#define SSL_TXT_kEECDH "kEECDH"\r
#define SSL_TXT_kPSK "kPSK"\r
#define SSL_TXT_kGOST "kGOST"\r
+#define SSL_TXT_kSRP "kSRP"\r
\r
#define SSL_TXT_aRSA "aRSA"\r
#define SSL_TXT_aDSS "aDSS"\r
#define SSL_TXT_ECDSA "ECDSA"\r
#define SSL_TXT_KRB5 "KRB5"\r
#define SSL_TXT_PSK "PSK"\r
+#define SSL_TXT_SRP "SRP"\r
\r
#define SSL_TXT_DES "DES"\r
#define SSL_TXT_3DES "3DES"\r
#define SSL_TXT_AES128 "AES128"\r
#define SSL_TXT_AES256 "AES256"\r
#define SSL_TXT_AES "AES"\r
+#define SSL_TXT_AES_GCM "AESGCM"\r
#define SSL_TXT_CAMELLIA128 "CAMELLIA128"\r
#define SSL_TXT_CAMELLIA256 "CAMELLIA256"\r
#define SSL_TXT_CAMELLIA "CAMELLIA"\r
#define SSL_TXT_SHA "SHA" /* same as "SHA1" */\r
#define SSL_TXT_GOST94 "GOST94"\r
#define SSL_TXT_GOST89MAC "GOST89MAC"\r
+#define SSL_TXT_SHA256 "SHA256"\r
+#define SSL_TXT_SHA384 "SHA384"\r
\r
#define SSL_TXT_SSLV2 "SSLv2"\r
#define SSL_TXT_SSLV3 "SSLv3"\r
#define SSL_TXT_TLSV1 "TLSv1"\r
+#define SSL_TXT_TLSV1_1 "TLSv1.1"\r
+#define SSL_TXT_TLSV1_2 "TLSv1.2"\r
\r
#define SSL_TXT_EXP "EXP"\r
#define SSL_TXT_EXPORT "EXPORT"\r
* in SSL_CTX. */\r
typedef struct ssl_st *ssl_crock_st;\r
typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;\r
+typedef struct ssl_method_st SSL_METHOD;\r
+typedef struct ssl_cipher_st SSL_CIPHER;\r
+typedef struct ssl_session_st SSL_SESSION;\r
+\r
+DECLARE_STACK_OF(SSL_CIPHER)\r
+\r
+/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/\r
+typedef struct srtp_protection_profile_st\r
+ {\r
+ const char *name;\r
+ unsigned long id;\r
+ } SRTP_PROTECTION_PROFILE;\r
+\r
+DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)\r
+\r
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);\r
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);\r
+\r
+\r
+#ifndef OPENSSL_NO_SSL_INTERN\r
\r
/* used to hold info on the particular ciphers used */\r
-typedef struct ssl_cipher_st\r
+struct ssl_cipher_st\r
{\r
int valid;\r
const char *name; /* text name */\r
unsigned long algorithm2; /* Extra flags */\r
int strength_bits; /* Number of bits really used */\r
int alg_bits; /* Number of bits for algorithm */\r
- } SSL_CIPHER;\r
-\r
-DECLARE_STACK_OF(SSL_CIPHER)\r
+ };\r
\r
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);\r
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);\r
\r
/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */\r
-typedef struct ssl_method_st\r
+struct ssl_method_st\r
{\r
int version;\r
int (*ssl_new)(SSL *s);\r
int (*ssl_version)(void);\r
long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));\r
long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));\r
- } SSL_METHOD;\r
+ };\r
\r
/* Lets make this into an ASN.1 type structure as follows\r
* SSL_SESSION_ID ::= SEQUENCE {\r
* Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context\r
* Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'\r
* HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension\r
- * ECPointFormatList [ 7 ] OCTET STRING, -- optional EC point format list from TLS extension\r
- * PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint\r
- * PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity\r
+ * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint\r
+ * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity\r
+ * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket\r
+ * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)\r
+ * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method\r
+ * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username\r
* }\r
* Look in ssl/ssl_asn1.c for more details\r
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).\r
*/\r
-typedef struct ssl_session_st\r
+struct ssl_session_st\r
{\r
int ssl_version; /* what ssl version session info is\r
* being kept in here? */\r
size_t tlsext_ticklen; /* Session ticket length */\r
long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */\r
#endif\r
- } SSL_SESSION;\r
+#ifndef OPENSSL_NO_SRP\r
+ char *srp_username;\r
+#endif\r
+ };\r
\r
+#endif\r
\r
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L\r
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L\r
\r
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.\r
* This used to be 0x000FFFFFL before 0.9.7. */\r
-#define SSL_OP_ALL 0x80000FFFL\r
+#define SSL_OP_ALL 0x80000BFFL\r
\r
/* DTLS options */\r
#define SSL_OP_NO_QUERY_MTU 0x00001000L\r
#define SSL_OP_NO_SSLv2 0x01000000L\r
#define SSL_OP_NO_SSLv3 0x02000000L\r
#define SSL_OP_NO_TLSv1 0x04000000L\r
+#define SSL_OP_NO_TLSv1_2 0x08000000L\r
+#define SSL_OP_NO_TLSv1_1 0x10000000L\r
\r
+/* These next two were never actually used for anything since SSLeay\r
+ * zap so we have some more flags.\r
+ */\r
/* The next flag deliberately changes the ciphertest, this is a check\r
* for the PKCS#1 attack */\r
-#define SSL_OP_PKCS1_CHECK_1 0x08000000L\r
-#define SSL_OP_PKCS1_CHECK_2 0x10000000L\r
+#define SSL_OP_PKCS1_CHECK_1 0x0\r
+#define SSL_OP_PKCS1_CHECK_2 0x0\r
+\r
#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L\r
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L\r
/* Make server add server-hello extension from early version of\r
#define SSL_get_secure_renegotiation_support(ssl) \\r
SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)\r
\r
+#ifndef OPENSSL_NO_HEARTBEATS\r
+#define SSL_heartbeat(ssl) \\r
+ SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)\r
+#endif\r
+\r
void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));\r
void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));\r
#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))\r
#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))\r
\r
+#ifndef OPENSSL_NO_SRP\r
\r
+#ifndef OPENSSL_NO_SSL_INTERN\r
+\r
+typedef struct srp_ctx_st\r
+ {\r
+ /* param for all the callbacks */\r
+ void *SRP_cb_arg;\r
+ /* set client Hello login callback */\r
+ int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);\r
+ /* set SRP N/g param callback for verification */\r
+ int (*SRP_verify_param_callback)(SSL *, void *);\r
+ /* set SRP client passwd callback */\r
+ char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);\r
+\r
+ char *login;\r
+ BIGNUM *N,*g,*s,*B,*A;\r
+ BIGNUM *a,*b,*v;\r
+ char *info;\r
+ int strength;\r
+\r
+ unsigned long srp_Mask;\r
+ } SRP_CTX;\r
+\r
+#endif\r
+\r
+/* see tls_srp.c */\r
+int SSL_SRP_CTX_init(SSL *s);\r
+int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);\r
+int SSL_SRP_CTX_free(SSL *ctx);\r
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);\r
+int SSL_srp_server_param_with_username(SSL *s, int *ad);\r
+int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);\r
+int SRP_Calc_A_param(SSL *s);\r
+int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);\r
+\r
+#endif\r
\r
#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)\r
#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */\r
typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,\r
unsigned int *id_len);\r
\r
-typedef struct ssl_comp_st\r
+typedef struct ssl_comp_st SSL_COMP;\r
+\r
+#ifndef OPENSSL_NO_SSL_INTERN\r
+\r
+struct ssl_comp_st\r
{\r
int id;\r
const char *name;\r
#else\r
char *method;\r
#endif\r
- } SSL_COMP;\r
+ };\r
\r
DECLARE_STACK_OF(SSL_COMP)\r
DECLARE_LHASH_OF(SSL_SESSION);\r
/* Callback for status request */\r
int (*tlsext_status_cb)(SSL *ssl, void *arg);\r
void *tlsext_status_arg;\r
-\r
/* draft-rescorla-tls-opaque-prf-input-00.txt information */\r
int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);\r
void *tlsext_opaque_prf_input_callback_arg;\r
struct ssl3_buf_freelist_st *wbuf_freelist;\r
struct ssl3_buf_freelist_st *rbuf_freelist;\r
#endif\r
+#ifndef OPENSSL_NO_SRP\r
+ SRP_CTX srp_ctx; /* ctx for SRP authentication */\r
+#endif\r
+\r
+#ifndef OPENSSL_NO_TLSEXT\r
+# ifndef OPENSSL_NO_NEXTPROTONEG\r
+ /* Next protocol negotiation information */\r
+ /* (for experimental NPN extension). */\r
+\r
+ /* For a server, this contains a callback function by which the set of\r
+ * advertised protocols can be provided. */\r
+ int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,\r
+ unsigned int *len, void *arg);\r
+ void *next_protos_advertised_cb_arg;\r
+ /* For a client, this contains a callback function that selects the\r
+ * next protocol from the list provided by the server. */\r
+ int (*next_proto_select_cb)(SSL *s, unsigned char **out,\r
+ unsigned char *outlen,\r
+ const unsigned char *in,\r
+ unsigned int inlen,\r
+ void *arg);\r
+ void *next_proto_select_cb_arg;\r
+# endif\r
+ /* SRTP profiles we are willing to do from RFC 5764 */\r
+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;\r
+#endif\r
};\r
\r
+#endif\r
+\r
#define SSL_SESS_CACHE_OFF 0x0000\r
#define SSL_SESS_CACHE_CLIENT 0x0001\r
#define SSL_SESS_CACHE_SERVER 0x0002\r
#endif\r
void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));\r
void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));\r
+#ifndef OPENSSL_NO_NEXTPROTONEG\r
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,\r
+ int (*cb) (SSL *ssl,\r
+ const unsigned char **out,\r
+ unsigned int *outlen,\r
+ void *arg),\r
+ void *arg);\r
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,\r
+ int (*cb) (SSL *ssl,\r
+ unsigned char **out,\r
+ unsigned char *outlen,\r
+ const unsigned char *in,\r
+ unsigned int inlen,\r
+ void *arg),\r
+ void *arg);\r
+\r
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,\r
+ const unsigned char *in, unsigned int inlen,\r
+ const unsigned char *client, unsigned int client_len);\r
+void SSL_get0_next_proto_negotiated(const SSL *s,\r
+ const unsigned char **data, unsigned *len);\r
+\r
+#define OPENSSL_NPN_UNSUPPORTED 0\r
+#define OPENSSL_NPN_NEGOTIATED 1\r
+#define OPENSSL_NPN_NO_OVERLAP 2\r
+#endif\r
\r
#ifndef OPENSSL_NO_PSK\r
/* the maximum length of the buffer given to callbacks containing the\r
#define SSL_MAC_FLAG_READ_MAC_STREAM 1\r
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2\r
\r
+#ifndef OPENSSL_NO_SSL_INTERN\r
+\r
struct ssl_st\r
{\r
/* protocol version\r
\r
int server; /* are we the server side? - mostly used by SSL_clear*/\r
\r
- int new_session;/* 1 if we are to use a new session.\r
- * 2 if we are a server and are inside a handshake\r
- * (i.e. not just sending a HelloRequest)\r
+ int new_session;/* Generate a new session or reuse an old one.\r
* NB: For servers, the 'new' session may actually be a previously\r
* cached session or even the previous session unless\r
* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */\r
void *tls_session_secret_cb_arg;\r
\r
SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */\r
+\r
+#ifndef OPENSSL_NO_NEXTPROTONEG\r
+ /* Next protocol negotiation. For the client, this is the protocol that\r
+ * we sent in NextProtocol and is set when handling ServerHello\r
+ * extensions.\r
+ *\r
+ * For a server, this is the client's selected_protocol from\r
+ * NextProtocol and is set when handling the NextProtocol message,\r
+ * before the Finished message. */\r
+ unsigned char *next_proto_negotiated;\r
+ unsigned char next_proto_negotiated_len;\r
+#endif\r
+\r
#define session_ctx initial_ctx\r
+\r
+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What we'll do */\r
+ SRTP_PROTECTION_PROFILE *srtp_profile; /* What's been chosen */\r
+\r
+ unsigned int tlsext_heartbeat; /* Is use of the Heartbeat extension negotiated?\r
+ 0: disabled\r
+ 1: enabled\r
+ 2: enabled, but not allowed to send Requests\r
+ */\r
+ unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */\r
+ unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */\r
#else\r
#define session_ctx ctx\r
#endif /* OPENSSL_NO_TLSEXT */\r
+\r
+ int renegotiate;/* 1 if we are renegotiating.\r
+ * 2 if we are a server and are inside a handshake\r
+ * (i.e. not just sending a HelloRequest) */\r
+\r
+#ifndef OPENSSL_NO_SRP\r
+ SRP_CTX srp_ctx; /* ctx for SRP authentication */\r
+#endif\r
};\r
\r
+#endif\r
+\r
#ifdef __cplusplus\r
}\r
#endif\r
#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */\r
#include <openssl/dtls1.h> /* Datagram TLS */\r
#include <openssl/ssl23.h>\r
+#include <openssl/srtp.h> /* Support for the use_srtp extension */\r
\r
#ifdef __cplusplus\r
extern "C" {\r
#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71\r
\r
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72\r
+\r
+#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75\r
+#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76\r
+#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77\r
+\r
+#define SSL_CTRL_SET_SRP_ARG 78\r
+#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79\r
+#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80\r
+#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81\r
+#ifndef OPENSSL_NO_HEARTBEATS\r
+#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85\r
+#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86\r
+#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87\r
+#endif\r
#endif\r
\r
#define DTLS_CTRL_GET_TIMEOUT 73\r
#define SSL_CTRL_CLEAR_OPTIONS 77\r
#define SSL_CTRL_CLEAR_MODE 78\r
\r
+#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82\r
+#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83\r
+\r
#define DTLSv1_get_timeout(ssl, arg) \\r
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)\r
#define DTLSv1_handle_timeout(ssl) \\r
\r
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \\r
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)\r
+#define SSL_CTX_get_extra_chain_certs(ctx,px509) \\r
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)\r
+#define SSL_CTX_clear_extra_chain_certs(ctx) \\r
+ SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)\r
\r
#ifndef OPENSSL_NO_BIO\r
BIO_METHOD *BIO_f_ssl(void);\r
int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);\r
char * SSL_CIPHER_get_version(const SSL_CIPHER *c);\r
const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);\r
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);\r
\r
int SSL_get_fd(const SSL *s);\r
int SSL_get_rfd(const SSL *s);\r
long SSL_SESSION_get_timeout(const SSL_SESSION *s);\r
long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);\r
void SSL_copy_session_id(SSL *to,const SSL *from);\r
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);\r
+int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,\r
+ unsigned int sid_ctx_len);\r
\r
SSL_SESSION *SSL_SESSION_new(void);\r
const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,\r
unsigned int *len);\r
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);\r
#ifndef OPENSSL_NO_FP_API\r
int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);\r
#endif\r
int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);\r
int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);\r
\r
+#ifndef OPENSSL_NO_SRP\r
+int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);\r
+int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);\r
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);\r
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,\r
+ char *(*cb)(SSL *,void *));\r
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,\r
+ int (*cb)(SSL *,void *));\r
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,\r
+ int (*cb)(SSL *,int *,void *));\r
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);\r
+\r
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,\r
+ BIGNUM *sa, BIGNUM *v, char *info);\r
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,\r
+ const char *grp);\r
+\r
+BIGNUM *SSL_get_srp_g(SSL *s);\r
+BIGNUM *SSL_get_srp_N(SSL *s);\r
+\r
+char *SSL_get_srp_username(SSL *s);\r
+char *SSL_get_srp_userinfo(SSL *s);\r
+#endif\r
+\r
void SSL_free(SSL *ssl);\r
int SSL_accept(SSL *ssl);\r
int SSL_connect(SSL *ssl);\r
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */\r
const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */\r
\r
+const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */\r
+const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */\r
+const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */\r
+\r
+const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */\r
+const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */\r
+const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */\r
+\r
+\r
const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */\r
const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */\r
const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */\r
\r
int SSL_do_handshake(SSL *s);\r
int SSL_renegotiate(SSL *s);\r
+int SSL_renegotiate_abbreviated(SSL *s);\r
int SSL_renegotiate_pending(SSL *s);\r
int SSL_shutdown(SSL *s);\r
\r
void (*cb)(const SSL *ssl,int type,int val));\r
void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);\r
int SSL_state(const SSL *ssl);\r
+void SSL_set_state(SSL *ssl, int state);\r
\r
void SSL_set_verify_result(SSL *ssl,long v);\r
long SSL_get_verify_result(const SSL *ssl);\r
/* Pre-shared secret session resumption functions */\r
int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);\r
\r
+void SSL_set_debug(SSL *s, int debug);\r
+int SSL_cache_hit(SSL *s);\r
+\r
/* BEGIN ERROR CODES */\r
/* The following lines are auto generated by the script mkerr.pl. Any changes\r
* made after this point may be overwritten when the script is next run.\r
#define SSL_F_DTLS1_ACCEPT 246\r
#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295\r
#define SSL_F_DTLS1_BUFFER_RECORD 247\r
+#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316\r
#define SSL_F_DTLS1_CLIENT_HELLO 248\r
#define SSL_F_DTLS1_CONNECT 249\r
#define SSL_F_DTLS1_ENC 250\r
#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253\r
#define SSL_F_DTLS1_GET_RECORD 254\r
#define SSL_F_DTLS1_HANDLE_TIMEOUT 297\r
+#define SSL_F_DTLS1_HEARTBEAT 305\r
#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255\r
#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288\r
#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256\r
#define SSL_F_SSL3_GET_KEY_EXCHANGE 141\r
#define SSL_F_SSL3_GET_MESSAGE 142\r
#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283\r
+#define SSL_F_SSL3_GET_NEXT_PROTO 306\r
#define SSL_F_SSL3_GET_RECORD 143\r
#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144\r
#define SSL_F_SSL3_GET_SERVER_DONE 145\r
#define SSL_F_SSL3_WRITE_PENDING 159\r
#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298\r
#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277\r
+#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307\r
#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215\r
#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216\r
#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299\r
#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278\r
+#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308\r
#define SSL_F_SSL_BAD_METHOD 160\r
#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161\r
#define SSL_F_SSL_CERT_DUP 221\r
#define SSL_F_SSL_CREATE_CIPHER_LIST 166\r
#define SSL_F_SSL_CTRL 232\r
#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168\r
+#define SSL_F_SSL_CTX_MAKE_PROFILES 309\r
#define SSL_F_SSL_CTX_NEW 169\r
#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269\r
#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290\r
#define SSL_F_SSL_NEW 186\r
#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300\r
#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302\r
+#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310\r
#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301\r
#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303\r
+#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311\r
#define SSL_F_SSL_PEEK 270\r
#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281\r
#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282\r
#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188\r
#define SSL_F_SSL_SESSION_NEW 189\r
#define SSL_F_SSL_SESSION_PRINT_FP 190\r
+#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312\r
#define SSL_F_SSL_SESS_CERT_NEW 225\r
#define SSL_F_SSL_SET_CERT 191\r
#define SSL_F_SSL_SET_CIPHER_LIST 271\r
#define SSL_F_SSL_SET_TRUST 228\r
#define SSL_F_SSL_SET_WFD 196\r
#define SSL_F_SSL_SHUTDOWN 224\r
+#define SSL_F_SSL_SRP_CTX_INIT 313\r
#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243\r
#define SSL_F_SSL_UNDEFINED_FUNCTION 197\r
#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244\r
#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209\r
#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274\r
#define SSL_F_TLS1_ENC 210\r
+#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314\r
+#define SSL_F_TLS1_HEARTBEAT 315\r
#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275\r
#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276\r
#define SSL_F_TLS1_PRF 284\r
#define SSL_R_BAD_RSA_MODULUS_LENGTH 121\r
#define SSL_R_BAD_RSA_SIGNATURE 122\r
#define SSL_R_BAD_SIGNATURE 123\r
+#define SSL_R_BAD_SRP_A_LENGTH 347\r
+#define SSL_R_BAD_SRP_B_LENGTH 348\r
+#define SSL_R_BAD_SRP_G_LENGTH 349\r
+#define SSL_R_BAD_SRP_N_LENGTH 350\r
+#define SSL_R_BAD_SRP_S_LENGTH 351\r
+#define SSL_R_BAD_SRTP_MKI_VALUE 352\r
+#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353\r
#define SSL_R_BAD_SSL_FILETYPE 124\r
#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125\r
#define SSL_R_BAD_STATE 126\r
#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322\r
#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323\r
#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310\r
+#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354\r
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150\r
#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282\r
#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151\r
#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152\r
#define SSL_R_EXTRA_DATA_IN_MESSAGE 153\r
#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154\r
+#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355\r
+#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356\r
#define SSL_R_HTTPS_PROXY_REQUEST 155\r
#define SSL_R_HTTP_REQUEST 156\r
#define SSL_R_ILLEGAL_PADDING 283\r
#define SSL_R_INVALID_COMMAND 280\r
#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341\r
#define SSL_R_INVALID_PURPOSE 278\r
+#define SSL_R_INVALID_SRP_USERNAME 357\r
#define SSL_R_INVALID_STATUS_RESPONSE 328\r
#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325\r
#define SSL_R_INVALID_TRUST 279\r
#define SSL_R_MISSING_RSA_CERTIFICATE 168\r
#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169\r
#define SSL_R_MISSING_RSA_SIGNING_CERT 170\r
+#define SSL_R_MISSING_SRP_PARAM 358\r
#define SSL_R_MISSING_TMP_DH_KEY 171\r
#define SSL_R_MISSING_TMP_ECDH_KEY 311\r
#define SSL_R_MISSING_TMP_RSA_KEY 172\r
#define SSL_R_NO_RENEGOTIATION 339\r
#define SSL_R_NO_REQUIRED_DIGEST 324\r
#define SSL_R_NO_SHARED_CIPHER 193\r
+#define SSL_R_NO_SRTP_PROFILES 359\r
#define SSL_R_NO_VERIFY_CALLBACK 194\r
#define SSL_R_NULL_SSL_CTX 195\r
#define SSL_R_NULL_SSL_METHOD_PASSED 196\r
#define SSL_R_SERVERHELLO_TLSEXT 275\r
#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277\r
#define SSL_R_SHORT_READ 219\r
+#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360\r
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220\r
+#define SSL_R_SRP_A_CALC 361\r
+#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362\r
+#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363\r
+#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364\r
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221\r
#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299\r
#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321\r
#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112\r
#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110\r
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232\r
+#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365\r
+#define SSL_R_TLS_HEARTBEAT_PENDING 366\r
+#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367\r
#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157\r
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233\r
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234\r
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247\r
#define SSL_R_UNKNOWN_CIPHER_RETURNED 248\r
#define SSL_R_UNKNOWN_CIPHER_TYPE 249\r
+#define SSL_R_UNKNOWN_DIGEST 368\r
#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250\r
#define SSL_R_UNKNOWN_PKEY_TYPE 251\r
#define SSL_R_UNKNOWN_PROTOCOL 252\r
#define SSL_R_UNSUPPORTED_PROTOCOL 258\r
#define SSL_R_UNSUPPORTED_SSL_VERSION 259\r
#define SSL_R_UNSUPPORTED_STATUS_TYPE 329\r
+#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369\r
#define SSL_R_WRITE_BIO_NOT_SET 260\r
#define SSL_R_WRONG_CIPHER_RETURNED 261\r
#define SSL_R_WRONG_MESSAGE_TYPE 262\r
#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263\r
#define SSL_R_WRONG_SIGNATURE_LENGTH 264\r
#define SSL_R_WRONG_SIGNATURE_SIZE 265\r
+#define SSL_R_WRONG_SIGNATURE_TYPE 370\r
#define SSL_R_WRONG_SSL_VERSION 266\r
#define SSL_R_WRONG_VERSION_NUMBER 267\r
#define SSL_R_X509_LIB 268\r