Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/* ssl/ssl.h */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#ifndef HEADER_SSL_H
#define HEADER_SSL_H
#ifdef __cplusplus
extern "C" {
#endif
/* SSLeay version number for ASN.1 encoding of the session information */
/* Version 0 - initial version
* Version 1 - added the optional peer certificate
*/
#define SSL_SESSION_ASN1_VERSION 0x0001
/* text strings for the ciphers */
#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
#define SSL_MAX_KEY_ARG_LENGTH 8
#define SSL_MAX_MASTER_KEY_LENGTH 48
/* These are used to specify which ciphers to use and not to use */
#define SSL_TXT_LOW "LOW"
#define SSL_TXT_MEDIUM "MEDIUM"
#define SSL_TXT_HIGH "HIGH"
#define SSL_TXT_kFZA "kFZA"
#define SSL_TXT_aFZA "aFZA"
#define SSL_TXT_eFZA "eFZA"
#define SSL_TXT_FZA "FZA"
#define SSL_TXT_aNULL "aNULL"
#define SSL_TXT_eNULL "eNULL"
#define SSL_TXT_NULL "NULL"
#define SSL_TXT_kRSA "kRSA"
#define SSL_TXT_kDHr "kDHr"
#define SSL_TXT_kDHd "kDHd"
#define SSL_TXT_kEDH "kEDH"
#define SSL_TXT_aRSA "aRSA"
#define SSL_TXT_aDSS "aDSS"
#define SSL_TXT_aDH "aDH"
#define SSL_TXT_DSS "DSS"
#define SSL_TXT_DH "DH"
#define SSL_TXT_EDH "EDH"
#define SSL_TXT_ADH "ADH"
#define SSL_TXT_RSA "RSA"
#define SSL_TXT_DES "DES"
#define SSL_TXT_3DES "3DES"
#define SSL_TXT_RC4 "RC4"
#define SSL_TXT_RC2 "RC2"
#define SSL_TXT_IDEA "IDEA"
#define SSL_TXT_MD5 "MD5"
#define SSL_TXT_SHA0 "SHA0"
#define SSL_TXT_SHA1 "SHA1"
#define SSL_TXT_SHA "SHA"
#define SSL_TXT_EXP "EXP"
#define SSL_TXT_EXPORT "EXPORT"
#define SSL_TXT_SSLV2 "SSLv2"
#define SSL_TXT_SSLV3 "SSLv3"
#define SSL_TXT_ALL "ALL"
/* 'DEFAULT' at the start of the cipher list insert the following string
* in addition to this being the default cipher string */
#ifndef NO_RSA
#define SSL_DEFAULT_CIPHER_LIST "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP"
#else
#define SSL_ALLOW_ADH
#define SSL_DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP"
#endif
#define SSL_SENT_SHUTDOWN 1
#define SSL_RECEIVED_SHUTDOWN 2
#define SSL_CTX_set_quiet_shutdown(ctx,y) ((ctx)->quiet_shutdown=(y));
#define SSL_CTX_get_quiet_shutdown(ctx) ((ctx)->quiet_shutdown);
#define SSL_set_quiet_shutdown(s,y) ((s)->quiet_shutdown=(y));
#define SSL_get_quiet_shutdown(s) ((s)->quiet_shutdown);
#define SSL_set_shutdown(s,mode) ((s)->shutdown=(mode))
#define SSL_get_shutdown(s) ((s)->shutdown)
#define SSL_version(s) ((s)->version)
#include "buffer.h"
#include "bio.h"
#include "x509.h"
#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
typedef struct ssl_st *ssl_crock_st;
/* used to hold info on the particular ciphers used */
typedef struct ssl_cipher_st
{
int valid;
char *name; /* text name */
unsigned long id; /* id, 4 bytes, first is version */
unsigned long algorithms; /* what ciphers are used */
unsigned long algorithm2; /* Extra flags */
unsigned long mask; /* used for matching */
} SSL_CIPHER;
/* Used to hold functions for SSLv2 or SSLv3 functions */
typedef struct ssl_method_st
{
int version;
int (*ssl_new)();
void (*ssl_clear)();
void (*ssl_free)();
int (*ssl_accept)();
int (*ssl_connect)();
int (*ssl_read)();
int (*ssl_peek)();
int (*ssl_write)();
int (*ssl_shutdown)();
int (*ssl_renegotiate)();
long (*ssl_ctrl)();
long (*ssl_ctx_ctrl)();
SSL_CIPHER *(*get_cipher_by_char)();
int (*put_cipher_by_char)();
int (*ssl_pending)();
int (*num_ciphers)();
SSL_CIPHER *(*get_cipher)();
struct ssl_method_st *(*get_ssl_method)();
long (*get_timeout)();
} SSL_METHOD;
typedef struct ssl_compression_st
{
char *stuff;
} SSL_COMPRESSION;
/* Lets make this into an ASN.1 type structure as follows
* SSL_SESSION_ID ::= SEQUENCE {
* version INTEGER, -- structure version number
* SSLversion INTEGER, -- SSL version number
* Cipher OCTET_STRING, -- the 3 byte cipher ID
* Session_ID OCTET_STRING, -- the Session ID
* Master_key OCTET_STRING, -- the master key
* Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
* Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
* Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
* Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
* }
* Look in ssl/ssl_asn1.c for more details
* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
*/
typedef struct ssl_session_st
{
int ssl_version; /* what ssl version session info is
* being kept in here? */
/* only really used in SSLv2 */
unsigned int key_arg_length;
unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
int master_key_length;
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
/* session_id - valid? */
unsigned int session_id_length;
unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
int not_resumable;
/* The cert is the certificate used to establish this connection */
struct cert_st /* CERT */ *cert;
/* This is the cert for the other end. On servers, it will be
* the same as cert->x509 */
X509 *peer;
int references;
long timeout;
long time;
SSL_COMPRESSION *read_compression;
SSL_COMPRESSION *write_compression;
SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this
* needs to be used to load
* the 'cipher' structure */
STACK /* SSL_CIPHER */ *ciphers; /* shared ciphers? */
char *app_data; /* application specific data */
} SSL_SESSION;
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
#define SSL_OP_NETSCAPE_CA_DN_BUG 0x00000004L
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
/* If set, only use tmp_dh parameters once */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Set to also use the tmp_rsa key when doing RSA operations. */
#define SSL_OP_EPHEMERAL_RSA 0x00200000L
#define SSL_OP_NON_EXPORT_FIRST 0x40000000L
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
#define SSL_OP_ALL 0x000FFFFFL
#define SSL_CTX_set_options(ctx,op) ((ctx)->options|=(op))
/* Normally you will only use these if your application wants to use
* the certificate store in other places, perhaps PKCS7 */
#define SSL_CTX_get_cert_store(ctx) ((ctx)->cert_store)
#define SSL_CTX_set_cert_store(ctx,cs) \
(X509_STORE_free((ctx)->cert_store),(ctx)->cert_store=(cs))
typedef struct ssl_ctx_st
{
SSL_METHOD *method;
unsigned long options;
STACK /* SSL_CIPHER */ *cipher_list;
/* same as above but sorted for lookup */
STACK /* SSL_CIPHER */ *cipher_list_by_id;
struct x509_store_st /* X509_STORE */ *cert_store;
struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSION's */
/* This can have one of 2 values, ored together,
* SSL_SESS_CACHE_CLIENT,
* SSL_SESS_CACHE_SERVER,
* Default is SSL_SESSION_CACHE_SERVER, which means only
* SSL_accept which cache SSL_SESSIONS. */
int session_cache_mode;
/* If timeout is not 0, it is the default timeout value set
* when SSL_new() is called. This has been put in to make
* life easier to set things up */
long session_timeout;
/* If this callback is not null, it will be called each
* time a session id is added to the cache. If this function
* returns 1, it means that the callback will do a
* SSL_SESSION_free() when it has finished using it. Otherwise,
* on 0, it means the callback has finished with it.
* If remove_session_cb is not null, it will be called when
* a session-id is removed from the cache. Again, a return
* of 0 mens that SSLeay should not SSL_SESSION_free() since
* the application is doing something with it. */
#ifndef NOPROTO
int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
unsigned char *data,int len,int *copy);
#else
int (*new_session_cb)();
void (*remove_session_cb)();
SSL_SESSION *(*get_session_cb)();
#endif
int sess_connect; /* SSL new (expensive) connection - started */
int sess_connect_good; /* SSL new (expensive) connection - finished */
int sess_accept; /* SSL new (expensive) accept - started */
int sess_accept_good; /* SSL new (expensive) accept - finished */
int sess_miss; /* session lookup misses */
int sess_timeout; /* session reuse attempt on timeouted session */
int sess_hit; /* session reuse actually done */
int sess_cb_hit; /* session-id that was not in the cache was
* passed back via the callback. This
* indicates that the application is supplying
* session-id's from other processes -
* spooky :-) */
int references;
void (*info_callback)();
/* if defined, these override the X509_verify_cert() calls */
int (*app_verify_callback)();
char *app_verify_arg;
/* default values to use in SSL structures */
struct cert_st /* CERT */ *default_cert;
int default_read_ahead;
int default_verify_mode;
int (*default_verify_callback)();
/* Default password callback. */
int (*default_passwd_callback)();
/* get client cert callback */
int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
/* what we put in client requests */
STACK *client_CA;
int quiet_shutdown;
char *app_data;
} SSL_CTX;
#define SSL_SESS_CACHE_OFF 0x00
#define SSL_SESS_CACHE_CLIENT 0x01
#define SSL_SESS_CACHE_SERVER 0x02
#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x80
#define SSL_session_reused(s) ((s)->hit)
#define SSL_CTX_sessions(ctx) ((ctx)->sessions)
/* You will need to include lhash.h to access the following #define */
#define SSL_CTX_sess_number(ctx) ((ctx)->sessions->num_items)
#define SSL_CTX_sess_connect(ctx) ((ctx)->sess_connect)
#define SSL_CTX_sess_connect_good(ctx) ((ctx)->sess_connect_good)
#define SSL_CTX_sess_accept(ctx) ((ctx)->sess_accept)
#define SSL_CTX_sess_accept_good(ctx) ((ctx)->sess_accept_good)
#define SSL_CTX_sess_hits(ctx) ((ctx)->sess_hit)
#define SSL_CTX_sess_cb_hits(ctx) ((ctx)->sess_cb_hit)
#define SSL_CTX_sess_misses(ctx) ((ctx)->sess_miss)
#define SSL_CTX_sess_timeouts(ctx) ((ctx)->sess_timeout)
#define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb))
#define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb)
#define SSL_CTX_sess_set_remove_cb(ctx,cb) ((ctx)->remove_session_cb=(cb))
#define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb)
#define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb))
#define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb)
#define SSL_CTX_set_session_cache_mode(ctx,m) ((ctx)->session_cache_mode=(m))
#define SSL_CTX_get_session_cache_mode(ctx) ((ctx)->session_cache_mode)
#define SSL_CTX_set_timeout(ctx,t) ((ctx)->session_timeout=(t))
#define SSL_CTX_get_timeout(ctx) ((ctx)->session_timeout)
#define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb))
#define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback)
#define SSL_CTX_set_default_read_ahead(ctx,m) (((ctx)->default_read_ahead)=(m))
#define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb))
#define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb)
#define SSL_NOTHING 1
#define SSL_WRITING 2
#define SSL_READING 3
#define SSL_X509_LOOKUP 4
/* These will only be used when doing non-blocking IO */
#define SSL_want(s) ((s)->rwstate)
#define SSL_want_nothing(s) ((s)->rwstate == SSL_NOTHING)
#define SSL_want_read(s) ((s)->rwstate == SSL_READING)
#define SSL_want_write(s) ((s)->rwstate == SSL_WRITING)
#define SSL_want_x509_lookup(s) ((s)->rwstate == SSL_X509_LOOKUP)
typedef struct ssl_st
{
/* procol version
* 2 for SSLv2
* 3 for SSLv3
* -3 for SSLv3 but accept SSLv2 */
int version;
int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
SSL_METHOD *method; /* SSLv3 */
/* There are 2 BIO's even though they are normally both the
* same. This is so data can be read and written to different
* handlers */
#ifdef HEADER_BIO_H
BIO *rbio; /* used by SSL_read */
BIO *wbio; /* used by SSL_write */
BIO *bbio; /* used during session-id reuse to concatinate
* messages */
#else
char *rbio; /* used by SSL_read */
char *wbio; /* used by SSL_write */
char *bbio;
#endif
/* This holds a variable that indicates what we were doing
* when a 0 or -1 is returned. This is needed for
* non-blocking IO so we know what request needs re-doing when
* in SSL_accept or SSL_connect */
int rwstate;
/* true when we are actually in SSL_accept() or SSL_connect() */
int in_handshake;
int (*handshake_func)();
/* int server;*/ /* are we the server side? */
int new_session;/* 1 if we are to use a new session */
int quiet_shutdown;/* don't send shutdown packets */
int shutdown; /* we have shut things down, 0x01 sent, 0x02
* for received */
int state; /* where we are */
int rstate; /* where we are when reading */
BUF_MEM *init_buf; /* buffer used during init */
int init_num; /* amount read/written */
int init_off; /* amount read/written */
/* used internally to point at a raw packet */
unsigned char *packet;
unsigned int packet_length;
struct ssl2_ctx_st *s2; /* SSLv2 variables */
struct ssl3_ctx_st *s3; /* SSLv3 variables */
int read_ahead; /* Read as many input bytes as possible */
int hit; /* reusing a previous session */
/* crypto */
STACK /* SSL_CIPHER */ *cipher_list;
STACK /* SSL_CIPHER */ *cipher_list_by_id;
/* These are the ones being used, the ones is SSL_SESSION are
* the ones to be 'copied' into these ones */
EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
EVP_MD *read_hash; /* used for mac generation */
SSL_COMPRESSION *read_compression; /* compression */
EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
EVP_MD *write_hash; /* used for mac generation */
SSL_COMPRESSION *write_compression; /* compression */
/* session info */
/* client cert? */
/* This is used to hold the server certificate used */
struct cert_st /* CERT */ *cert;
/* This can also be in the session once a session is established */
SSL_SESSION *session;
/* Used in SSL2 and SSL3 */
int verify_mode; /* 0 don't care about verify failure.
* 1 fail if verify fails */
int (*verify_callback)(); /* fail if callback returns 0 */
void (*info_callback)(); /* optional informational callback */
int error; /* error bytes to be written */
int error_code; /* actual code */
SSL_CTX *ctx;
/* set this flag to 1 and a sleep(1) is put into all SSL_read()
* and SSL_write() calls, good for nbio debuging :-) */
int debug;
/* extra application data */
int verify_result;
char *app_data;
/* for server side, keep the list of CA_dn we can use */
STACK /* X509_NAME */ *client_CA;
int first_packet;
} SSL;
#include "ssl2.h"
#include "ssl3.h"
#include "ssl23.h"
/* application stuff */
#define SSL_set_verify_result(s,arg) ((s)->verify_result=(long)arg)
#define SSL_get_verify_result(s) ((s)->verify_result)
#define SSL_set_app_data(s,arg) ((s)->app_data=(char *)arg)
#define SSL_get_app_data(s) ((s)->app_data)
#define SSL_SESSION_set_app_data(s,arg) ((s)->app_data=(char *)arg)
#define SSL_SESSION_get_app_data(s) ((s)->app_data)
#define SSL_CTX_set_app_data(ctx,arg) ((ctx)->app_data=(char *)arg)
#define SSL_CTX_get_app_data(ctx) ((ctx)->app_data)
/* The following are the possible values for ssl->state are are
* used to indicate where we are upto in the SSL connection establishment.
* The macros that follow are about the only things you should need to use
* and even then, only when using non-blocking IO.
* It can also be useful to work out where you were when the connection
* failed */
#define SSL_state(a) ((a)->state)
#define SSL_ST_CONNECT 0x1000
#define SSL_ST_ACCEPT 0x2000
#define SSL_ST_MASK 0x0FFF
#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
#define SSL_ST_BEFORE 0x4000
#define SSL_ST_OK 0x03
#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
/* SSL info callback functions */
#define SSL_set_info_callback(ssl,cb) ((ssl)->info_callback=(cb))
#define SSL_get_info_callback(ssl) ((ssl)->info_callback)
#define SSL_CB_LOOP 0x01
#define SSL_CB_EXIT 0x02
#define SSL_CB_READ 0x04
#define SSL_CB_WRITE 0x08
#define SSL_CB_ALERT 0x4000 /* used in callback */
#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
#define SSL_CB_HANDSHAKE_START 0x10
#define SSL_CB_HANDSHAKE_DONE 0x20
/* Is the SSL_connection established? */
#define SSL_is_init_finished(a) ((a)->state == SSL_ST_OK)
#define SSL_in_init(a) ((a)->state&SSL_ST_INIT)
#define SSL_in_before(a) ((a)->state&SSL_ST_BEFORE)
#define SSL_in_connect_init(a) ((a)->state&SSL_ST_CONNECT)
#define SSL_in_accept_init(a) ((a)->state&SSL_ST_ACCEPT)
/* The following 2 states are kept in ssl->rstate when reads fail,
* you should not need these */
#define SSL_ST_READ_HEADER 0xF0
#define SSL_ST_READ_BODY 0xF1
#define SSL_ST_READ_DONE 0xF2
/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
* are 'ored' with SSL_VERIFY_PEER if they are desired */
#define SSL_VERIFY_NONE 0x00
#define SSL_VERIFY_PEER 0x01
#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
#define SSL_VERIFY_CLIENT_ONCE 0x04
#define SSL_RWERR_BAD_WRITE_RETRY (-2)
#define SSL_RWERR_BAD_MAC_DECODE (-3)
#define SSL_RWERR_INTERNAL_ERROR (-4) /* should not get this one */
#define SSL_RWERR_WRONG_RECORD_TYPE (-5) /* used internally */
#define SSL_CTX_set_default_verify_paths(ctx) \
X509_STORE_set_default_paths((ctx)->cert_store)
#define SSL_CTX_load_verify_locations(ctx,CAfile,CApath) \
X509_STORE_load_locations((ctx)->cert_store,\
(CAfile),(CApath))
#define SSL_get_session(s) ((s)->session)
#define SSL_get_SSL_CTX(s) ((s)->ctx)
/* this is for backward compatablility */
#if 0 /* NEW_SSLEAY */
#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
#endif
/* More backward compatablity */
#define SSL_get_cipher(s) \
SSL_CIPHER_get_name(SSL_get_current_cipher(s))
#define SSL_get_cipher_bits(s,np) \
SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
#define SSL_get_cipher_version(s) \
SSL_CIPHER_get_version(SSL_get_current_cipher(s))
#define SSL_get_cipher_name(s) \
SSL_CIPHER_get_name(SSL_get_current_cipher(s))
/* VMS linker has a 31 char name limit */
#define SSL_CTX_set_cert_verify_callback(a,b,c) \
SSL_CTX_set_cert_verify_cb((a),(b),(c))
#if 1 /*SSLEAY_MACROS*/
#define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
(char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
(bp),(unsigned char **)(s_id))
#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
bp,(unsigned char *)s_id)
#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
#define PEM_write_SSL_SESSION(fp,x) \
PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
#define PEM_write_bio_SSL_SESSION(bp,x) \
PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
#endif
#define SSL_ERROR_NONE 0
#define SSL_ERROR_SSL 1
#define SSL_ERROR_WANT_READ 2
#define SSL_ERROR_WANT_WRITE 3
#define SSL_ERROR_WANT_X509_LOOKUP 4
#define SSL_ERROR_SYSCALL 5 /* look at errno */
#define SSL_ERROR_ZERO_RETURN 6
#define SSL_ERROR_WANT_CONNECT 7
#define SSL_CTRL_NEED_TMP_RSA 1
#define SSL_CTRL_SET_TMP_RSA 2
#define SSL_CTRL_SET_TMP_DH 3
#define SSL_CTRL_SET_TMP_RSA_CB 4
#define SSL_CTRL_SET_TMP_DH_CB 5
#define SSL_CTX_need_tmp_RSA(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
#define SSL_CTX_set_tmp_dh(ctx,dh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
/* For the next 2, the callbacks are
* RSA *tmp_rsa_cb(int export)
* DH *tmp_dh_cb(int export)
*/
#define SSL_CTX_set_tmp_rsa_callback(ctx,cb) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb)
#define SSL_CTX_set_tmp_dh_callback(ctx,dh) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)cb)
#ifndef NOPROTO
#ifdef HEADER_BIO_H
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
int BIO_ssl_copy_session_id(BIO *to,BIO *from);
void BIO_ssl_shutdown(BIO *ssl_bio);
#endif
int SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
void SSL_CTX_free(SSL_CTX *);
void SSL_clear(SSL *s);
void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
SSL_CIPHER *SSL_get_current_cipher(SSL *s);
int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
char * SSL_CIPHER_get_version(SSL_CIPHER *c);
char * SSL_CIPHER_get_name(SSL_CIPHER *c);
int SSL_get_fd(SSL *s);
char * SSL_get_cipher_list(SSL *s,int n);
char * SSL_get_shared_ciphers(SSL *s, char *buf, int len);
int SSL_get_read_ahead(SSL * s);
int SSL_pending(SSL *s);
#ifndef NO_SOCK
int SSL_set_fd(SSL *s, int fd);
int SSL_set_rfd(SSL *s, int fd);
int SSL_set_wfd(SSL *s, int fd);
#endif
#ifdef HEADER_BIO_H
void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
BIO * SSL_get_rbio(SSL *s);
BIO * SSL_get_wbio(SSL *s);
#endif
int SSL_set_cipher_list(SSL *s, char *str);
void SSL_set_read_ahead(SSL *s, int yes);
int SSL_get_verify_mode(SSL *s);
int (*SSL_get_verify_callback(SSL *s))();
void SSL_set_verify(SSL *s, int mode, int (*callback) ());
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);
int SSL_use_certificate(SSL *ssl, X509 *x);
int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
int SSL_use_certificate_file(SSL *ssl, char *file, int type);
void ERR_load_SSL_strings(void );
void SSL_load_error_strings(void );
char * SSL_state_string(SSL *s);
char * SSL_rstate_string(SSL *s);
char * SSL_state_string_long(SSL *s);
char * SSL_rstate_string_long(SSL *s);
long SSL_get_time(SSL_SESSION *s);
long SSL_set_time(SSL_SESSION *s, long t);
long SSL_get_timeout(SSL_SESSION *s);
long SSL_set_timeout(SSL_SESSION *s, long t);
void SSL_copy_session_id(SSL *to,SSL *from);
SSL_SESSION *SSL_SESSION_new(void);
#ifndef WIN16
int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
#endif
#ifdef HEADER_BIO_H
int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
#endif
void SSL_SESSION_free(SSL_SESSION *ses);
int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
int SSL_set_session(SSL *to, SSL_SESSION *session);
int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
#ifdef HEADER_X509_H
X509 * SSL_get_peer_certificate(SSL *s);
#endif
STACK * SSL_get_peer_cert_chain(SSL *s);
int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))();
void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
unsigned char *d, long len);
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
int SSL_CTX_check_private_key(SSL_CTX *ctx);
int SSL_check_private_key(SSL *ctx);
SSL * SSL_new(SSL_CTX *ctx);
void SSL_clear(SSL *s);
void SSL_free(SSL *ssl);
int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl);
int SSL_read(SSL *ssl,char *buf,int num);
int SSL_peek(SSL *ssl,char *buf,int num);
int SSL_write(SSL *ssl,char *buf,int num);
long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
int SSL_get_error(SSL *s,int ret_code);
char * SSL_get_version(SSL *s);
/* This sets the 'default' SSL version that SSL_new() will create */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
SSL_METHOD *SSLv2_method(void); /* sslv2 */
SSL_METHOD *SSLv2_server_method(void); /* sslv2 */
SSL_METHOD *SSLv2_client_method(void); /* sslv2 */
SSL_METHOD *SSLv3_method(void); /* sslv3 */
SSL_METHOD *SSLv3_server_method(void); /* sslv3 */
SSL_METHOD *SSLv3_client_method(void); /* sslv3 */
SSL_METHOD *SSLv23_method(void); /* sslv3 but can rollback to v2 */
SSL_METHOD *SSLv23_server_method(void); /* sslv3 but can rollback to v2 */
SSL_METHOD *SSLv23_client_method(void); /* sslv3 but can rollback to v2 */
STACK *SSL_get_ciphers(SSL *s);
int SSL_do_handshake(SSL *s);
int SSL_renegotiate(SSL *s);
int SSL_shutdown(SSL *s);
SSL_METHOD *SSL_get_ssl_method(SSL *s);
int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
char *SSL_alert_type_string_long(int value);
char *SSL_alert_type_string(int value);
char *SSL_alert_desc_string_long(int value);
char *SSL_alert_desc_string(int value);
STACK *SSL_load_client_CA_file(char *file);
void SSL_set_client_CA_list(SSL *s, STACK *list);
void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
STACK *SSL_get_client_CA_list(SSL *s);
STACK *SSL_CTX_get_client_CA_list(SSL_CTX *s);
int SSL_add_client_CA(SSL *ssl,X509 *x);
int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
void SSL_set_connect_state(SSL *s);
void SSL_set_accept_state(SSL *s);
long SSL_get_default_timeout(SSL *s);
void SSLeay_add_ssl_algorithms(void );
char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
STACK *SSL_dup_CA_list(STACK *sk);
SSL *SSL_dup(SSL *ssl);
X509 *SSL_get_certificate(SSL *ssl);
/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
#else
BIO_METHOD *BIO_f_ssl();
BIO *BIO_new_ssl();
int BIO_ssl_copy_session_id();
void BIO_ssl_shutdown();
int SSL_CTX_set_cipher_list();
SSL_CTX *SSL_CTX_new();
void SSL_CTX_free();
void SSL_clear();
void SSL_CTX_flush_sessions();
SSL_CIPHER *SSL_get_current_cipher();
int SSL_CIPHER_get_bits();
char * SSL_CIPHER_get_version();
char * SSL_CIPHER_get_name();
int SSL_get_fd();
char * SSL_get_cipher_list();
char * SSL_get_shared_ciphers();
int SSL_get_read_ahead();
int SSL_pending();
#ifndef NO_SOCK
int SSL_set_fd();
int SSL_set_rfd();
int SSL_set_wfd();
#endif
#ifdef HEADER_BIO_H
void SSL_set_bio();
BIO * SSL_get_rbio();
BIO * SSL_get_wbio();
#endif
int SSL_set_cipher_list();
void SSL_set_read_ahead();
int SSL_get_verify_mode();
void SSL_set_verify();
int SSL_use_RSAPrivateKey();
int SSL_use_RSAPrivateKey_ASN1();
int SSL_use_RSAPrivateKey_file();
int SSL_use_PrivateKey();
int SSL_use_PrivateKey_ASN1();
int SSL_use_PrivateKey_file();
int SSL_use_certificate();
int SSL_use_certificate_ASN1();
int SSL_use_certificate_file();
void ERR_load_SSL_strings();
void SSL_load_error_strings();
char * SSL_state_string();
char * SSL_rstate_string();
char * SSL_state_string_long();
char * SSL_rstate_string_long();
long SSL_get_time();
long SSL_set_time();
long SSL_get_timeout();
long SSL_set_timeout();
void SSL_copy_session_id();
SSL_SESSION *SSL_SESSION_new();
#ifndef WIN16
int SSL_SESSION_print_fp();
#endif
#ifdef HEADER_BIO_H
int SSL_SESSION_print();
#endif
void SSL_SESSION_free();
int i2d_SSL_SESSION();
int SSL_set_session();
int SSL_CTX_add_session();
int SSL_CTX_remove_session();
SSL_SESSION *d2i_SSL_SESSION();
#ifdef HEADER_X509_H
X509 * SSL_get_peer_certificate();
#endif
STACK * SSL_get_peer_cert_chain();
int SSL_CTX_get_verify_mode();
int (*SSL_CTX_get_verify_callback())();
void SSL_CTX_set_verify();
void SSL_CTX_set_cert_verify_cb();
int SSL_CTX_use_RSAPrivateKey();
int SSL_CTX_use_RSAPrivateKey_ASN1();
int SSL_CTX_use_RSAPrivateKey_file();
int SSL_CTX_use_PrivateKey();
int SSL_CTX_use_PrivateKey_ASN1();
int SSL_CTX_use_PrivateKey_file();
int SSL_CTX_use_certificate();
int SSL_CTX_use_certificate_ASN1();
int SSL_CTX_use_certificate_file();
void SSL_CTX_set_default_passwd_cb();
int SSL_CTX_check_private_key();
int SSL_check_private_key();
SSL * SSL_new();
void SSL_clear();
void SSL_free();
int SSL_accept();
int SSL_connect();
int SSL_read();
int SSL_peek();
int SSL_write();
long SSL_ctrl();
long SSL_CTX_ctrl();
int SSL_get_error();
char * SSL_get_version();
int SSL_CTX_set_ssl_version();
SSL_METHOD *SSLv2_method();
SSL_METHOD *SSLv2_server_method();
SSL_METHOD *SSLv2_client_method();
SSL_METHOD *SSLv3_method();
SSL_METHOD *SSLv3_server_method();
SSL_METHOD *SSLv3_client_method();
SSL_METHOD *SSLv23_method();
SSL_METHOD *SSLv23_server_method();
SSL_METHOD *SSLv23_client_method();
STACK *SSL_get_ciphers();
int SSL_do_handshake();
int SSL_renegotiate();
int SSL_shutdown();
SSL_METHOD *SSL_get_ssl_method();
int SSL_set_ssl_method();
char *SSL_alert_type_string_long();
char *SSL_alert_type_string();
char *SSL_alert_desc_string_long();
char *SSL_alert_desc_string();
STACK *SSL_load_client_CA_file();
void SSL_set_client_CA_list();
void SSL_CTX_set_client_CA_list();
STACK *SSL_get_client_CA_list();
STACK *SSL_CTX_get_client_CA_list();
int SSL_add_client_CA();
int SSL_CTX_add_client_CA();
void SSL_set_connect_state();
void SSL_set_accept_state();
long SSL_get_default_timeout();
void SSLeay_add_ssl_algorithms();
char *SSL_CIPHER_description();
STACK *SSL_dup_CA_list();