 #define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
01760 #define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
01761 #define SSL_R_COMPRESSION_FAILURE                        141
01762 #define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
01763 #define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
01764 #define SSL_R_CONNECTION_ID_IS_DIFFERENT                 143
01765 #define SSL_R_CONNECTION_TYPE_NOT_SET                    144
01766 #define SSL_R_COOKIE_MISMATCH                            308
01767 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
01768 #define SSL_R_DATA_LENGTH_TOO_LONG                       146
01769 #define SSL_R_DECRYPTION_FAILED                          147
01770 #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
01771 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
01772 #define SSL_R_DIGEST_CHECK_FAILED                        149
01773 #define SSL_R_DUPLICATE_COMPRESSION_ID                   309
01774 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER               310
01775 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
01776 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               282
01777 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
01778 #define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
01779 #define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
01780 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
01781 #define SSL_R_HTTPS_PROXY_REQUEST                        155
01782 #define SSL_R_HTTP_REQUEST                               156
01783 #define SSL_R_ILLEGAL_PADDING                            283
01784 #define SSL_R_INVALID_CHALLENGE_LENGTH                   158
01785 #define SSL_R_INVALID_COMMAND                            280
01786 #define SSL_R_INVALID_PURPOSE                            278
01787 #define SSL_R_INVALID_TRUST                              279
01788 #define SSL_R_KEY_ARG_TOO_LONG                           284
01789 #define SSL_R_KRB5                                       285
01790 #define SSL_R_KRB5_C_CC_PRINC                            286
01791 #define SSL_R_KRB5_C_GET_CRED                            287
01792 #define SSL_R_KRB5_C_INIT                                288
01793 #define SSL_R_KRB5_C_MK_REQ                              289
01794 #define SSL_R_KRB5_S_BAD_TICKET                          290
01795 #define SSL_R_KRB5_S_INIT                                291
01796 #define SSL_R_KRB5_S_RD_REQ                              292
01797 #define SSL_R_KRB5_S_TKT_EXPIRED                         293
01798 #define SSL_R_KRB5_S_TKT_NYV                             294
01799 #define SSL_R_KRB5_S_TKT_SKEW                            295
01800 #define SSL_R_LENGTH_MISMATCH                            159
01801 #define SSL_R_LENGTH_TOO_SHORT                           160
01802 #define SSL_R_LIBRARY_BUG                                274
01803 #define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
01804 #define SSL_R_MESSAGE_TOO_LONG                           296
01805 #define SSL_R_MISSING_DH_DSA_CERT                        162
01806 #define SSL_R_MISSING_DH_KEY                             163
01807 #define SSL_R_MISSING_DH_RSA_CERT                        164
01808 #define SSL_R_MISSING_DSA_SIGNING_CERT                   165
01809 #define SSL_R_MISSING_EXPORT_TMP_DH_KEY                  166
01810 #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY                 167
01811 #define SSL_R_MISSING_RSA_CERTIFICATE                    168
01812 #define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
01813 #define SSL_R_MISSING_RSA_SIGNING_CERT                   170
01814 #define SSL_R_MISSING_TMP_DH_KEY                         171
01815 #define SSL_R_MISSING_TMP_ECDH_KEY                       311
01816 #define SSL_R_MISSING_TMP_RSA_KEY                        172
01817 #define SSL_R_MISSING_TMP_RSA_PKEY                       173
01818 #define SSL_R_MISSING_VERIFY_MESSAGE                     174
01819 #define SSL_R_NON_SSLV2_INITIAL_PACKET                   175
01820 #define SSL_R_NO_CERTIFICATES_RETURNED                   176
01821 #define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
01822 #define SSL_R_NO_CERTIFICATE_RETURNED                    178
01823 #define SSL_R_NO_CERTIFICATE_SET                         179
01824 #define SSL_R_NO_CERTIFICATE_SPECIFIED                   180
01825 #define SSL_R_NO_CIPHERS_AVAILABLE                       181
01826 #define SSL_R_NO_CIPHERS_PASSED                          182
01827 #define SSL_R_NO_CIPHERS_SPECIFIED                       183
01828 #define SSL_R_NO_CIPHER_LIST                             184
01829 #define SSL_R_NO_CIPHER_MATCH                            185
01830 #define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
01831 #define SSL_R_NO_COMPRESSION_SPECIFIED                   187
01832 #define SSL_R_NO_METHOD_SPECIFIED                        188
01833 #define SSL_R_NO_PRIVATEKEY                              189
01834 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
01835 #define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
01836 #define SSL_R_NO_PUBLICKEY                               192
01837 #define SSL_R_NO_SHARED_CIPHER                           193
01838 #define SSL_R_NO_VERIFY_CALLBACK                         194
01839 #define SSL_R_NULL_SSL_CTX                               195
01840 #define SSL_R_NULL_SSL_METHOD_PASSED                     196
01841 #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
01842 #define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE              297
01843 #define SSL_R_PACKET_LENGTH_TOO_LONG                     198
01844 #define SSL_R_PATH_TOO_LONG                              270
01845 #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
01846 #define SSL_R_PEER_ERROR                                 200
01847 #define SSL_R_PEER_ERROR_CERTIFICATE                     201
01848 #define SSL_R_PEER_ERROR_NO_CERTIFICATE                  202
01849 #define SSL_R_PEER_ERROR_NO_CIPHER                       203
01850 #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE    204
01851 #define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    205
01852 #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          206
01853 #define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
01854 #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   208
01855 #define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
01856 #define SSL_R_PUBLIC_KEY_NOT_RSA                         210
01857 #define SSL_R_READ_BIO_NOT_SET                           211
01858 #define SSL_R_READ_TIMEOUT_EXPIRED                       312
01859 #define SSL_R_READ_WRONG_PACKET_TYPE                     212
01860 #define SSL_R_RECORD_LENGTH_MISMATCH                     213
01861 #define SSL_R_RECORD_TOO_LARGE                           214
01862 #define SSL_R_RECORD_TOO_SMALL                           298
01863 #define SSL_R_REQUIRED_CIPHER_MISSING                    215
01864 #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
01865 #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
01866 #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
01867 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
01868 #define SSL_R_SHORT_READ                                 219
01869 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
01870 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
01871 #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                299
01872 #define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
01873 #define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
01874 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
01875 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
01876 #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
01877 #define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
01878 #define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
01879 #define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
01880 #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
01881 #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
01882 #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
01883 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
01884 #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
01885 #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
01886 #define SSL_R_SSL_HANDSHAKE_FAILURE                      229
01887 #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
01888 #define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
01889 #define SSL_R_SSL_SESSION_ID_CONFLICT                    302
01890 #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
01891 #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
01892 #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                231
01893 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
01894 #define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
01895 #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
01896 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
01897 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
01898 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
01899 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
01900 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
01901 #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
01902 #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
01903 #define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
01904 #define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
01905 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
01906 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
01907 #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
01908 #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER            235
01909 #define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
01910 #define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
01911 #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               237
01912 #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
01913 #define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
01914 #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
01915 #define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  240
01916 #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           241
01917 #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
01918 #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
01919 #define SSL_R_UNEXPECTED_MESSAGE                         244
01920 #define SSL_R_UNEXPECTED_RECORD                          245
01921 #define SSL_R_UNINITIALIZED                              276
01922 #define SSL_R_UNKNOWN_ALERT_TYPE                         246
01923 #define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
01924 #define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
01925 #define SSL_R_UNKNOWN_CIPHER_TYPE                        249
01926 #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
01927 #define SSL_R_UNKNOWN_PKEY_TYPE                          251
01928 #define SSL_R_UNKNOWN_PROTOCOL                           252
01929 #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  253
01930 #define SSL_R_UNKNOWN_SSL_VERSION                        254
01931 #define SSL_R_UNKNOWN_STATE                              255
01932 #define SSL_R_UNSUPPORTED_CIPHER                         256
01933 #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
01934 #define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
01935 #define SSL_R_UNSUPPORTED_PROTOCOL                       258
01936 #define SSL_R_UNSUPPORTED_SSL_VERSION                    259
01937 #define SSL_R_WRITE_BIO_NOT_SET                          260
01938 #define SSL_R_WRONG_CIPHER_RETURNED                      261
01939 #define SSL_R_WRONG_MESSAGE_TYPE                         262
01940 #define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
01941 #define SSL_R_WRONG_SIGNATURE_LENGTH                     264
01942 #define SSL_R_WRONG_SIGNATURE_SIZE                       265
01943 #define SSL_R_WRONG_SSL_VERSION                          266
01944 #define SSL_R_WRONG_VERSION_NUMBER                       267
01945 #define SSL_R_X509_LIB                                   268
01946 #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
01947 
01948 #ifdef  __cplusplus
01949 }
01950 #endif
01951 #endif