aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/ssl/ssl.h
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-07-30 13:38:06 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-07-30 13:38:06 +0000
commit4f20a5a274060dda2bff055829db303415e2dd57 (patch)
treef3c141823975717e132c7687cf833f6378cc87d4 /crypto/openssl/ssl/ssl.h
parentc1803d783676ddc1f7655e0a58c00f35ec8c4f45 (diff)
downloadsrc-4f20a5a274060dda2bff055829db303415e2dd57.tar.gz
src-4f20a5a274060dda2bff055829db303415e2dd57.zip
Import of OpenSSL 0.9.6e.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=100936
Diffstat (limited to 'crypto/openssl/ssl/ssl.h')
-rw-r--r--crypto/openssl/ssl/ssl.h22
1 files changed, 18 insertions, 4 deletions
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
index a63854533b0e..e0c0be727ae1 100644
--- a/crypto/openssl/ssl/ssl.h
+++ b/crypto/openssl/ssl/ssl.h
@@ -350,6 +350,7 @@ typedef struct ssl_session_st
struct ssl_session_st *prev,*next;
} SSL_SESSION;
+
#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
@@ -361,11 +362,25 @@ typedef struct ssl_session_st
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
#define SSL_OP_TLS_ROLLBACK_BUG 0x00000400L
+/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
+ * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
+ * the workaround is not needed. Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include
+ * it in SSL_OP_ALL. */
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
+
+/* SSL_OP_ALL: various bug workarounds that should be rather harmless */
+#define SSL_OP_ALL 0x000FFFFFL
+
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
/* Set to also use the tmp_rsa key when doing RSA operations. */
#define SSL_OP_EPHEMERAL_RSA 0x00200000L
+#define SSL_OP_NO_SSLv2 0x01000000L
+#define SSL_OP_NO_SSLv3 0x02000000L
+#define SSL_OP_NO_TLSv1 0x04000000L
+
/* The next flag deliberately changes the ciphertest, this is a check
* for the PKCS#1 attack */
#define SSL_OP_PKCS1_CHECK_1 0x08000000L
@@ -374,11 +389,7 @@ typedef struct ssl_session_st
/* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
#define SSL_OP_NON_EXPORT_FIRST 0x40000000L
#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L
-#define SSL_OP_ALL 0x000FFFFFL
-#define SSL_OP_NO_SSLv2 0x01000000L
-#define SSL_OP_NO_SSLv3 0x02000000L
-#define SSL_OP_NO_TLSv1 0x04000000L
/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
* when just a single record has been written): */
@@ -392,6 +403,7 @@ typedef struct ssl_session_st
* is blocking: */
#define SSL_MODE_AUTO_RETRY 0x00000004L
+
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
* they cannot be used to clear bits. */
@@ -1478,6 +1490,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_INVALID_COMMAND 280
#define SSL_R_INVALID_PURPOSE 278
#define SSL_R_INVALID_TRUST 279
+#define SSL_R_KEY_ARG_TOO_LONG 1112
#define SSL_R_LENGTH_MISMATCH 159
#define SSL_R_LENGTH_TOO_SHORT 160
#define SSL_R_LIBRARY_BUG 274
@@ -1546,6 +1559,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_SHORT_READ 219
#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 1113
#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020