1 use libc::*;
2 use std::ptr;
3
4 use *;
5
6 #[cfg(not(any(libressl, ossl110)))]
7 pub const SSL_MAX_KRB5_PRINCIPAL_LENGTH: c_int = 256;
8
9 #[cfg(not(ossl110))]
10 pub const SSL_MAX_SSL_SESSION_ID_LENGTH: c_int = 32;
11 #[cfg(not(ossl110))]
12 pub const SSL_MAX_SID_CTX_LENGTH: c_int = 32;
13
14 #[cfg(not(any(libressl, ossl110)))]
15 pub const SSL_MAX_KEY_ARG_LENGTH: c_int = 8;
16 #[cfg(not(ossl110))]
17 pub const SSL_MAX_MASTER_KEY_LENGTH: c_int = 48;
18
19 pub const SSL_SENT_SHUTDOWN: c_int = 1;
20 pub const SSL_RECEIVED_SHUTDOWN: c_int = 2;
21
22 pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
23 pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
24
25 pub enum SSL_METHOD {}
26 pub enum SSL_CIPHER {}
27 cfg_if! {
28 if #[cfg(any(ossl110, libressl280))] {
29 pub enum SSL_SESSION {}
30 } else if #[cfg(libressl251)] {
31 #[repr(C)]
32 pub struct SSL_SESSION {
33 ssl_version: c_int,
34 pub master_key_length: c_int,
35 pub master_key: [c_uchar; 48],
36 session_id_length: c_uint,
37 session_id: [c_uchar; ::SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
38 sid_ctx_length: c_uint,
39 sid_ctx: [c_uchar; ::SSL_MAX_SID_CTX_LENGTH as usize],
40 peer: *mut ::X509,
41 verify_result: c_long,
42 timeout: c_long,
43 time: time_t,
44 pub references: c_int,
45 cipher: *const ::SSL_CIPHER,
46 cipher_id: c_long,
47 ciphers: *mut stack_st_SSL_CIPHER,
48 tlsext_hostname: *mut c_char,
49 tlsext_tick: *mut c_uchar,
50 tlsext_ticklen: size_t,
51 tlsext_tick_lifetime_int: c_long,
52 internal: *mut c_void,
53 }
54 } else if #[cfg(libressl)] {
55 #[repr(C)]
56 pub struct SSL_SESSION {
57 ssl_version: c_int,
58 pub master_key_length: c_int,
59 pub master_key: [c_uchar; 48],
60 session_id_length: c_uint,
61 session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
62 sid_ctx_length: c_uint,
63 sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize],
64 not_resumable: c_int,
65 sess_cert: *mut c_void,
66 peer: *mut X509,
67 verify_result: c_long,
68 timeout: c_long,
69 time: time_t,
70 pub references: c_int,
71 cipher: *const c_void,
72 cipher_id: c_ulong,
73 ciphers: *mut c_void,
74 ex_data: ::CRYPTO_EX_DATA,
75 prev: *mut c_void,
76 next: *mut c_void,
77 tlsext_hostname: *mut c_char,
78 tlsext_ecpointformatlist_length: size_t,
79 tlsext_ecpointformatlist: *mut u8,
80 tlsext_ellipticcurvelist_length: size_t,
81 tlsext_ellipticcurvelist: *mut u16,
82 tlsext_tick: *mut c_uchar,
83 tlsext_ticklen: size_t,
84 tlsext_tick_lifetime_hint: c_long,
85 }
86 } else {
87 #[repr(C)]
88 pub struct SSL_SESSION {
89 ssl_version: c_int,
90 key_arg_length: c_uint,
91 key_arg: [c_uchar; SSL_MAX_KEY_ARG_LENGTH as usize],
92 pub master_key_length: c_int,
93 pub master_key: [c_uchar; 48],
94 session_id_length: c_uint,
95 session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
96 sid_ctx_length: c_uint,
97 sid_ctx: [c_uchar; SSL_MAX_SID_CTX_LENGTH as usize],
98 #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
99 krb5_client_princ_len: c_uint,
100 #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
101 krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize],
102 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
103 psk_identity_hint: *mut c_char,
104 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
105 psk_identity: *mut c_char,
106 not_resumable: c_int,
107 sess_cert: *mut c_void,
108 peer: *mut X509,
109 verify_result: c_long,
110 pub references: c_int,
111 timeout: c_long,
112 time: c_long,
113 compress_meth: c_uint,
114 cipher: *const c_void,
115 cipher_id: c_ulong,
116 ciphers: *mut c_void,
117 ex_data: ::CRYPTO_EX_DATA,
118 prev: *mut c_void,
119 next: *mut c_void,
120 #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
121 tlsext_hostname: *mut c_char,
122 #[cfg(all(
123 not(osslconf = "OPENSSL_NO_TLSEXT"),
124 not(osslconf = "OPENSSL_NO_EC")
125 ))]
126 tlsext_ecpointformatlist_length: size_t,
127 #[cfg(all(
128 not(osslconf = "OPENSSL_NO_TLSEXT"),
129 not(osslconf = "OPENSSL_NO_EC")
130 ))]
131 tlsext_ecpointformatlist: *mut c_uchar,
132 #[cfg(all(
133 not(osslconf = "OPENSSL_NO_TLSEXT"),
134 not(osslconf = "OPENSSL_NO_EC")
135 ))]
136 tlsext_ellipticcurvelist_length: size_t,
137 #[cfg(all(
138 not(osslconf = "OPENSSL_NO_TLSEXT"),
139 not(osslconf = "OPENSSL_NO_EC")
140 ))]
141 tlsext_ellipticcurvelist: *mut c_uchar,
142 #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
143 tlsext_tick: *mut c_uchar,
144 #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
145 tlsext_ticklen: size_t,
146 #[cfg(not(osslconf = "OPENSSL_NO_TLSEXT"))]
147 tlsext_tick_lifetime_hint: c_long,
148 #[cfg(not(osslconf = "OPENSSL_NO_SRP"))]
149 srp_username: *mut c_char,
150 }
151 }
152 }
153
154 stack!(stack_st_SSL_CIPHER);
155
156 #[repr(C)]
157 pub struct SRTP_PROTECTION_PROFILE {
158 pub name: *const c_char,
159 pub id: c_ulong,
160 }
161
162 stack!(stack_st_SRTP_PROTECTION_PROFILE);
163
164 pub type tls_session_ticket_ext_cb_fn =
165 Option<unsafe extern "C" fn(*mut SSL, *const c_uchar, c_int, *mut c_void) -> c_int>;
166 pub type tls_session_secret_cb_fn = Option<
167 unsafe extern "C" fn(
168 *mut SSL,
169 *mut c_void,
170 *mut c_int,
171 *mut stack_st_SSL_CIPHER,
172 *mut *mut SSL_CIPHER,
173 *mut c_void,
174 ) -> c_int,
175 >;
176
177 #[cfg(ossl111)]
178 pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001;
179 /* This extension is only allowed in DTLS */
180 #[cfg(ossl111)]
181 pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002;
182 /* Some extensions may be allowed in DTLS but we don't implement them for it */
183 #[cfg(ossl111)]
184 pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004;
185 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
186 #[cfg(ossl111)]
187 pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008;
188 /* Extension is only defined for TLS1.2 and below */
189 #[cfg(ossl111)]
190 pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010;
191 /* Extension is only defined for TLS1.3 and above */
192 #[cfg(ossl111)]
193 pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020;
194 /* Ignore this extension during parsing if we are resuming */
195 #[cfg(ossl111)]
196 pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040;
197 #[cfg(ossl111)]
198 pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080;
199 /* Really means TLS1.2 or below */
200 #[cfg(ossl111)]
201 pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100;
202 #[cfg(ossl111)]
203 pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200;
204 #[cfg(ossl111)]
205 pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400;
206 #[cfg(ossl111)]
207 pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800;
208 #[cfg(ossl111)]
209 pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000;
210 #[cfg(ossl111)]
211 pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000;
212 #[cfg(ossl111)]
213 pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000;
214
215 #[cfg(ossl111)]
216 pub type SSL_custom_ext_add_cb_ex = Option<
217 unsafe extern "C" fn(
218 ssl: *mut ::SSL,
219 ext_type: c_uint,
220 context: c_uint,
221 out: *mut *const c_uchar,
222 outlen: *mut size_t,
223 x: *mut ::X509,
224 chainidx: size_t,
225 al: *mut c_int,
226 add_arg: *mut c_void,
227 ) -> c_int,
228 >;
229
230 #[cfg(ossl111)]
231 pub type SSL_custom_ext_free_cb_ex = Option<
232 unsafe extern "C" fn(
233 ssl: *mut ::SSL,
234 ext_type: c_uint,
235 context: c_uint,
236 out: *mut *const c_uchar,
237 add_arg: *mut c_void,
238 ),
239 >;
240
241 #[cfg(ossl111)]
242 pub type SSL_custom_ext_parse_cb_ex = Option<
243 unsafe extern "C" fn(
244 ssl: *mut ::SSL,
245 ext_type: c_uint,
246 context: c_uint,
247 input: *const c_uchar,
248 inlen: size_t,
249 x: *mut ::X509,
250 chainidx: size_t,
251 al: *mut c_int,
252 parse_arg: *mut c_void,
253 ) -> c_int,
254 >;
255
256 cfg_if! {
257 if #[cfg(ossl300)] {
258 macro_rules! ssl_op_type {
259 () => {u64};
260 }
261 } else {
262 macro_rules! ssl_op_type {
263 () => {c_ulong};
264 }
265 }
266 }
267
268 pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004;
269 cfg_if! {
270 if #[cfg(libressl261)] {
271 pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0;
272 } else if #[cfg(any(ossl102, libressl))] {
273 pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x10;
274 }
275 }
276 #[cfg(ossl101)]
277 pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: ssl_op_type!() = 0x00000040;
278
279 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000800;
280
281 pub const SSL_OP_NO_QUERY_MTU: ssl_op_type!() = 0x00001000;
282 pub const SSL_OP_COOKIE_EXCHANGE: ssl_op_type!() = 0x00002000;
283 pub const SSL_OP_NO_TICKET: ssl_op_type!() = 0x00004000;
284 cfg_if! {
285 if #[cfg(ossl101)] {
286 pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x00008000;
287 } else {
288 pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x0;
289 }
290 }
291
292 pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: ssl_op_type!() = 0x00010000;
293 cfg_if! {
294 if #[cfg(ossl101)] {
295 pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x00020000;
296 pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x00040000;
297 } else {
298 pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x0;
299 pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x0;
300 }
301 }
302
303 #[cfg(ossl111)]
304 pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: ssl_op_type!() = 0x00100000;
305
306 pub const SSL_OP_CIPHER_SERVER_PREFERENCE: ssl_op_type!() = 0x00400000;
307 cfg_if! {
308 if #[cfg(libressl280)] {
309 pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0;
310 } else {
311 pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0x00800000;
312 }
313 }
314
315 cfg_if! {
316 if #[cfg(ossl101)] {
317 pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x02000000;
318 } else {
319 pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x0;
320 }
321 }
322 pub const SSL_OP_NO_TLSv1_1: ssl_op_type!() = 0x10000000;
323 pub const SSL_OP_NO_TLSv1_2: ssl_op_type!() = 0x08000000;
324
325 pub const SSL_OP_NO_TLSv1: ssl_op_type!() = 0x04000000;
326 cfg_if! {
327 if #[cfg(ossl102)] {
328 pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x04000000;
329 pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x08000000;
330 } else if #[cfg(libressl332)] {
331 pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x40000000;
332 pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x80000000;
333 }
334 }
335 #[cfg(ossl111)]
336 pub const SSL_OP_NO_TLSv1_3: ssl_op_type!() = 0x20000000;
337
338 #[cfg(ossl110h)]
339 pub const SSL_OP_NO_RENEGOTIATION: ssl_op_type!() = 0x40000000;
340
341 cfg_if! {
342 if #[cfg(ossl111)] {
343 pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2
344 | SSL_OP_NO_SSLv3
345 | SSL_OP_NO_TLSv1
346 | SSL_OP_NO_TLSv1_1
347 | SSL_OP_NO_TLSv1_2
348 | SSL_OP_NO_TLSv1_3;
349 } else if #[cfg(ossl102)] {
350 pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() =
351 SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
352 }
353 }
354
355 cfg_if! {
356 if #[cfg(libressl261)] {
357 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x0;
358 } else {
359 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x80000000;
360 }
361 }
362
363 cfg_if! {
364 if #[cfg(ossl300)] {
365 pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
366 | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
367 | SSL_OP_TLSEXT_PADDING
368 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
369 } else if #[cfg(ossl110f)] {
370 pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
371 | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
372 | SSL_OP_LEGACY_SERVER_CONNECT
373 | SSL_OP_TLSEXT_PADDING
374 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
375 } else if #[cfg(libressl261)] {
376 pub const SSL_OP_ALL: ssl_op_type!() = 0x4;
377 } else if #[cfg(libressl)] {
378 pub const SSL_OP_ALL: ssl_op_type!() = 0x80000014;
379 } else {
380 pub const SSL_OP_ALL: ssl_op_type!() = 0x80000BFF;
381 }
382 }
383
384 cfg_if! {
385 if #[cfg(ossl110)] {
386 pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x00000000;
387 pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x00000000;
388 pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x00000000;
389 pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x00000000;
390 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x00000000;
391 pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x00000000;
392 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x00000000;
393 pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00000000;
394 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00000000;
395 pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x00000000;
396 } else if #[cfg(ossl101)] {
397 pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x00000001;
398 pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x00000002;
399 pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x00000008;
400 pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x00000020;
401 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x00000080;
402 pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x00000100;
403 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x00000200;
404 pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00080000;
405 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000;
406 pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x01000000;
407 } else {
408 pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x0;
409 pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x0;
410 pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x0;
411 pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x0;
412 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x0;
413 pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x0;
414 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x0;
415 #[cfg(libressl261)]
416 pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x0;
417 #[cfg(not(libressl261))]
418 pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00080000;
419 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000;
420 pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x0;
421 }
422 }
423
424 pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1;
425 pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2;
426 pub const SSL_MODE_AUTO_RETRY: c_long = 0x4;
427 pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8;
428 pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10;
429 #[cfg(ossl101)]
430 pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20;
431 #[cfg(ossl101)]
432 pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40;
433 #[cfg(ossl101)]
434 pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80;
435
SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long436 pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long {
437 SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut())
438 }
439
440 #[cfg(ossl111)]
441 pub const SSL_COOKIE_LENGTH: c_int = 4096;
442
443 cfg_if! {
444 if #[cfg(ossl300)] {
445 extern "C" {
446 pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> u64;
447 pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: u64) -> u64;
448 pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: u64) -> u64;
449 }
450 } else if #[cfg(ossl110)] {
451 extern "C" {
452 pub fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong;
453 pub fn SSL_CTX_set_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong;
454 pub fn SSL_CTX_clear_options(ctx: *mut SSL_CTX, op: c_ulong) -> c_ulong;
455 }
456 } else {
457 pub unsafe fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong {
458 SSL_CTX_ctrl(ctx as *mut _, SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
459 }
460
461 pub unsafe fn SSL_CTX_set_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
462 SSL_CTX_ctrl(
463 ctx as *mut _,
464 SSL_CTRL_OPTIONS,
465 op as c_long,
466 ptr::null_mut(),
467 ) as c_ulong
468 }
469
470 pub unsafe fn SSL_CTX_clear_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
471 SSL_CTX_ctrl(
472 ctx as *mut _,
473 SSL_CTRL_CLEAR_OPTIONS,
474 op as c_long,
475 ptr::null_mut(),
476 ) as c_ulong
477 }
478 }
479 }
480
SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long481 pub unsafe fn SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long {
482 SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, ptr::null_mut())
483 }
484
485 pub type GEN_SESSION_CB =
486 Option<unsafe extern "C" fn(*const SSL, *mut c_uchar, *mut c_uint) -> c_int>;
487
488 pub const SSL_SESS_CACHE_OFF: c_long = 0x0;
489 pub const SSL_SESS_CACHE_CLIENT: c_long = 0x1;
490 pub const SSL_SESS_CACHE_SERVER: c_long = 0x2;
491 pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER;
492 pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80;
493 pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100;
494 pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200;
495 pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
496 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
497
498 extern "C" {
SSL_CTX_sess_set_new_cb( ctx: *mut SSL_CTX, new_session_cb: Option<unsafe extern "C" fn(*mut SSL, *mut SSL_SESSION) -> c_int>, )499 pub fn SSL_CTX_sess_set_new_cb(
500 ctx: *mut SSL_CTX,
501 new_session_cb: Option<unsafe extern "C" fn(*mut SSL, *mut SSL_SESSION) -> c_int>,
502 );
SSL_CTX_sess_set_remove_cb( ctx: *mut SSL_CTX, remove_session_cb: Option<unsafe extern "C" fn(*mut SSL_CTX, *mut SSL_SESSION)>, )503 pub fn SSL_CTX_sess_set_remove_cb(
504 ctx: *mut SSL_CTX,
505 remove_session_cb: Option<unsafe extern "C" fn(*mut SSL_CTX, *mut SSL_SESSION)>,
506 );
507 }
508 cfg_if! {
509 // const change in passed function pointer signature
510 if #[cfg(any(ossl110, libressl280))] {
511 extern "C" {
512 pub fn SSL_CTX_sess_set_get_cb(
513 ctx: *mut ::SSL_CTX,
514 get_session_cb: Option<
515 unsafe extern "C" fn(*mut ::SSL, *const c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
516 >,
517 );
518 }
519 } else {
520 extern "C" {
521 pub fn SSL_CTX_sess_set_get_cb(
522 ctx: *mut ::SSL_CTX,
523 get_session_cb: Option<
524 unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
525 >,
526 );
527 }
528 }
529 }
530 extern "C" {
531 // FIXME change to unsafe extern "C" fn
SSL_CTX_set_cookie_generate_cb( s: *mut SSL_CTX, cb: Option< extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int, >, )532 pub fn SSL_CTX_set_cookie_generate_cb(
533 s: *mut SSL_CTX,
534 cb: Option<
535 extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut c_uint) -> c_int,
536 >,
537 );
538 }
539
540 cfg_if! {
541 // const change in passed function pointer signature
542 if #[cfg(any(ossl110, libressl280))] {
543 extern "C" {
544 pub fn SSL_CTX_set_cookie_verify_cb(
545 s: *mut SSL_CTX,
546 cb: Option<
547 extern "C" fn(ssl: *mut SSL, cookie: *const c_uchar, cookie_len: c_uint) -> c_int,
548 >,
549 );
550 }
551 } else {
552 extern "C" {
553 pub fn SSL_CTX_set_cookie_verify_cb(
554 s: *mut SSL_CTX,
555 cb: Option<extern "C" fn(ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: c_uint) -> c_int>,
556 );
557 }
558 }
559 }
560
561 extern "C" {
562 #[cfg(ossl111)]
SSL_CTX_set_stateless_cookie_generate_cb( s: *mut SSL_CTX, cb: Option< unsafe extern "C" fn( ssl: *mut SSL, cookie: *mut c_uchar, cookie_len: *mut size_t, ) -> c_int, >, )563 pub fn SSL_CTX_set_stateless_cookie_generate_cb(
564 s: *mut SSL_CTX,
565 cb: Option<
566 unsafe extern "C" fn(
567 ssl: *mut SSL,
568 cookie: *mut c_uchar,
569 cookie_len: *mut size_t,
570 ) -> c_int,
571 >,
572 );
573 #[cfg(ossl111)]
SSL_CTX_set_stateless_cookie_verify_cb( s: *mut SSL_CTX, cb: Option< unsafe extern "C" fn( ssl: *mut SSL, cookie: *const c_uchar, cookie_len: size_t, ) -> c_int, >, )574 pub fn SSL_CTX_set_stateless_cookie_verify_cb(
575 s: *mut SSL_CTX,
576 cb: Option<
577 unsafe extern "C" fn(
578 ssl: *mut SSL,
579 cookie: *const c_uchar,
580 cookie_len: size_t,
581 ) -> c_int,
582 >,
583 );
584
SSL_CTX_set_next_protos_advertised_cb( ssl: *mut SSL_CTX, cb: extern "C" fn( ssl: *mut SSL, out: *mut *const c_uchar, outlen: *mut c_uint, arg: *mut c_void, ) -> c_int, arg: *mut c_void, )585 pub fn SSL_CTX_set_next_protos_advertised_cb(
586 ssl: *mut SSL_CTX,
587 cb: extern "C" fn(
588 ssl: *mut SSL,
589 out: *mut *const c_uchar,
590 outlen: *mut c_uint,
591 arg: *mut c_void,
592 ) -> c_int,
593 arg: *mut c_void,
594 );
SSL_CTX_set_next_proto_select_cb( ssl: *mut SSL_CTX, cb: extern "C" fn( ssl: *mut SSL, out: *mut *mut c_uchar, outlen: *mut c_uchar, inbuf: *const c_uchar, inlen: c_uint, arg: *mut c_void, ) -> c_int, arg: *mut c_void, )595 pub fn SSL_CTX_set_next_proto_select_cb(
596 ssl: *mut SSL_CTX,
597 cb: extern "C" fn(
598 ssl: *mut SSL,
599 out: *mut *mut c_uchar,
600 outlen: *mut c_uchar,
601 inbuf: *const c_uchar,
602 inlen: c_uint,
603 arg: *mut c_void,
604 ) -> c_int,
605 arg: *mut c_void,
606 );
SSL_get0_next_proto_negotiated( s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint, )607 pub fn SSL_get0_next_proto_negotiated(
608 s: *const SSL,
609 data: *mut *const c_uchar,
610 len: *mut c_uint,
611 );
612
SSL_select_next_proto( out: *mut *mut c_uchar, outlen: *mut c_uchar, inbuf: *const c_uchar, inlen: c_uint, client: *const c_uchar, client_len: c_uint, ) -> c_int613 pub fn SSL_select_next_proto(
614 out: *mut *mut c_uchar,
615 outlen: *mut c_uchar,
616 inbuf: *const c_uchar,
617 inlen: c_uint,
618 client: *const c_uchar,
619 client_len: c_uint,
620 ) -> c_int;
621 }
622
623 pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0;
624 pub const OPENSSL_NPN_NEGOTIATED: c_int = 1;
625 pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2;
626
627 extern "C" {
628 #[cfg(any(ossl102, libressl261))]
SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int629 pub fn SSL_CTX_set_alpn_protos(s: *mut SSL_CTX, data: *const c_uchar, len: c_uint) -> c_int;
630 #[cfg(any(ossl102, libressl261))]
SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int631 pub fn SSL_set_alpn_protos(s: *mut SSL, data: *const c_uchar, len: c_uint) -> c_int;
632 // FIXME should take an Option<unsafe extern "C" fn>
633 #[cfg(any(ossl102, libressl261))]
SSL_CTX_set_alpn_select_cb( ssl: *mut SSL_CTX, cb: extern "C" fn( ssl: *mut SSL, out: *mut *const c_uchar, outlen: *mut c_uchar, inbuf: *const c_uchar, inlen: c_uint, arg: *mut c_void, ) -> c_int, arg: *mut c_void, )634 pub fn SSL_CTX_set_alpn_select_cb(
635 ssl: *mut SSL_CTX,
636 cb: extern "C" fn(
637 ssl: *mut SSL,
638 out: *mut *const c_uchar,
639 outlen: *mut c_uchar,
640 inbuf: *const c_uchar,
641 inlen: c_uint,
642 arg: *mut c_void,
643 ) -> c_int,
644 arg: *mut c_void,
645 );
646 #[cfg(any(ossl102, libressl261))]
SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint)647 pub fn SSL_get0_alpn_selected(s: *const SSL, data: *mut *const c_uchar, len: *mut c_uint);
648 }
649
650 #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
651 extern "C" {
SSL_CTX_set_psk_client_callback( ssl: *mut SSL_CTX, psk_client_cb: Option< extern "C" fn( *mut SSL, *const c_char, *mut c_char, c_uint, *mut c_uchar, c_uint, ) -> c_uint, >, )652 pub fn SSL_CTX_set_psk_client_callback(
653 ssl: *mut SSL_CTX,
654 psk_client_cb: Option<
655 extern "C" fn(
656 *mut SSL,
657 *const c_char,
658 *mut c_char,
659 c_uint,
660 *mut c_uchar,
661 c_uint,
662 ) -> c_uint,
663 >,
664 );
SSL_CTX_set_psk_server_callback( ssl: *mut SSL_CTX, psk_server_cb: Option< extern "C" fn(*mut SSL, *const c_char, *mut c_uchar, c_uint) -> c_uint, >, )665 pub fn SSL_CTX_set_psk_server_callback(
666 ssl: *mut SSL_CTX,
667 psk_server_cb: Option<
668 extern "C" fn(*mut SSL, *const c_char, *mut c_uchar, c_uint) -> c_uint,
669 >,
670 );
671 }
672
673 extern "C" {
674 #[cfg(ossl111)]
SSL_CTX_add_custom_ext( ctx: *mut ::SSL_CTX, ext_type: c_uint, context: c_uint, add_cb: SSL_custom_ext_add_cb_ex, free_cb: SSL_custom_ext_free_cb_ex, add_arg: *mut c_void, parse_cb: SSL_custom_ext_parse_cb_ex, parse_arg: *mut c_void, ) -> c_int675 pub fn SSL_CTX_add_custom_ext(
676 ctx: *mut ::SSL_CTX,
677 ext_type: c_uint,
678 context: c_uint,
679 add_cb: SSL_custom_ext_add_cb_ex,
680 free_cb: SSL_custom_ext_free_cb_ex,
681 add_arg: *mut c_void,
682 parse_cb: SSL_custom_ext_parse_cb_ex,
683 parse_arg: *mut c_void,
684 ) -> c_int;
685
686 #[cfg(ossl102)]
SSL_extension_supported(ext_type: c_uint) -> c_int687 pub fn SSL_extension_supported(ext_type: c_uint) -> c_int;
688 }
689
690 #[cfg(ossl111)]
691 pub type SSL_CTX_keylog_cb_func =
692 Option<unsafe extern "C" fn(ssl: *const SSL, line: *const c_char)>;
693
694 extern "C" {
695 #[cfg(ossl111)]
SSL_CTX_set_keylog_callback(ctx: *mut SSL_CTX, cb: SSL_CTX_keylog_cb_func)696 pub fn SSL_CTX_set_keylog_callback(ctx: *mut SSL_CTX, cb: SSL_CTX_keylog_cb_func);
697
698 #[cfg(ossl111)]
SSL_CTX_set_max_early_data(ctx: *mut SSL_CTX, max_early_data: u32) -> c_int699 pub fn SSL_CTX_set_max_early_data(ctx: *mut SSL_CTX, max_early_data: u32) -> c_int;
700 #[cfg(ossl111)]
SSL_CTX_get_max_early_data(ctx: *const SSL_CTX) -> u32701 pub fn SSL_CTX_get_max_early_data(ctx: *const SSL_CTX) -> u32;
702 #[cfg(ossl111)]
SSL_set_max_early_data(ctx: *mut SSL, max_early_data: u32) -> c_int703 pub fn SSL_set_max_early_data(ctx: *mut SSL, max_early_data: u32) -> c_int;
704 #[cfg(ossl111)]
SSL_get_max_early_data(ctx: *const SSL) -> u32705 pub fn SSL_get_max_early_data(ctx: *const SSL) -> u32;
706
SSL_get_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t707 pub fn SSL_get_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t;
SSL_get_peer_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t708 pub fn SSL_get_peer_finished(s: *const SSL, buf: *mut c_void, count: size_t) -> size_t;
709
SSL_CTX_get_verify_mode(ctx: *const SSL_CTX) -> c_int710 pub fn SSL_CTX_get_verify_mode(ctx: *const SSL_CTX) -> c_int;
SSL_get_verify_mode(s: *const SSL) -> c_int711 pub fn SSL_get_verify_mode(s: *const SSL) -> c_int;
712 }
713
714 const_ptr_api! {
715 extern "C" {
716 #[cfg(ossl110)]
717 pub fn SSL_is_init_finished(s: #[const_ptr_if(ossl111)] SSL) -> c_int;
718 }
719 }
720
721 pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;
722 pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR;
723 pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME;
724 pub const SSL_ERROR_NONE: c_int = 0;
725 pub const SSL_ERROR_SSL: c_int = 1;
726 pub const SSL_ERROR_SYSCALL: c_int = 5;
727 pub const SSL_ERROR_WANT_ACCEPT: c_int = 8;
728 pub const SSL_ERROR_WANT_CONNECT: c_int = 7;
729 pub const SSL_ERROR_WANT_READ: c_int = 2;
730 pub const SSL_ERROR_WANT_WRITE: c_int = 3;
731 pub const SSL_ERROR_WANT_X509_LOOKUP: c_int = 4;
732 pub const SSL_ERROR_ZERO_RETURN: c_int = 6;
733 #[cfg(ossl111)]
734 pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11;
735 pub const SSL_VERIFY_NONE: c_int = 0;
736 pub const SSL_VERIFY_PEER: c_int = 1;
737 pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
738 pub const SSL_CTRL_SET_TMP_DH: c_int = 3;
739 pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4;
740 #[cfg(any(libressl, all(ossl101, not(ossl110))))]
741 pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8;
742 pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
743 pub const SSL_CTRL_SET_MTU: c_int = 17;
744 #[cfg(any(libressl, all(ossl101, not(ossl110))))]
745 pub const SSL_CTRL_OPTIONS: c_int = 32;
746 pub const SSL_CTRL_MODE: c_int = 33;
747 pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
748 pub const SSL_CTRL_SET_SESS_CACHE_SIZE: c_int = 42;
749 pub const SSL_CTRL_GET_SESS_CACHE_SIZE: c_int = 43;
750 pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44;
751 pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53;
752 pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
753 pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
754 pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: c_int = 63;
755 pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: c_int = 64;
756 pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65;
757 pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70;
758 pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71;
759 #[cfg(any(libressl, all(ossl101, not(ossl110))))]
760 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
761 pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82;
762 #[cfg(ossl111)]
763 pub const SSL_CTRL_SET_GROUPS_LIST: c_int = 92;
764 #[cfg(any(libressl, all(ossl102, not(ossl110))))]
765 pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
766 #[cfg(ossl102)]
767 pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98;
768 #[cfg(ossl102)]
769 pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106;
770 #[cfg(ossl110)]
771 pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
772 #[cfg(ossl110)]
773 pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
774 #[cfg(ossl110g)]
775 pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
776 #[cfg(ossl110g)]
777 pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
778
SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long779 pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long {
780 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
781 }
782
SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long783 pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long {
784 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
785 }
786
SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long787 pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long {
788 SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
789 }
790
SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long791 pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long {
792 SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
793 }
794
SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long795 pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long {
796 SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void)
797 }
798
SSL_CTX_get_extra_chain_certs( ctx: *mut SSL_CTX, chain: *mut *mut stack_st_X509, ) -> c_long799 pub unsafe fn SSL_CTX_get_extra_chain_certs(
800 ctx: *mut SSL_CTX,
801 chain: *mut *mut stack_st_X509,
802 ) -> c_long {
803 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void)
804 }
805
806 #[cfg(ossl102)]
SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long807 pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long {
808 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
809 }
810
811 #[cfg(ossl111)]
SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long812 pub unsafe fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
813 SSL_CTX_ctrl(
814 ctx,
815 SSL_CTRL_SET_GROUPS_LIST,
816 0,
817 s as *const c_void as *mut c_void,
818 )
819 }
820
821 #[cfg(ossl102)]
SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long822 pub unsafe fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
823 SSL_CTX_ctrl(
824 ctx,
825 SSL_CTRL_SET_SIGALGS_LIST,
826 0,
827 s as *const c_void as *mut c_void,
828 )
829 }
830
831 #[cfg(any(libressl, all(ossl102, not(ossl110))))]
SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int832 pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
833 SSL_CTX_ctrl(
834 ctx,
835 SSL_CTRL_SET_ECDH_AUTO,
836 onoff as c_long,
837 ptr::null_mut(),
838 ) as c_int
839 }
840
841 #[cfg(any(libress, all(ossl102, not(ossl110))))]
SSL_set_ecdh_auto(ssl: *mut ::SSL, onoff: c_int) -> c_int842 pub unsafe fn SSL_set_ecdh_auto(ssl: *mut ::SSL, onoff: c_int) -> c_int {
843 SSL_ctrl(
844 ssl,
845 SSL_CTRL_SET_ECDH_AUTO,
846 onoff as c_long,
847 ptr::null_mut(),
848 ) as c_int
849 }
850
851 cfg_if! {
852 if #[cfg(ossl110)] {
853 pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
854 SSL_CTX_ctrl(
855 ctx,
856 SSL_CTRL_SET_MIN_PROTO_VERSION,
857 version as c_long,
858 ptr::null_mut(),
859 ) as c_int
860 }
861
862 pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
863 SSL_CTX_ctrl(
864 ctx,
865 SSL_CTRL_SET_MAX_PROTO_VERSION,
866 version as c_long,
867 ptr::null_mut(),
868 ) as c_int
869 }
870 } else if #[cfg(libressl261)] {
871 extern "C" {
872 pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
873 pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
874 }
875 }
876 }
877
878 cfg_if! {
879 if #[cfg(ossl110g)] {
880 pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int {
881 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
882 }
883
884 pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int {
885 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
886 }
887 } else if #[cfg(libressl270)] {
888 extern "C" {
889 pub fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
890 pub fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
891 }
892 }
893 }
894
895 #[cfg(ossl110)]
SSL_set_min_proto_version(s: *mut SSL, version: c_int) -> c_int896 pub unsafe fn SSL_set_min_proto_version(s: *mut SSL, version: c_int) -> c_int {
897 SSL_ctrl(
898 s,
899 SSL_CTRL_SET_MIN_PROTO_VERSION,
900 version as c_long,
901 ptr::null_mut(),
902 ) as c_int
903 }
904
905 #[cfg(ossl110)]
SSL_set_max_proto_version(s: *mut SSL, version: c_int) -> c_int906 pub unsafe fn SSL_set_max_proto_version(s: *mut SSL, version: c_int) -> c_int {
907 SSL_ctrl(
908 s,
909 SSL_CTRL_SET_MAX_PROTO_VERSION,
910 version as c_long,
911 ptr::null_mut(),
912 ) as c_int
913 }
914
915 #[cfg(ossl110g)]
SSL_get_min_proto_version(s: *mut SSL) -> c_int916 pub unsafe fn SSL_get_min_proto_version(s: *mut SSL) -> c_int {
917 SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
918 }
919
920 #[cfg(ossl110g)]
SSL_get_max_proto_version(s: *mut SSL) -> c_int921 pub unsafe fn SSL_get_max_proto_version(s: *mut SSL) -> c_int {
922 SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
923 }
924
925 extern "C" {
SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int926 pub fn SSL_CTX_set_cipher_list(ssl: *mut SSL_CTX, s: *const c_char) -> c_int;
SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX927 pub fn SSL_CTX_new(method: *const SSL_METHOD) -> *mut SSL_CTX;
SSL_CTX_free(ctx: *mut SSL_CTX)928 pub fn SSL_CTX_free(ctx: *mut SSL_CTX);
929 #[cfg(any(ossl110, libressl273))]
SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int930 pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE931 pub fn SSL_CTX_get_cert_store(ctx: *const SSL_CTX) -> *mut X509_STORE;
SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE)932 pub fn SSL_CTX_set_cert_store(ctx: *mut SSL_CTX, store: *mut X509_STORE);
933
SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER934 pub fn SSL_get_current_cipher(ssl: *const SSL) -> *const SSL_CIPHER;
SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int935 pub fn SSL_CIPHER_get_bits(cipher: *const SSL_CIPHER, alg_bits: *mut c_int) -> c_int;
936 }
937 const_ptr_api! {
938 extern "C" {
939 pub fn SSL_CIPHER_get_version(cipher: *const SSL_CIPHER) -> #[const_ptr_if(any(ossl110, libressl280))] c_char;
940 }
941 }
942 extern "C" {
943 #[cfg(ossl111)]
SSL_CIPHER_get_handshake_digest(cipher: *const ::SSL_CIPHER) -> *const ::EVP_MD944 pub fn SSL_CIPHER_get_handshake_digest(cipher: *const ::SSL_CIPHER) -> *const ::EVP_MD;
SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char945 pub fn SSL_CIPHER_get_name(cipher: *const SSL_CIPHER) -> *const c_char;
946 #[cfg(ossl111)]
SSL_CIPHER_standard_name(cipher: *const SSL_CIPHER) -> *const c_char947 pub fn SSL_CIPHER_standard_name(cipher: *const SSL_CIPHER) -> *const c_char;
948 #[cfg(ossl111)]
OPENSSL_cipher_name(rfc_name: *const c_char) -> *const c_char949 pub fn OPENSSL_cipher_name(rfc_name: *const c_char) -> *const c_char;
950
SSL_pending(ssl: *const SSL) -> c_int951 pub fn SSL_pending(ssl: *const SSL) -> c_int;
SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO)952 pub fn SSL_set_bio(ssl: *mut SSL, rbio: *mut BIO, wbio: *mut BIO);
SSL_get_rbio(ssl: *const SSL) -> *mut BIO953 pub fn SSL_get_rbio(ssl: *const SSL) -> *mut BIO;
SSL_get_wbio(ssl: *const SSL) -> *mut BIO954 pub fn SSL_get_wbio(ssl: *const SSL) -> *mut BIO;
955 #[cfg(ossl111)]
SSL_CTX_set_ciphersuites(ctx: *mut SSL_CTX, str: *const c_char) -> c_int956 pub fn SSL_CTX_set_ciphersuites(ctx: *mut SSL_CTX, str: *const c_char) -> c_int;
957 #[cfg(ossl111)]
SSL_set_ciphersuites(ssl: *mut ::SSL, str: *const c_char) -> c_int958 pub fn SSL_set_ciphersuites(ssl: *mut ::SSL, str: *const c_char) -> c_int;
SSL_set_verify( ssl: *mut SSL, mode: c_int, verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>, )959 pub fn SSL_set_verify(
960 ssl: *mut SSL,
961 mode: c_int,
962 // FIXME should be unsafe
963 verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>,
964 );
SSL_CTX_use_PrivateKey(ctx: *mut SSL_CTX, key: *mut EVP_PKEY) -> c_int965 pub fn SSL_CTX_use_PrivateKey(ctx: *mut SSL_CTX, key: *mut EVP_PKEY) -> c_int;
SSL_CTX_use_certificate(ctx: *mut SSL_CTX, cert: *mut X509) -> c_int966 pub fn SSL_CTX_use_certificate(ctx: *mut SSL_CTX, cert: *mut X509) -> c_int;
967
SSL_CTX_use_PrivateKey_file( ctx: *mut SSL_CTX, key_file: *const c_char, file_type: c_int, ) -> c_int968 pub fn SSL_CTX_use_PrivateKey_file(
969 ctx: *mut SSL_CTX,
970 key_file: *const c_char,
971 file_type: c_int,
972 ) -> c_int;
SSL_CTX_use_certificate_file( ctx: *mut SSL_CTX, cert_file: *const c_char, file_type: c_int, ) -> c_int973 pub fn SSL_CTX_use_certificate_file(
974 ctx: *mut SSL_CTX,
975 cert_file: *const c_char,
976 file_type: c_int,
977 ) -> c_int;
SSL_CTX_use_certificate_chain_file( ctx: *mut SSL_CTX, cert_chain_file: *const c_char, ) -> c_int978 pub fn SSL_CTX_use_certificate_chain_file(
979 ctx: *mut SSL_CTX,
980 cert_chain_file: *const c_char,
981 ) -> c_int;
SSL_load_client_CA_file(file: *const c_char) -> *mut stack_st_X509_NAME982 pub fn SSL_load_client_CA_file(file: *const c_char) -> *mut stack_st_X509_NAME;
983
984 #[cfg(not(ossl110))]
SSL_load_error_strings()985 pub fn SSL_load_error_strings();
SSL_state_string(ssl: *const SSL) -> *const c_char986 pub fn SSL_state_string(ssl: *const SSL) -> *const c_char;
SSL_state_string_long(ssl: *const SSL) -> *const c_char987 pub fn SSL_state_string_long(ssl: *const SSL) -> *const c_char;
988
SSL_SESSION_get_time(s: *const SSL_SESSION) -> c_long989 pub fn SSL_SESSION_get_time(s: *const SSL_SESSION) -> c_long;
SSL_SESSION_get_timeout(s: *const SSL_SESSION) -> c_long990 pub fn SSL_SESSION_get_timeout(s: *const SSL_SESSION) -> c_long;
991 #[cfg(ossl110)]
SSL_SESSION_get_protocol_version(s: *const SSL_SESSION) -> c_int992 pub fn SSL_SESSION_get_protocol_version(s: *const SSL_SESSION) -> c_int;
993
994 #[cfg(ossl111)]
SSL_SESSION_set_max_early_data(ctx: *mut SSL_SESSION, max_early_data: u32) -> c_int995 pub fn SSL_SESSION_set_max_early_data(ctx: *mut SSL_SESSION, max_early_data: u32) -> c_int;
996 #[cfg(ossl111)]
SSL_SESSION_get_max_early_data(ctx: *const SSL_SESSION) -> u32997 pub fn SSL_SESSION_get_max_early_data(ctx: *const SSL_SESSION) -> u32;
998
SSL_SESSION_get_id(s: *const SSL_SESSION, len: *mut c_uint) -> *const c_uchar999 pub fn SSL_SESSION_get_id(s: *const SSL_SESSION, len: *mut c_uint) -> *const c_uchar;
1000 #[cfg(any(ossl110, libressl273))]
SSL_SESSION_up_ref(ses: *mut SSL_SESSION) -> c_int1001 pub fn SSL_SESSION_up_ref(ses: *mut SSL_SESSION) -> c_int;
SSL_SESSION_free(s: *mut SSL_SESSION)1002 pub fn SSL_SESSION_free(s: *mut SSL_SESSION);
1003 }
1004 const_ptr_api! {
1005 extern "C" {
1006 pub fn i2d_SSL_SESSION(s: #[const_ptr_if(ossl300)] SSL_SESSION, pp: *mut *mut c_uchar) -> c_int;
1007 }
1008 }
1009 extern "C" {
SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int1010 pub fn SSL_set_session(ssl: *mut SSL, session: *mut SSL_SESSION) -> c_int;
SSL_CTX_add_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int1011 pub fn SSL_CTX_add_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int;
SSL_CTX_remove_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int1012 pub fn SSL_CTX_remove_session(ctx: *mut SSL_CTX, session: *mut SSL_SESSION) -> c_int;
d2i_SSL_SESSION( a: *mut *mut SSL_SESSION, pp: *mut *const c_uchar, len: c_long, ) -> *mut SSL_SESSION1013 pub fn d2i_SSL_SESSION(
1014 a: *mut *mut SSL_SESSION,
1015 pp: *mut *const c_uchar,
1016 len: c_long,
1017 ) -> *mut SSL_SESSION;
1018
1019 #[cfg(not(ossl300))]
SSL_get_peer_certificate(ssl: *const SSL) -> *mut X5091020 pub fn SSL_get_peer_certificate(ssl: *const SSL) -> *mut X509;
1021 #[cfg(ossl300)]
SSL_get1_peer_certificate(ssl: *const SSL) -> *mut X5091022 pub fn SSL_get1_peer_certificate(ssl: *const SSL) -> *mut X509;
1023
SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X5091024 pub fn SSL_get_peer_cert_chain(ssl: *const SSL) -> *mut stack_st_X509;
1025
SSL_CTX_set_verify( ctx: *mut SSL_CTX, mode: c_int, verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>, )1026 pub fn SSL_CTX_set_verify(
1027 ctx: *mut SSL_CTX,
1028 mode: c_int,
1029 verify_callback: Option<extern "C" fn(c_int, *mut X509_STORE_CTX) -> c_int>,
1030 );
SSL_CTX_set_verify_depth(ctx: *mut SSL_CTX, depth: c_int)1031 pub fn SSL_CTX_set_verify_depth(ctx: *mut SSL_CTX, depth: c_int);
1032
1033 #[cfg(ossl111)]
SSL_CTX_set_post_handshake_auth(ctx: *mut SSL_CTX, val: c_int)1034 pub fn SSL_CTX_set_post_handshake_auth(ctx: *mut SSL_CTX, val: c_int);
1035
SSL_CTX_check_private_key(ctx: *const SSL_CTX) -> c_int1036 pub fn SSL_CTX_check_private_key(ctx: *const SSL_CTX) -> c_int;
1037
SSL_CTX_set_session_id_context( ssl: *mut SSL_CTX, sid_ctx: *const c_uchar, sid_ctx_len: c_uint, ) -> c_int1038 pub fn SSL_CTX_set_session_id_context(
1039 ssl: *mut SSL_CTX,
1040 sid_ctx: *const c_uchar,
1041 sid_ctx_len: c_uint,
1042 ) -> c_int;
1043
SSL_new(ctx: *mut SSL_CTX) -> *mut SSL1044 pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL;
1045
1046 #[cfg(any(ossl102, libressl261))]
SSL_CTX_get0_param(ctx: *mut SSL_CTX) -> *mut X509_VERIFY_PARAM1047 pub fn SSL_CTX_get0_param(ctx: *mut SSL_CTX) -> *mut X509_VERIFY_PARAM;
1048
1049 #[cfg(any(ossl102, libressl261))]
SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM1050 pub fn SSL_get0_param(ssl: *mut SSL) -> *mut X509_VERIFY_PARAM;
1051 }
1052
1053 #[cfg(ossl111)]
1054 pub const SSL_CLIENT_HELLO_SUCCESS: c_int = 1;
1055 #[cfg(ossl111)]
1056 pub const SSL_CLIENT_HELLO_ERROR: c_int = 0;
1057 #[cfg(ossl111)]
1058 pub const SSL_CLIENT_HELLO_RETRY: c_int = -1;
1059
1060 #[cfg(ossl111)]
1061 pub type SSL_client_hello_cb_fn =
1062 Option<unsafe extern "C" fn(s: *mut SSL, al: *mut c_int, arg: *mut c_void) -> c_int>;
1063 extern "C" {
1064 #[cfg(ossl111)]
SSL_CTX_set_client_hello_cb( c: *mut SSL_CTX, cb: SSL_client_hello_cb_fn, arg: *mut c_void, )1065 pub fn SSL_CTX_set_client_hello_cb(
1066 c: *mut SSL_CTX,
1067 cb: SSL_client_hello_cb_fn,
1068 arg: *mut c_void,
1069 );
1070 #[cfg(ossl111)]
SSL_client_hello_isv2(s: *mut SSL) -> c_int1071 pub fn SSL_client_hello_isv2(s: *mut SSL) -> c_int;
1072 #[cfg(ossl111)]
SSL_client_hello_get0_legacy_version(s: *mut SSL) -> c_uint1073 pub fn SSL_client_hello_get0_legacy_version(s: *mut SSL) -> c_uint;
1074 #[cfg(ossl111)]
SSL_client_hello_get0_random(s: *mut SSL, out: *mut *const c_uchar) -> size_t1075 pub fn SSL_client_hello_get0_random(s: *mut SSL, out: *mut *const c_uchar) -> size_t;
1076 #[cfg(ossl111)]
SSL_client_hello_get0_session_id(s: *mut SSL, out: *mut *const c_uchar) -> size_t1077 pub fn SSL_client_hello_get0_session_id(s: *mut SSL, out: *mut *const c_uchar) -> size_t;
1078 #[cfg(ossl111)]
SSL_client_hello_get0_ciphers(s: *mut SSL, out: *mut *const c_uchar) -> size_t1079 pub fn SSL_client_hello_get0_ciphers(s: *mut SSL, out: *mut *const c_uchar) -> size_t;
1080 #[cfg(ossl111)]
SSL_client_hello_get0_compression_methods( s: *mut SSL, out: *mut *const c_uchar, ) -> size_t1081 pub fn SSL_client_hello_get0_compression_methods(
1082 s: *mut SSL,
1083 out: *mut *const c_uchar,
1084 ) -> size_t;
1085 #[cfg(ossl111)]
SSL_client_hello_get1_extensions_present( s: *mut SSL, out: *mut *mut c_int, outlen: *mut size_t, ) -> c_int1086 pub fn SSL_client_hello_get1_extensions_present(
1087 s: *mut SSL,
1088 out: *mut *mut c_int,
1089 outlen: *mut size_t,
1090 ) -> c_int;
1091 #[cfg(ossl111)]
SSL_client_hello_get0_ext( s: *mut SSL, type_: c_uint, out: *mut *const c_uchar, outlen: *mut size_t, ) -> c_int1092 pub fn SSL_client_hello_get0_ext(
1093 s: *mut SSL,
1094 type_: c_uint,
1095 out: *mut *const c_uchar,
1096 outlen: *mut size_t,
1097 ) -> c_int;
1098
SSL_free(ssl: *mut SSL)1099 pub fn SSL_free(ssl: *mut SSL);
SSL_accept(ssl: *mut SSL) -> c_int1100 pub fn SSL_accept(ssl: *mut SSL) -> c_int;
1101 #[cfg(ossl111)]
SSL_stateless(s: *mut SSL) -> c_int1102 pub fn SSL_stateless(s: *mut SSL) -> c_int;
SSL_connect(ssl: *mut SSL) -> c_int1103 pub fn SSL_connect(ssl: *mut SSL) -> c_int;
SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int1104 pub fn SSL_read(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int;
SSL_peek(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int1105 pub fn SSL_peek(ssl: *mut SSL, buf: *mut c_void, num: c_int) -> c_int;
1106 #[cfg(ossl111)]
SSL_read_early_data( s: *mut ::SSL, buf: *mut c_void, num: size_t, readbytes: *mut size_t, ) -> c_int1107 pub fn SSL_read_early_data(
1108 s: *mut ::SSL,
1109 buf: *mut c_void,
1110 num: size_t,
1111 readbytes: *mut size_t,
1112 ) -> c_int;
1113 }
1114
1115 #[cfg(ossl111)]
1116 pub const SSL_READ_EARLY_DATA_ERROR: c_int = 0;
1117 #[cfg(ossl111)]
1118 pub const SSL_READ_EARLY_DATA_SUCCESS: c_int = 1;
1119 #[cfg(ossl111)]
1120 pub const SSL_READ_EARLY_DATA_FINISH: c_int = 2;
1121
1122 extern "C" {
SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int1123 pub fn SSL_write(ssl: *mut SSL, buf: *const c_void, num: c_int) -> c_int;
1124 #[cfg(ossl111)]
SSL_write_early_data( s: *mut SSL, buf: *const c_void, num: size_t, written: *mut size_t, ) -> c_int1125 pub fn SSL_write_early_data(
1126 s: *mut SSL,
1127 buf: *const c_void,
1128 num: size_t,
1129 written: *mut size_t,
1130 ) -> c_int;
SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long1131 pub fn SSL_ctrl(ssl: *mut SSL, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
SSL_CTX_ctrl(ctx: *mut SSL_CTX, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long1132 pub fn SSL_CTX_ctrl(ctx: *mut SSL_CTX, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
SSL_CTX_callback_ctrl( ctx: *mut SSL_CTX, cmd: c_int, fp: Option<extern "C" fn()>, ) -> c_long1133 pub fn SSL_CTX_callback_ctrl(
1134 ctx: *mut SSL_CTX,
1135 cmd: c_int,
1136 fp: Option<extern "C" fn()>,
1137 ) -> c_long;
1138 }
1139
1140 cfg_if! {
1141 if #[cfg(any(ossl110, libressl291))] {
1142 extern "C" {
1143 pub fn TLS_method() -> *const SSL_METHOD;
1144
1145 pub fn DTLS_method() -> *const SSL_METHOD;
1146
1147 pub fn TLS_server_method() -> *const SSL_METHOD;
1148
1149 pub fn TLS_client_method() -> *const SSL_METHOD;
1150 }
1151 } else {
1152 extern "C" {
1153 #[cfg(not(osslconf = "OPENSSL_NO_SSL3_METHOD"))]
1154 pub fn SSLv3_method() -> *const SSL_METHOD;
1155
1156 pub fn SSLv23_method() -> *const SSL_METHOD;
1157
1158 pub fn SSLv23_client_method() -> *const SSL_METHOD;
1159
1160 pub fn SSLv23_server_method() -> *const SSL_METHOD;
1161
1162 pub fn TLSv1_method() -> *const SSL_METHOD;
1163
1164 pub fn TLSv1_1_method() -> *const SSL_METHOD;
1165
1166 pub fn TLSv1_2_method() -> *const SSL_METHOD;
1167
1168 pub fn DTLSv1_method() -> *const SSL_METHOD;
1169
1170 #[cfg(ossl102)]
1171 pub fn DTLSv1_2_method() -> *const SSL_METHOD;
1172 }
1173 }
1174 }
1175
1176 extern "C" {
SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int1177 pub fn SSL_get_error(ssl: *const SSL, ret: c_int) -> c_int;
SSL_get_version(ssl: *const SSL) -> *const c_char1178 pub fn SSL_get_version(ssl: *const SSL) -> *const c_char;
1179
SSL_do_handshake(ssl: *mut SSL) -> c_int1180 pub fn SSL_do_handshake(ssl: *mut SSL) -> c_int;
SSL_shutdown(ssl: *mut SSL) -> c_int1181 pub fn SSL_shutdown(ssl: *mut SSL) -> c_int;
1182
SSL_CTX_set_client_CA_list(ctx: *mut SSL_CTX, list: *mut stack_st_X509_NAME)1183 pub fn SSL_CTX_set_client_CA_list(ctx: *mut SSL_CTX, list: *mut stack_st_X509_NAME);
1184
1185 #[cfg(not(libressl))]
SSL_CTX_add_client_CA(ctx: *mut SSL_CTX, cacert: *mut X509) -> c_int1186 pub fn SSL_CTX_add_client_CA(ctx: *mut SSL_CTX, cacert: *mut X509) -> c_int;
1187
SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int1188 pub fn SSL_CTX_set_default_verify_paths(ctx: *mut SSL_CTX) -> c_int;
SSL_CTX_load_verify_locations( ctx: *mut SSL_CTX, CAfile: *const c_char, CApath: *const c_char, ) -> c_int1189 pub fn SSL_CTX_load_verify_locations(
1190 ctx: *mut SSL_CTX,
1191 CAfile: *const c_char,
1192 CApath: *const c_char,
1193 ) -> c_int;
1194 }
1195
1196 const_ptr_api! {
1197 extern "C" {
1198 pub fn SSL_get_ssl_method(ssl: #[const_ptr_if(ossl111b)] SSL) -> *const SSL_METHOD;
1199 }
1200 }
1201
1202 extern "C" {
SSL_set_connect_state(s: *mut SSL)1203 pub fn SSL_set_connect_state(s: *mut SSL);
SSL_set_accept_state(s: *mut SSL)1204 pub fn SSL_set_accept_state(s: *mut SSL);
1205
1206 #[cfg(not(ossl110))]
SSL_library_init() -> c_int1207 pub fn SSL_library_init() -> c_int;
1208
SSL_CIPHER_description( cipher: *const SSL_CIPHER, buf: *mut c_char, size: c_int, ) -> *mut c_char1209 pub fn SSL_CIPHER_description(
1210 cipher: *const SSL_CIPHER,
1211 buf: *mut c_char,
1212 size: c_int,
1213 ) -> *mut c_char;
1214
SSL_get_certificate(ssl: *const SSL) -> *mut X5091215 pub fn SSL_get_certificate(ssl: *const SSL) -> *mut X509;
1216 }
1217 const_ptr_api! {
1218 extern "C" {
1219 pub fn SSL_get_privatekey(ssl: #[const_ptr_if(any(ossl102, libressl280))] SSL) -> *mut EVP_PKEY;
1220 }
1221 }
1222
1223 extern "C" {
1224 #[cfg(ossl102)]
SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X5091225 pub fn SSL_CTX_get0_certificate(ctx: *const SSL_CTX) -> *mut X509;
1226 #[cfg(ossl102)]
SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY1227 pub fn SSL_CTX_get0_privatekey(ctx: *const SSL_CTX) -> *mut EVP_PKEY;
1228
SSL_set_shutdown(ss: *mut SSL, mode: c_int)1229 pub fn SSL_set_shutdown(ss: *mut SSL, mode: c_int);
SSL_get_shutdown(ssl: *const SSL) -> c_int1230 pub fn SSL_get_shutdown(ssl: *const SSL) -> c_int;
SSL_version(ssl: *const SSL) -> c_int1231 pub fn SSL_version(ssl: *const SSL) -> c_int;
SSL_get_session(s: *const SSL) -> *mut SSL_SESSION1232 pub fn SSL_get_session(s: *const SSL) -> *mut SSL_SESSION;
SSL_get_SSL_CTX(ssl: *const SSL) -> *mut SSL_CTX1233 pub fn SSL_get_SSL_CTX(ssl: *const SSL) -> *mut SSL_CTX;
SSL_set_SSL_CTX(ssl: *mut SSL, ctx: *mut SSL_CTX) -> *mut SSL_CTX1234 pub fn SSL_set_SSL_CTX(ssl: *mut SSL, ctx: *mut SSL_CTX) -> *mut SSL_CTX;
1235
SSL_get_verify_result(ssl: *const SSL) -> c_long1236 pub fn SSL_get_verify_result(ssl: *const SSL) -> c_long;
1237 #[cfg(ossl110)]
SSL_get0_verified_chain(ssl: *const SSL) -> *mut stack_st_X5091238 pub fn SSL_get0_verified_chain(ssl: *const SSL) -> *mut stack_st_X509;
1239
1240 #[cfg(ossl110)]
SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t1241 pub fn SSL_get_client_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
1242 #[cfg(ossl110)]
SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t1243 pub fn SSL_get_server_random(ssl: *const SSL, out: *mut c_uchar, len: size_t) -> size_t;
1244 #[cfg(any(ossl110, libressl273))]
SSL_SESSION_get_master_key( session: *const SSL_SESSION, out: *mut c_uchar, outlen: size_t, ) -> size_t1245 pub fn SSL_SESSION_get_master_key(
1246 session: *const SSL_SESSION,
1247 out: *mut c_uchar,
1248 outlen: size_t,
1249 ) -> size_t;
1250 }
1251
1252 cfg_if! {
1253 if #[cfg(ossl110)] {
1254 pub unsafe fn SSL_get_ex_new_index(
1255 l: c_long,
1256 p: *mut c_void,
1257 newf: Option<CRYPTO_EX_new>,
1258 dupf: Option<CRYPTO_EX_dup>,
1259 freef: Option<CRYPTO_EX_free>,
1260 ) -> c_int {
1261 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
1262 }
1263 } else {
1264 extern "C" {
1265 pub fn SSL_get_ex_new_index(
1266 argl: c_long,
1267 argp: *mut c_void,
1268 new_func: Option<CRYPTO_EX_new>,
1269 dup_func: Option<CRYPTO_EX_dup>,
1270 free_func: Option<CRYPTO_EX_free>,
1271 ) -> c_int;
1272 }
1273 }
1274 }
1275 extern "C" {
SSL_set_ex_data(ssl: *mut SSL, idx: c_int, data: *mut c_void) -> c_int1276 pub fn SSL_set_ex_data(ssl: *mut SSL, idx: c_int, data: *mut c_void) -> c_int;
SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void1277 pub fn SSL_get_ex_data(ssl: *const SSL, idx: c_int) -> *mut c_void;
1278 }
1279 cfg_if! {
1280 if #[cfg(ossl110)] {
1281 pub unsafe fn SSL_CTX_get_ex_new_index(
1282 l: c_long,
1283 p: *mut c_void,
1284 newf: Option<CRYPTO_EX_new>,
1285 dupf: Option<CRYPTO_EX_dup>,
1286 freef: Option<CRYPTO_EX_free>,
1287 ) -> c_int {
1288 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
1289 }
1290 } else {
1291 extern "C" {
1292 pub fn SSL_CTX_get_ex_new_index(
1293 argl: c_long,
1294 argp: *mut c_void,
1295 new_func: Option<::CRYPTO_EX_new>,
1296 dup_func: Option<::CRYPTO_EX_dup>,
1297 free_func: Option<::CRYPTO_EX_free>,
1298 ) -> c_int;
1299 }
1300 }
1301 }
1302 extern "C" {
SSL_CTX_set_ex_data(ctx: *mut SSL_CTX, idx: c_int, data: *mut c_void) -> c_int1303 pub fn SSL_CTX_set_ex_data(ctx: *mut SSL_CTX, idx: c_int, data: *mut c_void) -> c_int;
SSL_CTX_get_ex_data(ctx: *const SSL_CTX, idx: c_int) -> *mut c_void1304 pub fn SSL_CTX_get_ex_data(ctx: *const SSL_CTX, idx: c_int) -> *mut c_void;
1305
SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int1306 pub fn SSL_get_ex_data_X509_STORE_CTX_idx() -> c_int;
1307 }
1308
SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long1309 pub unsafe fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long {
1310 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, ptr::null_mut())
1311 }
1312
SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long1313 pub unsafe fn SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long {
1314 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, ptr::null_mut())
1315 }
1316
SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long1317 pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long {
1318 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut())
1319 }
1320
SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long1321 pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long {
1322 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut())
1323 }
1324
1325 extern "C" {
1326 // FIXME should take an option
SSL_CTX_set_tmp_dh_callback( ctx: *mut SSL_CTX, dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH, )1327 pub fn SSL_CTX_set_tmp_dh_callback(
1328 ctx: *mut SSL_CTX,
1329 dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
1330 );
1331 // FIXME should take an option
SSL_set_tmp_dh_callback( ctx: *mut SSL, dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH, )1332 pub fn SSL_set_tmp_dh_callback(
1333 ctx: *mut SSL,
1334 dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
1335 );
1336 // FIXME should take an option
1337 #[cfg(not(ossl110))]
SSL_CTX_set_tmp_ecdh_callback( ctx: *mut ::SSL_CTX, ecdh: unsafe extern "C" fn( ssl: *mut ::SSL, is_export: c_int, keylength: c_int, ) -> *mut ::EC_KEY, )1338 pub fn SSL_CTX_set_tmp_ecdh_callback(
1339 ctx: *mut ::SSL_CTX,
1340 ecdh: unsafe extern "C" fn(
1341 ssl: *mut ::SSL,
1342 is_export: c_int,
1343 keylength: c_int,
1344 ) -> *mut ::EC_KEY,
1345 );
1346 // FIXME should take an option
1347 #[cfg(not(ossl110))]
SSL_set_tmp_ecdh_callback( ssl: *mut SSL, ecdh: unsafe extern "C" fn( ssl: *mut SSL, is_export: c_int, keylength: c_int, ) -> *mut EC_KEY, )1348 pub fn SSL_set_tmp_ecdh_callback(
1349 ssl: *mut SSL,
1350 ecdh: unsafe extern "C" fn(
1351 ssl: *mut SSL,
1352 is_export: c_int,
1353 keylength: c_int,
1354 ) -> *mut EC_KEY,
1355 );
1356 }
1357
1358 cfg_if! {
1359 if #[cfg(libressl)] {
1360 extern "C" {
1361 pub fn SSL_get_current_compression(ssl: *mut SSL) -> *const libc::c_void;
1362 }
1363 } else if #[cfg(not(osslconf = "OPENSSL_NO_COMP"))] {
1364 const_ptr_api! {
1365 extern "C" {
1366 pub fn SSL_get_current_compression(ssl: #[const_ptr_if(ossl111b)] SSL) -> *const COMP_METHOD;
1367 }
1368 }
1369 }
1370 }
1371 cfg_if! {
1372 if #[cfg(libressl)] {
1373 extern "C" {
1374 pub fn SSL_COMP_get_name(comp: *const libc::c_void) -> *const c_char;
1375 }
1376 } else if #[cfg(not(osslconf = "OPENSSL_NO_COMP"))] {
1377 extern "C" {
1378 pub fn SSL_COMP_get_name(comp: *const COMP_METHOD) -> *const c_char;
1379 }
1380 }
1381 }
1382
1383 #[cfg(not(osslconf = "OPENSSL_NO_COMP"))]
1384 extern "C" {
1385 #[cfg(ossl110)]
COMP_get_type(meth: *const COMP_METHOD) -> i321386 pub fn COMP_get_type(meth: *const COMP_METHOD) -> i32;
1387 }
1388
1389 extern "C" {
1390 #[cfg(ossl110)]
SSL_CIPHER_get_cipher_nid(c: *const SSL_CIPHER) -> c_int1391 pub fn SSL_CIPHER_get_cipher_nid(c: *const SSL_CIPHER) -> c_int;
1392 #[cfg(ossl110)]
SSL_CIPHER_get_digest_nid(c: *const SSL_CIPHER) -> c_int1393 pub fn SSL_CIPHER_get_digest_nid(c: *const SSL_CIPHER) -> c_int;
1394 }
1395
1396 cfg_if! {
1397 if #[cfg(ossl110)] {
1398 const_ptr_api! {
1399 extern "C" {
1400 pub fn SSL_session_reused(ssl: #[const_ptr_if(ossl111c)] SSL) -> c_int;
1401 }
1402 }
1403 } else {
1404 pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int {
1405 SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int
1406 }
1407 }
1408 }
1409 const_ptr_api! {
1410 extern "C" {
1411 #[cfg(any(ossl102, libressl273))]
1412 pub fn SSL_is_server(s: #[const_ptr_if(any(ossl110f, libressl273))] SSL) -> c_int;
1413 }
1414 }
1415
1416 #[cfg(ossl110)]
1417 pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = 0x00200000;
1418 #[cfg(ossl111b)]
1419 pub const OPENSSL_INIT_NO_ATEXIT: u64 = 0x00080000;
1420
1421 extern "C" {
1422 #[cfg(ossl110)]
OPENSSL_init_ssl(opts: u64, settings: *const OPENSSL_INIT_SETTINGS) -> c_int1423 pub fn OPENSSL_init_ssl(opts: u64, settings: *const OPENSSL_INIT_SETTINGS) -> c_int;
1424 }
1425