ABI compliance fixes.

	/* Callback for status request */

	int (*tlsext_status_cb)(SSL *ssl, void *arg);

	void *tlsext_status_arg;

# ifndef OPENSSL_NO_NEXTPROTONEG

	/* Next protocol negotiation information */

	/* (for experimental NPN extension). */

	/* For a server, this contains a callback function by which the set of

	 * advertised protocols can be provided. */

	int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,

			                 unsigned int *len, void *arg);

	void *next_protos_advertised_cb_arg;

	/* For a client, this contains a callback function that selects the

	 * next protocol from the list provided by the server. */

	int (*next_proto_select_cb)(SSL *s, unsigned char **out,

				    unsigned char *outlen,

				    const unsigned char *in,

				    unsigned int inlen,

				    void *arg);

	void *next_proto_select_cb_arg;

	/* draft-rescorla-tls-opaque-prf-input-00.txt information */

	int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);

	void *tlsext_opaque_prf_input_callback_arg;

#endif

#endif

#ifndef OPENSSL_NO_PSK

	char *psk_identity_hint;

#endif

#ifndef OPENSSL_NO_TLSEXT

# ifndef OPENSSL_NO_NEXTPROTONEG

	/* Next protocol negotiation information */

	/* (for experimental NPN extension). */

	/* For a server, this contains a callback function by which the set of

	 * advertised protocols can be provided. */

	int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,

			                 unsigned int *len, void *arg);

	void *next_protos_advertised_cb_arg;

	/* For a client, this contains a callback function that selects the

	 * next protocol from the list provided by the server. */

	int (*next_proto_select_cb)(SSL *s, unsigned char **out,

				    unsigned char *outlen,

				    const unsigned char *in,

				    unsigned int inlen,

				    void *arg);

	void *next_proto_select_cb_arg;

# endif

        /* SRTP profiles we are willing to do from RFC 5764 */

        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  

#endif

	                 * NB: For servers, the 'new' session may actually be a previously

	                 * cached session or even the previous session unless

	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */

	int renegotiate;/* 1 if we are renegotiating.

	                 * 2 if we are a server and are inside a handshake

	                 * (i.e. not just sending a HelloRequest) */

	int quiet_shutdown;/* don't send shutdown packets */

	int shutdown;	/* we have shut things down, 0x01 sent, 0x02

			 * for received */

		unsigned char *psk, unsigned int max_psk_len);

#endif

#ifndef OPENSSL_NO_SRP

	SRP_CTX srp_ctx; /* ctx for SRP authentication */

#endif

	SSL_CTX *ctx;

	/* set this flag to 1 and a sleep(1) is put into all SSL_read()

	 * and SSL_write() calls, good for nbio debuging :-) */

#else

#define session_ctx ctx

#endif /* OPENSSL_NO_TLSEXT */

	int renegotiate;/* 1 if we are renegotiating.

	                 * 2 if we are a server and are inside a handshake

	                 * (i.e. not just sending a HelloRequest) */

#ifndef OPENSSL_NO_SRP

	SRP_CTX srp_ctx; /* ctx for SRP authentication */

#endif

	};

#endif

#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT		 253

#define SSL_F_DTLS1_GET_RECORD				 254

#define SSL_F_DTLS1_HANDLE_TIMEOUT			 297

#define SSL_F_DTLS1_HEARTBEAT				 314

#define SSL_F_DTLS1_HEARTBEAT				 305

#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN			 255

#define SSL_F_DTLS1_PREPROCESS_FRAGMENT			 288

#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE		 256

#define SSL_F_SSL3_CALLBACK_CTRL			 233

#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129

#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130

#define SSL_F_SSL3_CHECK_CLIENT_HELLO			 315

#define SSL_F_SSL3_CHECK_CLIENT_HELLO			 304

#define SSL_F_SSL3_CLIENT_HELLO				 131

#define SSL_F_SSL3_CONNECT				 132

#define SSL_F_SSL3_CTRL					 213

#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141

#define SSL_F_SSL3_GET_MESSAGE				 142

#define SSL_F_SSL3_GET_NEW_SESSION_TICKET		 283

#define SSL_F_SSL3_GET_NEXT_PROTO			 305

#define SSL_F_SSL3_GET_NEXT_PROTO			 306

#define SSL_F_SSL3_GET_RECORD				 143

#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144

#define SSL_F_SSL3_GET_SERVER_DONE			 145

#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188

#define SSL_F_SSL_SESSION_NEW				 189

#define SSL_F_SSL_SESSION_PRINT_FP			 190

#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT		 306

#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT		 312

#define SSL_F_SSL_SESS_CERT_NEW				 225

#define SSL_F_SSL_SET_CERT				 191

#define SSL_F_SSL_SET_CIPHER_LIST			 271

#define SSL_F_SSL_SET_TRUST				 228

#define SSL_F_SSL_SET_WFD				 196

#define SSL_F_SSL_SHUTDOWN				 224

#define SSL_F_SSL_SRP_CTX_INIT				 304

#define SSL_F_SSL_SRP_CTX_INIT				 313

#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION		 243

#define SSL_F_SSL_UNDEFINED_FUNCTION			 197

#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION		 244

#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209

#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT		 274

#define SSL_F_TLS1_ENC					 210

#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL		 312

#define SSL_F_TLS1_HEARTBEAT				 313

#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL		 314

#define SSL_F_TLS1_HEARTBEAT				 315

#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT		 275

#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT		 276

#define SSL_F_TLS1_PRF					 284

#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121

#define SSL_R_BAD_RSA_SIGNATURE				 122

#define SSL_R_BAD_SIGNATURE				 123

#define SSL_R_BAD_SRP_A_LENGTH				 346

#define SSL_R_BAD_SRP_B_LENGTH				 347

#define SSL_R_BAD_SRP_G_LENGTH				 348

#define SSL_R_BAD_SRP_N_LENGTH				 349

#define SSL_R_BAD_SRP_S_LENGTH				 350

#define SSL_R_BAD_SRTP_MKI_VALUE			 371

#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST		 360

#define SSL_R_BAD_SRP_A_LENGTH				 347

#define SSL_R_BAD_SRP_B_LENGTH				 348

#define SSL_R_BAD_SRP_G_LENGTH				 349

#define SSL_R_BAD_SRP_N_LENGTH				 350

#define SSL_R_BAD_SRP_S_LENGTH				 351

#define SSL_R_BAD_SRTP_MKI_VALUE			 352

#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST		 353

#define SSL_R_BAD_SSL_FILETYPE				 124

#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125

#define SSL_R_BAD_STATE					 126

#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE	 322

#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE	 323

#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310

#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST	 361

#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST	 354

#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150

#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282

#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151

#define SSL_R_INVALID_COMMAND				 280

#define SSL_R_INVALID_COMPRESSION_ALGORITHM		 341

#define SSL_R_INVALID_PURPOSE				 278

#define SSL_R_INVALID_SRP_USERNAME			 351

#define SSL_R_INVALID_SRP_USERNAME			 357

#define SSL_R_INVALID_STATUS_RESPONSE			 328

#define SSL_R_INVALID_TICKET_KEYS_LENGTH		 325

#define SSL_R_INVALID_TRUST				 279

#define SSL_R_MISSING_RSA_CERTIFICATE			 168

#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169

#define SSL_R_MISSING_RSA_SIGNING_CERT			 170

#define SSL_R_MISSING_SRP_PARAM				 352

#define SSL_R_MISSING_SRP_USERNAME			 353

#define SSL_R_MISSING_SRP_PARAM				 358

#define SSL_R_MISSING_TMP_DH_KEY			 171

#define SSL_R_MISSING_TMP_ECDH_KEY			 311

#define SSL_R_MISSING_TMP_RSA_KEY			 172

#define SSL_R_MISSING_TMP_RSA_PKEY			 173

#define SSL_R_MISSING_VERIFY_MESSAGE			 174

#define SSL_R_MULTIPLE_SGC_RESTARTS			 370

#define SSL_R_MULTIPLE_SGC_RESTARTS			 346

#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175

#define SSL_R_NO_CERTIFICATES_RETURNED			 176

#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177

#define SSL_R_NO_RENEGOTIATION				 339

#define SSL_R_NO_REQUIRED_DIGEST			 324

#define SSL_R_NO_SHARED_CIPHER				 193

#define SSL_R_NO_SRTP_PROFILES				 362

#define SSL_R_NO_SRTP_PROFILES				 359

#define SSL_R_NO_VERIFY_CALLBACK			 194

#define SSL_R_NULL_SSL_CTX				 195

#define SSL_R_NULL_SSL_METHOD_PASSED			 196

#define SSL_R_SERVERHELLO_TLSEXT			 275

#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277

#define SSL_R_SHORT_READ				 219

#define SSL_R_SIGNATURE_ALGORITHMS_ERROR		 359

#define SSL_R_SIGNATURE_ALGORITHMS_ERROR		 360

#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220

#define SSL_R_SRP_A_CALC				 354

#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES		 363

#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG	 364

#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE		 365

#define SSL_R_SRP_A_CALC				 361

#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES		 362

#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG	 363

#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE		 364

#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221

#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 299

#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT		 321

#define SSL_R_TLSV1_UNRECOGNIZED_NAME			 1112

#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION		 1110

#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232

#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT		 368

#define SSL_R_TLS_HEARTBEAT_PENDING			 369

#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT		 365

#define SSL_R_TLS_HEARTBEAT_PENDING			 366

#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL		 367

#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST		 157

#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233

#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247

#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248

#define SSL_R_UNKNOWN_CIPHER_TYPE			 249

#define SSL_R_UNKNOWN_DIGEST				 357

#define SSL_R_UNKNOWN_DIGEST				 368

#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250

#define SSL_R_UNKNOWN_PKEY_TYPE				 251

#define SSL_R_UNKNOWN_PROTOCOL				 252

#define SSL_R_UNSUPPORTED_PROTOCOL			 258

#define SSL_R_UNSUPPORTED_SSL_VERSION			 259

#define SSL_R_UNSUPPORTED_STATUS_TYPE			 329

#define SSL_R_USE_SRTP_NOT_NEGOTIATED			 366

#define SSL_R_USE_SRTP_NOT_NEGOTIATED			 369

#define SSL_R_WRITE_BIO_NOT_SET				 260

#define SSL_R_WRONG_CIPHER_RETURNED			 261

#define SSL_R_WRONG_MESSAGE_TYPE			 262

#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263

#define SSL_R_WRONG_SIGNATURE_LENGTH			 264

#define SSL_R_WRONG_SIGNATURE_SIZE			 265

#define SSL_R_WRONG_SIGNATURE_TYPE			 358

#define SSL_R_WRONG_SIGNATURE_TYPE			 370

#define SSL_R_WRONG_SSL_VERSION				 266

#define SSL_R_WRONG_VERSION_NUMBER			 267

#define SSL_R_X509_LIB					 268

	void *server_opaque_prf_input;

	size_t server_opaque_prf_input_len;

#ifndef OPENSSL_NO_NEXTPROTONEG

	/* Set if we saw the Next Protocol Negotiation extension from our peer. */

	int next_proto_neg_seen;

#endif

	struct	{

		/* actually only needs to be 16+20 */

		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];

        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];

        unsigned char previous_server_finished_len;

        int send_connection_binding; /* TODOEKR */

#ifndef OPENSSL_NO_NEXTPROTONEG

	/* Set if we saw the Next Protocol Negotiation extension from our peer. */

	int next_proto_neg_seen;

#endif

	} SSL3_STATE;

#endif

{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},

{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},

{ERR_REASON(SSL_R_MISSING_SRP_PARAM)     ,"can't find SRP server param"},

{ERR_REASON(SSL_R_MISSING_SRP_USERNAME)  ,"missing srp username"},

{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY)    ,"missing tmp dh key"},

{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY)  ,"missing tmp ecdh key"},

{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},