1use libc::*;
2use std::ptr;
3
4use super::*;
5
6#[cfg(not(ossl110))]
7pub const SSL_MAX_KRB5_PRINCIPAL_LENGTH: c_int = 256;
8
9#[cfg(not(ossl110))]
10pub const SSL_MAX_SSL_SESSION_ID_LENGTH: c_int = 32;
11#[cfg(not(ossl110))]
12pub const SSL_MAX_SID_CTX_LENGTH: c_int = 32;
13
14#[cfg(not(ossl110))]
15pub const SSL_MAX_KEY_ARG_LENGTH: c_int = 8;
16#[cfg(not(ossl110))]
17pub const SSL_MAX_MASTER_KEY_LENGTH: c_int = 48;
18
19pub const SSL_SENT_SHUTDOWN: c_int = 1;
20pub const SSL_RECEIVED_SHUTDOWN: c_int = 2;
21
22pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
23pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
24
25#[cfg(ossl111)]
26pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001;
27#[cfg(ossl111)]
29pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002;
30#[cfg(ossl111)]
32pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004;
33#[cfg(ossl111)]
35pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008;
36#[cfg(ossl111)]
38pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010;
39#[cfg(ossl111)]
41pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020;
42#[cfg(ossl111)]
44pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040;
45#[cfg(ossl111)]
46pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080;
47#[cfg(ossl111)]
49pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100;
50#[cfg(ossl111)]
51pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200;
52#[cfg(ossl111)]
53pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400;
54#[cfg(ossl111)]
55pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800;
56#[cfg(ossl111)]
57pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000;
58#[cfg(ossl111)]
59pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000;
60#[cfg(ossl111)]
61pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000;
62
63cfg_if! {
64 if #[cfg(ossl300)] {
65 macro_rules! ssl_op_type {
66 () => {u64};
67 }
68 } else {
69 macro_rules! ssl_op_type {
70 () => {c_ulong};
71 }
72 }
73}
74
75pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004;
76cfg_if! {
77 if #[cfg(libressl)] {
78 pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0;
79 } else {
80 pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x10;
81 }
82}
83#[cfg(ossl110)]
84pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: ssl_op_type!() = 0x00000040;
85#[cfg(ossl300)]
86pub const SSL_OP_IGNORE_UNEXPECTED_EOF: ssl_op_type!() = 0x00000080;
87
88pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000800;
89
90pub const SSL_OP_NO_QUERY_MTU: ssl_op_type!() = 0x00001000;
91pub const SSL_OP_COOKIE_EXCHANGE: ssl_op_type!() = 0x00002000;
92pub const SSL_OP_NO_TICKET: ssl_op_type!() = 0x00004000;
93cfg_if! {
94 if #[cfg(ossl110)] {
95 pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x00008000;
96 } else {
97 pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x0;
98 }
99}
100
101pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: ssl_op_type!() = 0x00010000;
102cfg_if! {
103 if #[cfg(ossl110)] {
104 pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x00020000;
105 pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x00040000;
106 } else {
107 pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x0;
108 pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x0;
109 }
110}
111
112#[cfg(ossl111)]
113pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: ssl_op_type!() = 0x00100000;
114#[cfg(ossl111)]
115pub const SSL_OP_PRIORITIZE_CHACHA: ssl_op_type!() = 0x00200000;
116
117pub const SSL_OP_CIPHER_SERVER_PREFERENCE: ssl_op_type!() = 0x00400000;
118cfg_if! {
119 if #[cfg(libressl)] {
120 pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0;
121 } else {
122 pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0x00800000;
123 }
124}
125
126cfg_if! {
127 if #[cfg(ossl110)] {
128 pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x02000000;
129 } else {
130 pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x0;
131 }
132}
133pub const SSL_OP_NO_TLSv1_1: ssl_op_type!() = 0x10000000;
134pub const SSL_OP_NO_TLSv1_2: ssl_op_type!() = 0x08000000;
135
136pub const SSL_OP_NO_TLSv1: ssl_op_type!() = 0x04000000;
137cfg_if! {
138 if #[cfg(libressl)] {
139 pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x40000000;
140 pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x80000000;
141 } else {
142 pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x04000000;
143 pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x08000000;
144 }
145}
146#[cfg(any(ossl111, libressl))]
147pub const SSL_OP_NO_TLSv1_3: ssl_op_type!() = 0x20000000;
148
149#[cfg(ossl110h)]
150pub const SSL_OP_NO_RENEGOTIATION: ssl_op_type!() = 0x40000000;
151
152cfg_if! {
153 if #[cfg(ossl111)] {
154 pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2
155 | SSL_OP_NO_SSLv3
156 | SSL_OP_NO_TLSv1
157 | SSL_OP_NO_TLSv1_1
158 | SSL_OP_NO_TLSv1_2
159 | SSL_OP_NO_TLSv1_3;
160 } else if #[cfg(ossl110)] {
161 pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() =
162 SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
163 }
164}
165
166cfg_if! {
167 if #[cfg(libressl)] {
168 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x0;
169 } else {
170 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x80000000;
171 }
172}
173
174cfg_if! {
175 if #[cfg(ossl300)] {
176 pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
177 | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
178 | SSL_OP_TLSEXT_PADDING
179 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
180 } else if #[cfg(ossl110f)] {
181 pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
182 | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
183 | SSL_OP_LEGACY_SERVER_CONNECT
184 | SSL_OP_TLSEXT_PADDING
185 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
186 } else if #[cfg(libressl)] {
187 pub const SSL_OP_ALL: ssl_op_type!() = 0x4;
188 } else {
189 pub const SSL_OP_ALL: ssl_op_type!() = 0x80000BFF;
190 }
191}
192
193pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x0;
194pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x0;
195pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x0;
196pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x0;
197pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x0;
198pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x0;
199pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x0;
200pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x0;
201pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x0;
202cfg_if! {
203 if #[cfg(libressl)] {
204 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000;
205 } else {
206 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00000000;
207 }
208}
209
210pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1;
211pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2;
212pub const SSL_MODE_AUTO_RETRY: c_long = 0x4;
213pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8;
214pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10;
215#[cfg(ossl110)]
216pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20;
217#[cfg(ossl110)]
218pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40;
219#[cfg(ossl110)]
220pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80;
221#[cfg(ossl110)]
222pub const SSL_MODE_ASYNC: c_long = 0x100;
223
224pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long {
225 SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut())
226}
227pub unsafe fn SSL_CTX_clear_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long {
228 SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_MODE, op, ptr::null_mut())
229}
230pub unsafe fn SSL_CTX_get_mode(ctx: *mut SSL_CTX) -> c_long {
231 SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, 0, ptr::null_mut())
232}
233
234pub unsafe fn SSL_set_mode(ssl: *mut SSL, op: c_long) -> c_long {
235 SSL_ctrl(ssl, SSL_CTRL_MODE, op, ptr::null_mut())
236}
237pub unsafe fn SSL_clear_mode(ssl: *mut SSL, op: c_long) -> c_long {
238 SSL_ctrl(ssl, SSL_CTRL_CLEAR_MODE, op, ptr::null_mut())
239}
240pub unsafe fn SSL_get_mode(ssl: *mut SSL) -> c_long {
241 SSL_ctrl(ssl, SSL_CTRL_MODE, 0, ptr::null_mut())
242}
243
244#[cfg(ossl111)]
245pub const SSL_COOKIE_LENGTH: c_int = 4096;
246
247cfg_if! {
248 if #[cfg(libressl)] {
249 pub unsafe fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong {
250 SSL_CTX_ctrl(ctx as *mut _, SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
251 }
252
253 pub unsafe fn SSL_CTX_set_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
254 SSL_CTX_ctrl(
255 ctx as *mut _,
256 SSL_CTRL_OPTIONS,
257 op as c_long,
258 ptr::null_mut(),
259 ) as c_ulong
260 }
261
262 pub unsafe fn SSL_CTX_clear_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
263 SSL_CTX_ctrl(
264 ctx as *mut _,
265 SSL_CTRL_CLEAR_OPTIONS,
266 op as c_long,
267 ptr::null_mut(),
268 ) as c_ulong
269 }
270 }
271}
272
273pub unsafe fn SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long {
274 SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, ptr::null_mut())
275}
276
277#[cfg(ossl110)]
278pub unsafe fn SSL_get_extms_support(ssl: *mut SSL) -> c_long {
279 SSL_ctrl(ssl, SSL_CTRL_GET_EXTMS_SUPPORT, 0, ptr::null_mut())
280}
281
282pub const SSL_SESS_CACHE_OFF: c_long = 0x0;
283pub const SSL_SESS_CACHE_CLIENT: c_long = 0x1;
284pub const SSL_SESS_CACHE_SERVER: c_long = 0x2;
285pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER;
286pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80;
287pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100;
288pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200;
289pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
290 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
291
292pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0;
293pub const OPENSSL_NPN_NEGOTIATED: c_int = 1;
294pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2;
295
296pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;
297pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR;
298pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME;
299pub const SSL_AD_NO_APPLICATION_PROTOCOL: c_int = TLS1_AD_NO_APPLICATION_PROTOCOL;
300pub const SSL_ERROR_NONE: c_int = 0;
301pub const SSL_ERROR_SSL: c_int = 1;
302pub const SSL_ERROR_SYSCALL: c_int = 5;
303pub const SSL_ERROR_WANT_ACCEPT: c_int = 8;
304pub const SSL_ERROR_WANT_CONNECT: c_int = 7;
305#[cfg(ossl110)]
306pub const SSL_ERROR_WANT_ASYNC: c_int = 9;
307#[cfg(ossl110)]
308pub const SSL_ERROR_WANT_ASYNC_JOB: c_int = 10;
309pub const SSL_ERROR_WANT_READ: c_int = 2;
310pub const SSL_ERROR_WANT_WRITE: c_int = 3;
311pub const SSL_ERROR_WANT_X509_LOOKUP: c_int = 4;
312pub const SSL_ERROR_ZERO_RETURN: c_int = 6;
313#[cfg(ossl111)]
314pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11;
315pub const SSL_VERIFY_NONE: c_int = 0;
316pub const SSL_VERIFY_PEER: c_int = 1;
317pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
318#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
319pub const SSL_CTRL_SET_TMP_DH: c_int = 3;
320#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
321pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4;
322#[cfg(libressl)]
323pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8;
324pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
325pub const SSL_CTRL_SET_MTU: c_int = 17;
326#[cfg(libressl)]
327pub const SSL_CTRL_OPTIONS: c_int = 32;
328pub const SSL_CTRL_MODE: c_int = 33;
329pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
330pub const SSL_CTRL_SET_SESS_CACHE_SIZE: c_int = 42;
331pub const SSL_CTRL_GET_SESS_CACHE_SIZE: c_int = 43;
332pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44;
333pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53;
334pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
335pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
336pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: c_int = 63;
337pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: c_int = 64;
338pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65;
339pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70;
340pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71;
341pub const SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: c_int = 72;
342#[cfg(libressl)]
343pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
344pub const SSL_CTRL_CLEAR_MODE: c_int = 78;
345pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82;
346pub const SSL_CTRL_CHAIN_CERT: c_int = 89;
347#[cfg(any(ossl111, libressl))]
348pub const SSL_CTRL_SET_GROUPS_LIST: c_int = 92;
349#[cfg(libressl)]
350pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
351#[cfg(ossl110)]
352pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98;
353#[cfg(ossl110)]
354pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106;
355#[cfg(ossl300)]
356pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = 109;
357#[cfg(ossl110)]
358pub const SSL_CTRL_SET_DH_AUTO: c_int = 118;
359#[cfg(ossl110)]
360pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = 122;
361pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
362pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
363pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: c_int = 127;
364#[cfg(any(ossl110g, libressl))]
365pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
366#[cfg(any(ossl110g, libressl))]
367pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
368#[cfg(ossl300)]
369pub const SSL_CTRL_GET_TMP_KEY: c_int = 133;
370
371#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
372pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long {
373 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
374}
375
376#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
377pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long {
378 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
379}
380
381#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
382pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long {
383 SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
384}
385
386#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
387pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long {
388 SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
389}
390
391#[cfg(ossl110)]
392pub unsafe fn SSL_CTX_set_dh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_long {
393 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut())
394}
395
396#[cfg(ossl110)]
397pub unsafe fn SSL_set_dh_auto(ssl: *mut SSL, onoff: c_int) -> c_long {
398 SSL_ctrl(ssl, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut())
399}
400
401pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long {
402 SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void)
403}
404
405pub unsafe fn SSL_CTX_get_extra_chain_certs(
406 ctx: *mut SSL_CTX,
407 chain: *mut *mut stack_st_X509,
408) -> c_long {
409 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void)
410}
411
412#[cfg(ossl110)]
413pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long {
414 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
415}
416
417#[cfg(ossl110)]
418pub unsafe fn SSL_set0_verify_cert_store(ssl: *mut SSL, st: *mut X509_STORE) -> c_long {
419 SSL_ctrl(ssl, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
420}
421
422cfg_if! {
423 if #[cfg(ossl111)] {
424 pub unsafe fn SSL_set1_groups_list(ctx: *mut SSL, s: *const c_char) -> c_long {
425 SSL_ctrl(
426 ctx,
427 SSL_CTRL_SET_GROUPS_LIST,
428 0,
429 s as *const c_void as *mut c_void,
430 )
431 }
432 pub unsafe fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
433 SSL_CTX_ctrl(
434 ctx,
435 SSL_CTRL_SET_GROUPS_LIST,
436 0,
437 s as *const c_void as *mut c_void,
438 )
439 }
440 } else if #[cfg(libressl)] {
441 extern "C" {
442 pub fn SSL_set1_groups_list(ctx: *mut SSL, list: *const c_char) -> c_int;
443 pub fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_int;
444 }
445 }
446}
447
448pub unsafe fn SSL_add0_chain_cert(ssl: *mut SSL, ptr: *mut X509) -> c_long {
449 SSL_ctrl(ssl, SSL_CTRL_CHAIN_CERT, 0, ptr as *mut c_void)
450}
451
452#[cfg(ossl110)]
453pub unsafe fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
454 SSL_CTX_ctrl(
455 ctx,
456 SSL_CTRL_SET_SIGALGS_LIST,
457 0,
458 s as *const c_void as *mut c_void,
459 )
460}
461
462#[cfg(libressl)]
463pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
464 SSL_CTX_ctrl(
465 ctx,
466 SSL_CTRL_SET_ECDH_AUTO,
467 onoff as c_long,
468 ptr::null_mut(),
469 ) as c_int
470}
471
472#[cfg(libressl)]
473pub unsafe fn SSL_set_ecdh_auto(ssl: *mut SSL, onoff: c_int) -> c_int {
474 SSL_ctrl(
475 ssl,
476 SSL_CTRL_SET_ECDH_AUTO,
477 onoff as c_long,
478 ptr::null_mut(),
479 ) as c_int
480}
481
482cfg_if! {
483 if #[cfg(ossl110)] {
484 pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
485 SSL_CTX_ctrl(
486 ctx,
487 SSL_CTRL_SET_MIN_PROTO_VERSION,
488 version as c_long,
489 ptr::null_mut(),
490 ) as c_int
491 }
492
493 pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
494 SSL_CTX_ctrl(
495 ctx,
496 SSL_CTRL_SET_MAX_PROTO_VERSION,
497 version as c_long,
498 ptr::null_mut(),
499 ) as c_int
500 }
501
502 pub unsafe fn SSL_set_min_proto_version(s: *mut SSL, version: c_int) -> c_int {
503 SSL_ctrl(
504 s,
505 SSL_CTRL_SET_MIN_PROTO_VERSION,
506 version as c_long,
507 ptr::null_mut(),
508 ) as c_int
509 }
510
511 pub unsafe fn SSL_set_max_proto_version(s: *mut SSL, version: c_int) -> c_int {
512 SSL_ctrl(
513 s,
514 SSL_CTRL_SET_MAX_PROTO_VERSION,
515 version as c_long,
516 ptr::null_mut(),
517 ) as c_int
518 }
519 }
520}
521
522cfg_if! {
523 if #[cfg(ossl110g)] {
524 pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int {
525 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
526 }
527
528 pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int {
529 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
530 }
531 pub unsafe fn SSL_get_min_proto_version(s: *mut SSL) -> c_int {
532 SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
533 }
534 pub unsafe fn SSL_get_max_proto_version(s: *mut SSL) -> c_int {
535 SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
536 }
537 }
538}
539cfg_if! {
540 if #[cfg(ossl300)] {
541 pub unsafe fn SSL_get_peer_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
542 SSL_ctrl(ssl, SSL_CTRL_GET_PEER_TMP_KEY, 0, key as *mut c_void)
543 }
544
545 pub unsafe fn SSL_get_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
546 SSL_ctrl(ssl, SSL_CTRL_GET_TMP_KEY, 0, key as *mut c_void)
547 }
548 }
549}
550
551#[cfg(ossl111)]
552pub const SSL_CLIENT_HELLO_SUCCESS: c_int = 1;
553#[cfg(ossl111)]
554pub const SSL_CLIENT_HELLO_ERROR: c_int = 0;
555#[cfg(ossl111)]
556pub const SSL_CLIENT_HELLO_RETRY: c_int = -1;
557
558#[cfg(any(ossl111, libressl))]
559pub const SSL_READ_EARLY_DATA_ERROR: c_int = 0;
560#[cfg(any(ossl111, libressl))]
561pub const SSL_READ_EARLY_DATA_SUCCESS: c_int = 1;
562#[cfg(any(ossl111, libressl))]
563pub const SSL_READ_EARLY_DATA_FINISH: c_int = 2;
564
565cfg_if! {
566 if #[cfg(ossl110)] {
567 pub unsafe fn SSL_get_ex_new_index(
568 l: c_long,
569 p: *mut c_void,
570 newf: CRYPTO_EX_new,
571 dupf: CRYPTO_EX_dup,
572 freef: CRYPTO_EX_free,
573 ) -> c_int {
574 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
575 }
576
577 pub unsafe fn SSL_CTX_get_ex_new_index(
578 l: c_long,
579 p: *mut c_void,
580 newf: CRYPTO_EX_new,
581 dupf: CRYPTO_EX_dup,
582 freef: CRYPTO_EX_free,
583 ) -> c_int {
584 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
585 }
586 }
587}
588
589pub unsafe fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long {
590 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, ptr::null_mut())
591}
592
593pub unsafe fn SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long {
594 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, ptr::null_mut())
595}
596
597pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long {
598 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut())
599}
600
601pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long {
602 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut())
603}
604
605#[cfg(not(ossl110))]
606pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int {
607 SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int
608}
609
610#[cfg(ossl110)]
611pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = 0x00200000;
612#[cfg(ossl111b)]
613pub const OPENSSL_INIT_NO_ATEXIT: u64 = 0x00080000;
614
615#[cfg(ossl111)]
616pub const SSL_CT_VALIDATION_PERMISSIVE: c_int = 0;
617#[cfg(ossl111)]
618pub const SSL_CT_VALIDATION_STRICT: c_int = 1;
619
620cfg_if! {
621 if #[cfg(ossl330)] {
622 pub const SSL_VALUE_CLASS_GENERIC: c_uint = 0;
623 pub const SSL_VALUE_CLASS_FEATURE_REQUEST: c_uint = 1;
624 pub const SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: c_uint = 2;
625 pub const SSL_VALUE_CLASS_FEATURE_NEGOTIATED: c_uint = 3;
626
627 pub const SSL_VALUE_NONE: c_uint = 0;
628 pub const SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: c_uint = 1;
629 pub const SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: c_uint = 2;
630 pub const SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: c_uint = 3;
631 pub const SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: c_uint = 4;
632 pub const SSL_VALUE_QUIC_IDLE_TIMEOUT: c_uint = 5;
633 pub const SSL_VALUE_EVENT_HANDLING_MODE: c_uint = 6;
634 pub const SSL_VALUE_STREAM_WRITE_BUF_SIZE: c_uint = 7;
635 pub const SSL_VALUE_STREAM_WRITE_BUF_USED: c_uint = 8;
636 pub const SSL_VALUE_STREAM_WRITE_BUF_AVAIL: c_uint = 9;
637
638 pub const SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: c_uint = 0;
639 pub const SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: c_uint = 1;
640 pub const SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: c_uint = 2;
641
642 pub unsafe fn SSL_get_generic_value_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
643 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
644 }
645 pub unsafe fn SSL_set_generic_value_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
646 SSL_set_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
647 }
648 pub unsafe fn SSL_get_feature_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
649 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
650 }
651 pub unsafe fn SSL_set_feature_request_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
652 SSL_set_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
653 }
654 pub unsafe fn SSL_get_feature_peer_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
655 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, id, value)
656 }
657 pub unsafe fn SSL_get_feature_negotiated_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
658 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_NEGOTIATED, id, value)
659 }
660 pub unsafe fn SSL_get_quic_stream_bidi_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
661 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, value)
662 }
663 pub unsafe fn SSL_get_quic_stream_bidi_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
664 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, value)
665 }
666 pub unsafe fn SSL_get_quic_stream_uni_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
667 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, value)
668 }
669 pub unsafe fn SSL_get_quic_stream_uni_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
670 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, value)
671 }
672 pub unsafe fn SSL_get_event_handling_mode(ssl: *mut SSL, value: *mut u64) -> c_int {
673 SSL_get_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
674 }
675 pub unsafe fn SSL_set_event_handling_mode(ssl: *mut SSL, value: u64) -> c_int {
676 SSL_set_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
677 }
678 pub unsafe fn SSL_get_stream_write_buf_size(ssl: *mut SSL, value: *mut u64) -> c_int {
679 SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_SIZE, value)
680 }
681 pub unsafe fn SSL_get_stream_write_buf_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
682 SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_AVAIL, value)
683 }
684 pub unsafe fn SSL_get_stream_write_buf_used(ssl: *mut SSL, value: *mut u64) -> c_int {
685 SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_USED, value)
686 }
687 }
688}