const unsigned char *in,
size_t inlen, int *al, void *parse_arg);
+/* Typedef for verification callback */
+typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
/* Allow initial connection to servers that don't support RI */
# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U
/* Removed from OpenSSL 0.9.8q and 1.0.0c */
unsigned int
cookie_len));
# ifndef OPENSSL_NO_NEXTPROTONEG
+
+typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl,
+ const unsigned char **out,
+ unsigned int *outlen,
+ void *arg);
void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
- int (*cb) (SSL *ssl,
- const unsigned char
- **out,
- unsigned int *outlen,
- void *arg), void *arg);
+ SSL_CTX_npn_advertised_cb_func cb,
+ void *arg);
+# define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb
+
+typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s,
+ unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen,
+ void *arg);
void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
- int (*cb) (SSL *ssl,
- unsigned char **out,
- unsigned char *outlen,
- const unsigned char *in,
- unsigned int inlen,
- void *arg), void *arg);
+ SSL_CTX_npn_select_cb_func cb,
+ void *arg);
+# define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb
+
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
unsigned *len);
+# define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
# endif
__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
unsigned int protos_len);
__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
unsigned int protos_len);
-void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
- int (*cb) (SSL *ssl,
+typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl,
const unsigned char **out,
unsigned char *outlen,
const unsigned char *in,
unsigned int inlen,
- void *arg), void *arg);
+ void *arg);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+ SSL_CTX_alpn_select_cb_func cb,
+ void *arg);
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
unsigned int *len);
*/
# define PSK_MAX_IDENTITY_LEN 128
# define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
- unsigned int (*psk_client_callback) (SSL
- *ssl,
- const
- char
- *hint,
- char
- *identity,
- unsigned
- int
- max_identity_len,
- unsigned
- char
- *psk,
- unsigned
- int
- max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl,
- unsigned int (*psk_client_callback) (SSL
- *ssl,
- const
- char
- *hint,
- char
- *identity,
- unsigned
- int
- max_identity_len,
- unsigned
- char
- *psk,
- unsigned
- int
- max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
- unsigned int (*psk_server_callback) (SSL
- *ssl,
- const
- char
- *identity,
- unsigned
- char
- *psk,
- unsigned
- int
- max_psk_len));
-void SSL_set_psk_server_callback(SSL *ssl,
- unsigned int (*psk_server_callback) (SSL
- *ssl,
- const
- char
- *identity,
- unsigned
- char
- *psk,
- unsigned
- int
- max_psk_len));
+typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+ const char *hint,
+ char *identity,
+ unsigned int max_identity_len,
+ unsigned char *psk,
+ unsigned int max_psk_len);
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
+
+typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+ const char *identity,
+ unsigned char *psk,
+ unsigned int max_psk_len);
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
+
__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
const char *SSL_get_psk_identity_hint(const SSL *s);
TLS_ST_SW_SESSION_TICKET,
TLS_ST_SW_CERT_STATUS,
TLS_ST_SW_CHANGE,
- TLS_ST_SW_FINISHED
+ TLS_ST_SW_FINISHED,
+ TLS_ST_SW_ENCRYPTED_EXTENSIONS,
+ TLS_ST_CR_ENCRYPTED_EXTENSIONS,
+ TLS_ST_CR_CERT_VRFY,
+ TLS_ST_SW_CERT_VRFY
} OSSL_HANDSHAKE_STATE;
/*
# define SSL_CTX_set1_sigalgs_list(ctx, s) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_set1_sigalgs(ctx, slist, slistlen) \
- SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
+ SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
# define SSL_set1_sigalgs_list(ctx, s) \
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
void SSL_set_read_ahead(SSL *s, int yes);
__owur int SSL_get_verify_mode(const SSL *s);
__owur int SSL_get_verify_depth(const SSL *s);
-__owur int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *);
-void SSL_set_verify(SSL *s, int mode,
- int (*callback) (int ok, X509_STORE_CTX *ctx));
+__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
+void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
void SSL_set_verify_depth(SSL *s, int depth);
void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
# ifndef OPENSSL_NO_RSA
__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-__owur int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int,
- X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
- int (*callback) (int, X509_STORE_CTX *));
+__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback);
void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
int (*cb) (X509_STORE_CTX *, void *),
# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385
# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
+# define SSL_F_FINAL_EC_PT_FORMATS 485
+# define SSL_F_FINAL_EMS 486
+# define SSL_F_FINAL_RENEGOTIATE 483
# define SSL_F_OPENSSL_INIT_SSL 342
# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION 436
# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE 430
# define SSL_F_SSL3_WRITE_PENDING 159
# define SSL_F_SSL_ADD_CERT_CHAIN 316
# define SSL_F_SSL_ADD_CERT_TO_BUF 319
+# define SSL_F_SSL_ADD_CERT_TO_WPACKET 493
# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298
# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277
# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307
# define SSL_F_TLS_COLLECT_EXTENSIONS 435
# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372
# define SSL_F_TLS_CONSTRUCT_CERT_STATUS 429
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY 494
+# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY 496
# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC 427
# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404
# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405
# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407
# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409
# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410
-# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355
-# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356
-# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357
-# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358
+# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 484
+# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 487
+# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 488
+# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 489
+# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN 466
+# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE 355
+# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS 467
+# define SSL_F_TLS_CONSTRUCT_CTOS_EMS 468
+# define SSL_F_TLS_CONSTRUCT_CTOS_ETM 469
+# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO 356
+# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE 357
+# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE 470
+# define SSL_F_TLS_CONSTRUCT_CTOS_NPN 471
+# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING 472
+# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473
+# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474
+# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475
+# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET 476
+# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS 477
+# define SSL_F_TLS_CONSTRUCT_CTOS_SRP 478
+# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST 479
+# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS 480
+# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS 481
+# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP 482
+# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY 358
+# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS 443
+# define SSL_F_TLS_CONSTRUCT_EXTENSIONS 447
# define SSL_F_TLS_CONSTRUCT_FINISHED 359
# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373
# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428
# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426
-# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374
-# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375
-# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376
-# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 377
+# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 490
+# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 491
+# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 492
+# define SSL_F_TLS_CONSTRUCT_STOC_ALPN 451
+# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE 374
+# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG 452
+# define SSL_F_TLS_CONSTRUCT_STOC_DONE 375
+# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS 453
+# define SSL_F_TLS_CONSTRUCT_STOC_EMS 454
+# define SSL_F_TLS_CONSTRUCT_STOC_ETM 455
+# define SSL_F_TLS_CONSTRUCT_STOC_HELLO 376
+# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE 377
+# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE 456
+# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457
+# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458
+# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459
+# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460
+# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST 461
+# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP 462
# define SSL_F_TLS_GET_MESSAGE_BODY 351
# define SSL_F_TLS_GET_MESSAGE_HEADER 387
+# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT 449
+# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE 463
+# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
+# define SSL_F_TLS_PARSE_CTOS_USE_SRTP 465
+# define SSL_F_TLS_PARSE_STOC_KEY_SHARE 445
+# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448
+# define SSL_F_TLS_PARSE_STOC_USE_SRTP 446
# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378
# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384
# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360
# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361
# define SSL_F_TLS_PROCESS_CERT_STATUS 362
+# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY 495
# define SSL_F_TLS_PROCESS_CERT_VERIFY 379
# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363
# define SSL_F_TLS_PROCESS_CKE_DHE 411
# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380
# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381
# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382
+# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS 444
# define SSL_F_TLS_PROCESS_FINISHED 364
# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT 442
# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365
# define SSL_F_TLS_PROCESS_SKE_ECDHE 420
# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421
# define SSL_F_TLS_PROCESS_SKE_SRP 422
+# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT 450
# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220
/* Reason codes. */
# define SSL_R_BAD_DIGEST_LENGTH 111
# define SSL_R_BAD_ECC_CERT 304
# define SSL_R_BAD_ECPOINT 306
+# define SSL_R_BAD_EXTENSION 110
# define SSL_R_BAD_HANDSHAKE_LENGTH 332
# define SSL_R_BAD_HELLO_REQUEST 105
# define SSL_R_BAD_KEY_SHARE 108
# define SSL_R_BAD_LENGTH 271
# define SSL_R_BAD_PACKET_LENGTH 115
# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
+# define SSL_R_BAD_RECORD_TYPE 443
# define SSL_R_BAD_RSA_ENCRYPT 119
# define SSL_R_BAD_SIGNATURE 123
# define SSL_R_BAD_SRP_A_LENGTH 347