Newer
Older
void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
int
is_forward_secure));
void SSL_set_not_resumable_session_callback(SSL *ssl,
int (*cb) (SSL *ssl,
int
is_forward_secure));
void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
size_t (*cb) (SSL *ssl, int type,
size_t len, void *arg));
void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
void *SSL_CTX_get_record_padding_callback_arg(SSL_CTX *ctx);
int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
void SSL_set_record_padding_callback(SSL *ssl,
size_t (*cb) (SSL *ssl, int type,
size_t len, void *arg));
void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
void *SSL_get_record_padding_callback_arg(SSL *ssl);
int SSL_set_block_padding(SSL *ssl, size_t block_size);
# if OPENSSL_API_COMPAT < 0x10100000L
# define SSL_cache_hit(s) SSL_session_reused(s)
# endif
__owur int SSL_session_reused(SSL *s);
__owur int SSL_is_server(const SSL *s);
__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void);
void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags);
__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
void SSL_add_ssl_module(void);
int SSL_config(SSL *s, const char *name);
int SSL_CTX_config(SSL_CTX *ctx, const char *name);
void SSL_trace(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
# endif
int DTLSv1_listen(SSL *s, BIO_ADDR *client);
/*
* A callback for verifying that the received SCTs are sufficient.
* Expected to return 1 if they are sufficient, otherwise 0.
* May return a negative integer if an error occurs.
* A connection should be aborted if the SCTs are deemed insufficient.
*/
typedef int(*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
const STACK_OF(SCT) *scts, void *arg);
/*
* Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate
* the received SCTs.
* If the callback returns a non-positive result, the connection is terminated.
* Call this function before beginning a handshake.
* If a NULL |callback| is provided, SCT validation is disabled.
* |arg| is arbitrary userdata that will be passed to the callback whenever it
* is invoked. Ownership of |arg| remains with the caller.
*
* NOTE: A side-effect of setting a CT callback is that an OCSP stapled response
* will be requested.
*/
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
void *arg);
int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
ssl_ct_validation_cb callback,
void *arg);
#define SSL_disable_ct(s) \
((void) SSL_set_validation_callback((s), NULL, NULL))
#define SSL_CTX_disable_ct(ctx) \
((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL))
/*
* The validation type enumerates the available behaviours of the built-in SSL
* CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct().
* The underlying callback is a static function in libssl.
*/
enum {
SSL_CT_VALIDATION_PERMISSIVE = 0,
SSL_CT_VALIDATION_STRICT
};
/*
* Enable CT by setting up a callback that implements one of the built-in
* validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always
* continues the handshake, the application can make appropriate decisions at
* handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at
* least one valid SCT, or else handshake termination will be requested. The
* handshake may continue anyway if SSL_VERIFY_NONE is in effect.
*/
int SSL_enable_ct(SSL *s, int validation_mode);
int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
* Report whether a non-NULL callback is enabled.
int SSL_ct_is_enabled(const SSL *s);
int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
/* Gets the SCTs received from a connection */
const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
/*
* Loads the CT log list from the default location.
* If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
* the log information loaded from this file will be appended to the
* CTLOG_STORE.
* Returns 1 on success, 0 otherwise.
*/
int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
/*
* Loads the CT log list from the specified file path.
* If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
* the log information loaded from this file will be appended to the
* CTLOG_STORE.
* Returns 1 on success, 0 otherwise.
*/
int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
/*
* Sets the CT log list used by all SSL connections created from this SSL_CTX.
* Ownership of the CTLOG_STORE is transferred to the SSL_CTX.
*/
void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs);
/*
* Gets the CT log list used by all SSL connections created from this SSL_CTX.
* This will be NULL unless one of the following functions has been called:
* - SSL_CTX_set_default_ctlog_list_file
* - SSL_CTX_set_ctlog_list_file
* - SSL_CTX_set_ctlog_store
*/
const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx);
/* What the "other" parameter contains in security callback */
/* Mask for type */
# define SSL_SECOP_OTHER_TYPE 0xffff0000
# define SSL_SECOP_OTHER_NONE 0
# define SSL_SECOP_OTHER_CIPHER (1 << 16)
# define SSL_SECOP_OTHER_CURVE (2 << 16)
# define SSL_SECOP_OTHER_DH (3 << 16)
# define SSL_SECOP_OTHER_PKEY (4 << 16)
# define SSL_SECOP_OTHER_SIGALG (5 << 16)
# define SSL_SECOP_OTHER_CERT (6 << 16)
/* Indicated operation refers to peer key or certificate */
/* Values for "op" parameter in security callback */
/* Called to filter ciphers */
/* Ciphers client supports */
# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER)
# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER)
# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER)
# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE)
# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE)
# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE)
# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY)
# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE)
# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE)
/* Supported signature algorithms sent to peer */
# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG)
# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG)
/* Sanity check signature algorithm allowed */
# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG)
/* Used to get mask of supported public key signature algorithms */
# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG)
# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE)
# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT)
# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT)
# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT)
# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER)
# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER)
# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER)
void SSL_set_security_level(SSL *s, int level);
__owur int SSL_get_security_level(const SSL *s);
void SSL_set_security_callback(SSL *s,
int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
int bits, int nid, void *other,
void *ex));
int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op,
int bits, int nid,
void *other, void *ex);
void SSL_set0_security_ex_data(SSL *s, void *ex);
__owur void *SSL_get0_security_ex_data(const SSL *s);
void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx);
void SSL_CTX_set_security_callback(SSL_CTX *ctx,
int (*cb) (const SSL *s, const SSL_CTX *ctx, int op,
int bits, int nid, void *other,
void *ex));
int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
const SSL_CTX *ctx,
int op, int bits,
int nid,
void *other,
void *ex);
void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
/* OPENSSL_INIT flag 0x010000 reserved for internal use */
#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L
#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L
#define OPENSSL_INIT_SSL_DEFAULT \
(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
__owur int SSL_free_buffers(SSL *ssl);
__owur int SSL_alloc_buffers(SSL *ssl);
extern const char SSL_version_str[];
int ERR_load_SSL_strings(void);
Dr. Stephen Henson
committed
typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
