1use std::ffi::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void};
2use std::ptr;
3
4use super::*;
5
6#[cfg(not(ossl110))]
7pub const SSL_MAX_KRB5_PRINCIPAL_LENGTH: c_int = 256;
8
9#[cfg(not(ossl110))]
10pub const SSL_MAX_SSL_SESSION_ID_LENGTH: c_int = 32;
11#[cfg(not(ossl110))]
12pub const SSL_MAX_SID_CTX_LENGTH: c_int = 32;
13
14#[cfg(not(ossl110))]
15pub const SSL_MAX_KEY_ARG_LENGTH: c_int = 8;
16#[cfg(not(ossl110))]
17pub const SSL_MAX_MASTER_KEY_LENGTH: c_int = 48;
18
19pub const SSL_SENT_SHUTDOWN: c_int = 1;
20pub const SSL_RECEIVED_SHUTDOWN: c_int = 2;
21
22pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
23pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
24
25#[cfg(ossl111)]
26pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001;
27#[cfg(ossl111)]
29pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002;
30#[cfg(ossl111)]
32pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004;
33#[cfg(ossl111)]
35pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008;
36#[cfg(ossl111)]
38pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010;
39#[cfg(ossl111)]
41pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020;
42#[cfg(ossl111)]
44pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040;
45#[cfg(ossl111)]
46pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080;
47#[cfg(ossl111)]
49pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100;
50#[cfg(ossl111)]
51pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200;
52#[cfg(ossl111)]
53pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400;
54#[cfg(ossl111)]
55pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800;
56#[cfg(ossl111)]
57pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000;
58#[cfg(ossl111)]
59pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000;
60#[cfg(ossl111)]
61pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000;
62
63cfg_if! {
64 if #[cfg(ossl300)] {
65 macro_rules! ssl_op_type {
66 () => {u64};
67 }
68 } else {
69 macro_rules! ssl_op_type {
70 () => {c_ulong};
71 }
72 }
73}
74
75pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004;
76cfg_if! {
77 if #[cfg(libressl)] {
78 pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0;
79 } else {
80 pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x10;
81 }
82}
83#[cfg(ossl110)]
84pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: ssl_op_type!() = 0x00000040;
85#[cfg(ossl300)]
86pub const SSL_OP_IGNORE_UNEXPECTED_EOF: ssl_op_type!() = 0x00000080;
87
88#[cfg(not(libressl430))]
89pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000800;
90#[cfg(libressl430)]
91pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000000;
92
93pub const SSL_OP_NO_QUERY_MTU: ssl_op_type!() = 0x00001000;
94pub const SSL_OP_COOKIE_EXCHANGE: ssl_op_type!() = 0x00002000;
95pub const SSL_OP_NO_TICKET: ssl_op_type!() = 0x00004000;
96cfg_if! {
97 if #[cfg(ossl110)] {
98 pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x00008000;
99 } else {
100 pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x0;
101 }
102}
103
104pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: ssl_op_type!() = 0x00010000;
105cfg_if! {
106 if #[cfg(ossl110)] {
107 pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x00020000;
108 pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x00040000;
109 } else {
110 pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x0;
111 pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x0;
112 }
113}
114
115#[cfg(ossl111)]
116pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: ssl_op_type!() = 0x00100000;
117#[cfg(ossl111)]
118pub const SSL_OP_PRIORITIZE_CHACHA: ssl_op_type!() = 0x00200000;
119
120pub const SSL_OP_CIPHER_SERVER_PREFERENCE: ssl_op_type!() = 0x00400000;
121cfg_if! {
122 if #[cfg(libressl)] {
123 pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0;
124 } else {
125 pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0x00800000;
126 }
127}
128
129cfg_if! {
130 if #[cfg(ossl110)] {
131 pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x02000000;
132 } else {
133 pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x0;
134 }
135}
136pub const SSL_OP_NO_TLSv1_1: ssl_op_type!() = 0x10000000;
137pub const SSL_OP_NO_TLSv1_2: ssl_op_type!() = 0x08000000;
138
139pub const SSL_OP_NO_TLSv1: ssl_op_type!() = 0x04000000;
140cfg_if! {
141 if #[cfg(libressl)] {
142 pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x40000000;
143 pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x80000000;
144 } else {
145 pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x04000000;
146 pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x08000000;
147 }
148}
149#[cfg(any(ossl111, libressl))]
150pub const SSL_OP_NO_TLSv1_3: ssl_op_type!() = 0x20000000;
151
152#[cfg(ossl110h)]
153pub const SSL_OP_NO_RENEGOTIATION: ssl_op_type!() = 0x40000000;
154
155cfg_if! {
156 if #[cfg(ossl111)] {
157 pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2
158 | SSL_OP_NO_SSLv3
159 | SSL_OP_NO_TLSv1
160 | SSL_OP_NO_TLSv1_1
161 | SSL_OP_NO_TLSv1_2
162 | SSL_OP_NO_TLSv1_3;
163 } else if #[cfg(ossl110)] {
164 pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() =
165 SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
166 }
167}
168
169cfg_if! {
170 if #[cfg(libressl)] {
171 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x0;
172 } else {
173 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x80000000;
174 }
175}
176
177cfg_if! {
178 if #[cfg(ossl300)] {
179 pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
180 | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
181 | SSL_OP_TLSEXT_PADDING
182 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
183 } else if #[cfg(ossl110f)] {
184 pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
185 | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
186 | SSL_OP_LEGACY_SERVER_CONNECT
187 | SSL_OP_TLSEXT_PADDING
188 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
189 } else if #[cfg(libressl)] {
190 pub const SSL_OP_ALL: ssl_op_type!() = 0x4;
191 } else {
192 pub const SSL_OP_ALL: ssl_op_type!() = 0x80000BFF;
193 }
194}
195
196pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x0;
197pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x0;
198pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x0;
199pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x0;
200pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x0;
201pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x0;
202pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x0;
203pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x0;
204pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x0;
205cfg_if! {
206 if #[cfg(libressl)] {
207 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000;
208 } else {
209 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00000000;
210 }
211}
212
213pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1;
214pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2;
215pub const SSL_MODE_AUTO_RETRY: c_long = 0x4;
216pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8;
217pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10;
218#[cfg(ossl110)]
219pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20;
220#[cfg(ossl110)]
221pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40;
222#[cfg(ossl110)]
223pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80;
224
225pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long {
226 SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut())
227}
228
229#[cfg(ossl111)]
230pub const SSL_COOKIE_LENGTH: c_int = 4096;
231
232cfg_if! {
233 if #[cfg(libressl)] {
234 pub unsafe fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong {
235 SSL_CTX_ctrl(ctx as *mut _, SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
236 }
237
238 pub unsafe fn SSL_CTX_set_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
239 SSL_CTX_ctrl(
240 ctx as *mut _,
241 SSL_CTRL_OPTIONS,
242 op as c_long,
243 ptr::null_mut(),
244 ) as c_ulong
245 }
246
247 pub unsafe fn SSL_CTX_clear_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
248 SSL_CTX_ctrl(
249 ctx as *mut _,
250 SSL_CTRL_CLEAR_OPTIONS,
251 op as c_long,
252 ptr::null_mut(),
253 ) as c_ulong
254 }
255 }
256}
257
258pub unsafe fn SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long {
259 SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, ptr::null_mut())
260}
261
262#[cfg(ossl110)]
263pub unsafe fn SSL_get_extms_support(ssl: *mut SSL) -> c_long {
264 SSL_ctrl(ssl, SSL_CTRL_GET_EXTMS_SUPPORT, 0, ptr::null_mut())
265}
266
267pub const SSL_SESS_CACHE_OFF: c_long = 0x0;
268pub const SSL_SESS_CACHE_CLIENT: c_long = 0x1;
269pub const SSL_SESS_CACHE_SERVER: c_long = 0x2;
270pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER;
271pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80;
272pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100;
273pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200;
274pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
275 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
276
277pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0;
278pub const OPENSSL_NPN_NEGOTIATED: c_int = 1;
279pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2;
280
281pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;
282pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR;
283pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME;
284pub const SSL_ERROR_NONE: c_int = 0;
285pub const SSL_ERROR_SSL: c_int = 1;
286pub const SSL_ERROR_SYSCALL: c_int = 5;
287pub const SSL_ERROR_WANT_ACCEPT: c_int = 8;
288pub const SSL_ERROR_WANT_CONNECT: c_int = 7;
289pub const SSL_ERROR_WANT_READ: c_int = 2;
290pub const SSL_ERROR_WANT_WRITE: c_int = 3;
291pub const SSL_ERROR_WANT_X509_LOOKUP: c_int = 4;
292pub const SSL_ERROR_ZERO_RETURN: c_int = 6;
293#[cfg(ossl111)]
294pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11;
295pub const SSL_VERIFY_NONE: c_int = 0;
296pub const SSL_VERIFY_PEER: c_int = 1;
297pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
298pub const SSL_VERIFY_CLIENT_ONCE: c_int = 4;
299#[cfg(ossl111)]
300pub const SSL_VERIFY_POST_HANDSHAKE: c_int = 8;
301#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
302pub const SSL_CTRL_SET_TMP_DH: c_int = 3;
303#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
304pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4;
305#[cfg(libressl)]
306pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8;
307pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
308pub const SSL_CTRL_SET_MTU: c_int = 17;
309#[cfg(libressl)]
310pub const SSL_CTRL_OPTIONS: c_int = 32;
311pub const SSL_CTRL_MODE: c_int = 33;
312pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
313pub const SSL_CTRL_SET_SESS_CACHE_SIZE: c_int = 42;
314pub const SSL_CTRL_GET_SESS_CACHE_SIZE: c_int = 43;
315pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44;
316pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53;
317pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
318pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
319pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: c_int = 63;
320pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: c_int = 64;
321pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65;
322pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70;
323pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71;
324#[cfg(libressl)]
325pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
326pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82;
327#[cfg(ossl110)]
328pub const SSL_CTRL_CHAIN_CERT: c_int = 89;
329#[cfg(any(ossl111, libressl))]
330pub const SSL_CTRL_SET_GROUPS_LIST: c_int = 92;
331#[cfg(libressl)]
332pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
333#[cfg(ossl110)]
334pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98;
335#[cfg(ossl110)]
336pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106;
337#[cfg(ossl300)]
338pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = 109;
339#[cfg(ossl110)]
340pub const SSL_CTRL_SET_DH_AUTO: c_int = 118;
341#[cfg(ossl110)]
342pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = 122;
343pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
344pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
345#[cfg(any(ossl110g, libressl))]
346pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
347#[cfg(any(ossl110g, libressl))]
348pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
349#[cfg(ossl300)]
350pub const SSL_CTRL_GET_TMP_KEY: c_int = 133;
351
352#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
353pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long {
354 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
355}
356
357#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
358pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long {
359 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
360}
361
362#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
363pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long {
364 SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
365}
366
367#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
368pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long {
369 SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
370}
371
372#[cfg(ossl110)]
373pub unsafe fn SSL_CTX_set_dh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_long {
374 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut())
375}
376
377#[cfg(ossl110)]
378pub unsafe fn SSL_set_dh_auto(ssl: *mut SSL, onoff: c_int) -> c_long {
379 SSL_ctrl(ssl, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut())
380}
381
382pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long {
383 SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void)
384}
385
386pub unsafe fn SSL_CTX_get_extra_chain_certs(
387 ctx: *mut SSL_CTX,
388 chain: *mut *mut stack_st_X509,
389) -> c_long {
390 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void)
391}
392
393#[cfg(ossl110)]
394pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long {
395 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
396}
397
398#[cfg(ossl110)]
399pub unsafe fn SSL_set0_verify_cert_store(ssl: *mut SSL, st: *mut X509_STORE) -> c_long {
400 SSL_ctrl(ssl, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
401}
402
403cfg_if! {
404 if #[cfg(ossl111)] {
405 pub unsafe fn SSL_set1_groups_list(ctx: *mut SSL, s: *const c_char) -> c_long {
406 SSL_ctrl(
407 ctx,
408 SSL_CTRL_SET_GROUPS_LIST,
409 0,
410 s as *const c_void as *mut c_void,
411 )
412 }
413 pub unsafe fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
414 SSL_CTX_ctrl(
415 ctx,
416 SSL_CTRL_SET_GROUPS_LIST,
417 0,
418 s as *const c_void as *mut c_void,
419 )
420 }
421 } else if #[cfg(libressl)] {
422 extern "C" {
423 pub fn SSL_set1_groups_list(ctx: *mut SSL, list: *const c_char) -> c_int;
424 pub fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_int;
425 }
426 }
427}
428
429#[cfg(ossl110)]
430pub unsafe fn SSL_add0_chain_cert(ssl: *mut SSL, ptr: *mut X509) -> c_long {
431 SSL_ctrl(ssl, SSL_CTRL_CHAIN_CERT, 0, ptr as *mut c_void)
432}
433
434#[cfg(ossl110)]
435pub unsafe fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
436 SSL_CTX_ctrl(
437 ctx,
438 SSL_CTRL_SET_SIGALGS_LIST,
439 0,
440 s as *const c_void as *mut c_void,
441 )
442}
443
444#[cfg(libressl)]
445pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
446 SSL_CTX_ctrl(
447 ctx,
448 SSL_CTRL_SET_ECDH_AUTO,
449 onoff as c_long,
450 ptr::null_mut(),
451 ) as c_int
452}
453
454#[cfg(libressl)]
455pub unsafe fn SSL_set_ecdh_auto(ssl: *mut SSL, onoff: c_int) -> c_int {
456 SSL_ctrl(
457 ssl,
458 SSL_CTRL_SET_ECDH_AUTO,
459 onoff as c_long,
460 ptr::null_mut(),
461 ) as c_int
462}
463
464cfg_if! {
465 if #[cfg(ossl110)] {
466 pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
467 SSL_CTX_ctrl(
468 ctx,
469 SSL_CTRL_SET_MIN_PROTO_VERSION,
470 version as c_long,
471 ptr::null_mut(),
472 ) as c_int
473 }
474
475 pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
476 SSL_CTX_ctrl(
477 ctx,
478 SSL_CTRL_SET_MAX_PROTO_VERSION,
479 version as c_long,
480 ptr::null_mut(),
481 ) as c_int
482 }
483
484 pub unsafe fn SSL_set_min_proto_version(s: *mut SSL, version: c_int) -> c_int {
485 SSL_ctrl(
486 s,
487 SSL_CTRL_SET_MIN_PROTO_VERSION,
488 version as c_long,
489 ptr::null_mut(),
490 ) as c_int
491 }
492
493 pub unsafe fn SSL_set_max_proto_version(s: *mut SSL, version: c_int) -> c_int {
494 SSL_ctrl(
495 s,
496 SSL_CTRL_SET_MAX_PROTO_VERSION,
497 version as c_long,
498 ptr::null_mut(),
499 ) as c_int
500 }
501 }
502}
503
504cfg_if! {
505 if #[cfg(ossl110g)] {
506 pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int {
507 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
508 }
509
510 pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int {
511 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
512 }
513 pub unsafe fn SSL_get_min_proto_version(s: *mut SSL) -> c_int {
514 SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
515 }
516 pub unsafe fn SSL_get_max_proto_version(s: *mut SSL) -> c_int {
517 SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
518 }
519 }
520}
521cfg_if! {
522 if #[cfg(ossl300)] {
523 pub unsafe fn SSL_get_peer_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
524 SSL_ctrl(ssl, SSL_CTRL_GET_PEER_TMP_KEY, 0, key as *mut c_void)
525 }
526
527 pub unsafe fn SSL_get_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
528 SSL_ctrl(ssl, SSL_CTRL_GET_TMP_KEY, 0, key as *mut c_void)
529 }
530 }
531}
532
533#[cfg(ossl111)]
534pub const SSL_CLIENT_HELLO_SUCCESS: c_int = 1;
535#[cfg(ossl111)]
536pub const SSL_CLIENT_HELLO_ERROR: c_int = 0;
537#[cfg(ossl111)]
538pub const SSL_CLIENT_HELLO_RETRY: c_int = -1;
539
540#[cfg(any(ossl111, libressl))]
541pub const SSL_READ_EARLY_DATA_ERROR: c_int = 0;
542#[cfg(any(ossl111, libressl))]
543pub const SSL_READ_EARLY_DATA_SUCCESS: c_int = 1;
544#[cfg(any(ossl111, libressl))]
545pub const SSL_READ_EARLY_DATA_FINISH: c_int = 2;
546
547cfg_if! {
548 if #[cfg(ossl110)] {
549 pub unsafe fn SSL_get_ex_new_index(
550 l: c_long,
551 p: *mut c_void,
552 newf: Option<CRYPTO_EX_new>,
553 dupf: Option<CRYPTO_EX_dup>,
554 freef: Option<CRYPTO_EX_free>,
555 ) -> c_int {
556 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
557 }
558
559 pub unsafe fn SSL_CTX_get_ex_new_index(
560 l: c_long,
561 p: *mut c_void,
562 newf: Option<CRYPTO_EX_new>,
563 dupf: Option<CRYPTO_EX_dup>,
564 freef: Option<CRYPTO_EX_free>,
565 ) -> c_int {
566 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
567 }
568 }
569}
570
571pub unsafe fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long {
572 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, ptr::null_mut())
573}
574
575pub unsafe fn SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long {
576 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, ptr::null_mut())
577}
578
579pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long {
580 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut())
581}
582
583pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long {
584 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut())
585}
586
587#[allow(clashing_extern_declarations)]
588extern "C" {
589 #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
590 #[deprecated(note = "use SSL_CTX_set_tmp_dh_callback__fixed_rust instead")]
591 pub fn SSL_CTX_set_tmp_dh_callback(
592 ctx: *mut SSL_CTX,
593 dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
594 );
595 #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
596 #[deprecated(note = "use SSL_set_tmp_dh_callback__fixed_rust instead")]
597 pub fn SSL_set_tmp_dh_callback(
598 ctx: *mut SSL,
599 dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
600 );
601 #[deprecated(note = "use SSL_CTX_set_tmp_ecdh_callback__fixed_rust instead")]
602 #[cfg(not(ossl110))]
603 pub fn SSL_CTX_set_tmp_ecdh_callback(
604 ctx: *mut SSL_CTX,
605 ecdh: unsafe extern "C" fn(
606 ssl: *mut SSL,
607 is_export: c_int,
608 keylength: c_int,
609 ) -> *mut EC_KEY,
610 );
611 #[deprecated(note = "use SSL_set_tmp_ecdh_callback__fixed_rust instead")]
612 #[cfg(not(ossl110))]
613 pub fn SSL_set_tmp_ecdh_callback(
614 ssl: *mut SSL,
615 ecdh: unsafe extern "C" fn(
616 ssl: *mut SSL,
617 is_export: c_int,
618 keylength: c_int,
619 ) -> *mut EC_KEY,
620 );
621
622 #[deprecated(note = "use SSL_CTX_callback_ctrl__fixed_rust instead")]
623 pub fn SSL_CTX_callback_ctrl(
624 ctx: *mut SSL_CTX,
625 cmd: c_int,
626 fp: Option<extern "C" fn()>,
627 ) -> c_long;
628
629 #[deprecated(note = "use SSL_CTX_set_alpn_select_cb__fixed_rust instead")]
630 pub fn SSL_CTX_set_alpn_select_cb(
631 ssl: *mut SSL_CTX,
632 cb: extern "C" fn(
633 ssl: *mut SSL,
634 out: *mut *const c_uchar,
635 outlen: *mut c_uchar,
636 inbuf: *const c_uchar,
637 inlen: c_uint,
638 arg: *mut c_void,
639 ) -> c_int,
640 arg: *mut c_void,
641 );
642}
643
644#[cfg(not(ossl110))]
645pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int {
646 SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int
647}
648
649#[cfg(ossl110)]
650pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = 0x00200000;
651#[cfg(ossl111b)]
652pub const OPENSSL_INIT_NO_ATEXIT: u64 = 0x00080000;
653
654cfg_if! {
655 if #[cfg(ossl330)] {
656 pub const SSL_VALUE_CLASS_GENERIC: c_uint = 0;
657 pub const SSL_VALUE_CLASS_FEATURE_REQUEST: c_uint = 1;
658 pub const SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: c_uint = 2;
659 pub const SSL_VALUE_CLASS_FEATURE_NEGOTIATED: c_uint = 3;
660
661 pub const SSL_VALUE_NONE: c_uint = 0;
662 pub const SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: c_uint = 1;
663 pub const SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: c_uint = 2;
664 pub const SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: c_uint = 3;
665 pub const SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: c_uint = 4;
666 pub const SSL_VALUE_QUIC_IDLE_TIMEOUT: c_uint = 5;
667 pub const SSL_VALUE_EVENT_HANDLING_MODE: c_uint = 6;
668 pub const SSL_VALUE_STREAM_WRITE_BUF_SIZE: c_uint = 7;
669 pub const SSL_VALUE_STREAM_WRITE_BUF_USED: c_uint = 8;
670 pub const SSL_VALUE_STREAM_WRITE_BUF_AVAIL: c_uint = 9;
671
672 pub const SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: c_uint = 0;
673 pub const SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: c_uint = 1;
674 pub const SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: c_uint = 2;
675
676 pub unsafe fn SSL_get_generic_value_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
677 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
678 }
679 pub unsafe fn SSL_set_generic_value_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
680 SSL_set_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
681 }
682 pub unsafe fn SSL_get_feature_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
683 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
684 }
685 pub unsafe fn SSL_set_feature_request_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
686 SSL_set_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
687 }
688 pub unsafe fn SSL_get_feature_peer_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
689 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, id, value)
690 }
691 pub unsafe fn SSL_get_feature_negotiated_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
692 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_NEGOTIATED, id, value)
693 }
694 pub unsafe fn SSL_get_quic_stream_bidi_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
695 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, value)
696 }
697 pub unsafe fn SSL_get_quic_stream_bidi_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
698 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, value)
699 }
700 pub unsafe fn SSL_get_quic_stream_uni_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
701 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, value)
702 }
703 pub unsafe fn SSL_get_quic_stream_uni_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
704 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, value)
705 }
706 pub unsafe fn SSL_get_event_handling_mode(ssl: *mut SSL, value: *mut u64) -> c_int {
707 SSL_get_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
708 }
709 pub unsafe fn SSL_set_event_handling_mode(ssl: *mut SSL, value: u64) -> c_int {
710 SSL_set_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
711 }
712 pub unsafe fn SSL_get_stream_write_buf_size(ssl: *mut SSL, value: *mut u64) -> c_int {
713 SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_SIZE, value)
714 }
715 pub unsafe fn SSL_get_stream_write_buf_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
716 SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_AVAIL, value)
717 }
718 pub unsafe fn SSL_get_stream_write_buf_used(ssl: *mut SSL, value: *mut u64) -> c_int {
719 SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_USED, value)
720 }
721 }
722}