Skip to main content

variant_ssl_sys/
ssl.rs

1use std::ffi::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void};
2use std::ptr;
3
4use super::*;
5
6#[cfg(not(ossl110))]
7pub const SSL_MAX_KRB5_PRINCIPAL_LENGTH: c_int = 256;
8
9#[cfg(not(ossl110))]
10pub const SSL_MAX_SSL_SESSION_ID_LENGTH: c_int = 32;
11#[cfg(not(ossl110))]
12pub const SSL_MAX_SID_CTX_LENGTH: c_int = 32;
13
14#[cfg(not(ossl110))]
15pub const SSL_MAX_KEY_ARG_LENGTH: c_int = 8;
16#[cfg(not(ossl110))]
17pub const SSL_MAX_MASTER_KEY_LENGTH: c_int = 48;
18
19pub const SSL_SENT_SHUTDOWN: c_int = 1;
20pub const SSL_RECEIVED_SHUTDOWN: c_int = 2;
21
22pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
23pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
24
25#[cfg(ossl111)]
26pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001;
27/* This extension is only allowed in DTLS */
28#[cfg(ossl111)]
29pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002;
30/* Some extensions may be allowed in DTLS but we don't implement them for it */
31#[cfg(ossl111)]
32pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004;
33/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
34#[cfg(ossl111)]
35pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008;
36/* Extension is only defined for TLS1.2 and below */
37#[cfg(ossl111)]
38pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010;
39/* Extension is only defined for TLS1.3 and above */
40#[cfg(ossl111)]
41pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020;
42/* Ignore this extension during parsing if we are resuming */
43#[cfg(ossl111)]
44pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040;
45#[cfg(ossl111)]
46pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080;
47/* Really means TLS1.2 or below */
48#[cfg(ossl111)]
49pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100;
50#[cfg(ossl111)]
51pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200;
52#[cfg(ossl111)]
53pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400;
54#[cfg(ossl111)]
55pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800;
56#[cfg(ossl111)]
57pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000;
58#[cfg(ossl111)]
59pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000;
60#[cfg(ossl111)]
61pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000;
62
63cfg_if! {
64    if #[cfg(ossl300)] {
65        macro_rules! ssl_op_type {
66            () => {u64};
67        }
68    } else {
69        macro_rules! ssl_op_type {
70            () => {c_ulong};
71        }
72    }
73}
74
75pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004;
76cfg_if! {
77    if #[cfg(libressl)] {
78        pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0;
79    } else {
80        pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x10;
81    }
82}
83#[cfg(ossl110)]
84pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: ssl_op_type!() = 0x00000040;
85#[cfg(ossl300)]
86pub const SSL_OP_IGNORE_UNEXPECTED_EOF: ssl_op_type!() = 0x00000080;
87
88#[cfg(not(libressl430))]
89pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000800;
90#[cfg(libressl430)]
91pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000000;
92
93pub const SSL_OP_NO_QUERY_MTU: ssl_op_type!() = 0x00001000;
94pub const SSL_OP_COOKIE_EXCHANGE: ssl_op_type!() = 0x00002000;
95pub const SSL_OP_NO_TICKET: ssl_op_type!() = 0x00004000;
96cfg_if! {
97    if #[cfg(ossl110)] {
98        pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x00008000;
99    } else {
100        pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x0;
101    }
102}
103
104pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: ssl_op_type!() = 0x00010000;
105cfg_if! {
106    if #[cfg(ossl110)] {
107        pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x00020000;
108        pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x00040000;
109    } else {
110        pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x0;
111        pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x0;
112    }
113}
114
115#[cfg(ossl111)]
116pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: ssl_op_type!() = 0x00100000;
117#[cfg(ossl111)]
118pub const SSL_OP_PRIORITIZE_CHACHA: ssl_op_type!() = 0x00200000;
119
120pub const SSL_OP_CIPHER_SERVER_PREFERENCE: ssl_op_type!() = 0x00400000;
121cfg_if! {
122    if #[cfg(libressl)] {
123        pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0;
124    } else {
125        pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0x00800000;
126    }
127}
128
129cfg_if! {
130    if #[cfg(ossl110)] {
131        pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x02000000;
132    } else {
133        pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x0;
134    }
135}
136pub const SSL_OP_NO_TLSv1_1: ssl_op_type!() = 0x10000000;
137pub const SSL_OP_NO_TLSv1_2: ssl_op_type!() = 0x08000000;
138
139pub const SSL_OP_NO_TLSv1: ssl_op_type!() = 0x04000000;
140cfg_if! {
141    if #[cfg(libressl)] {
142        pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x40000000;
143        pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x80000000;
144    } else {
145        pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x04000000;
146        pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x08000000;
147    }
148}
149#[cfg(any(ossl111, libressl))]
150pub const SSL_OP_NO_TLSv1_3: ssl_op_type!() = 0x20000000;
151
152#[cfg(ossl110h)]
153pub const SSL_OP_NO_RENEGOTIATION: ssl_op_type!() = 0x40000000;
154
155cfg_if! {
156    if #[cfg(ossl111)] {
157        pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2
158            | SSL_OP_NO_SSLv3
159            | SSL_OP_NO_TLSv1
160            | SSL_OP_NO_TLSv1_1
161            | SSL_OP_NO_TLSv1_2
162            | SSL_OP_NO_TLSv1_3;
163    } else if #[cfg(ossl110)] {
164        pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() =
165            SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
166    }
167}
168
169cfg_if! {
170    if #[cfg(libressl)] {
171        pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x0;
172    } else {
173        pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x80000000;
174    }
175}
176
177cfg_if! {
178    if #[cfg(ossl300)] {
179        pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
180            | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
181            | SSL_OP_TLSEXT_PADDING
182            | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
183    } else if #[cfg(ossl110f)] {
184        pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
185            | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
186            | SSL_OP_LEGACY_SERVER_CONNECT
187            | SSL_OP_TLSEXT_PADDING
188            | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
189    } else if #[cfg(libressl)] {
190        pub const SSL_OP_ALL: ssl_op_type!() = 0x4;
191    } else {
192        pub const SSL_OP_ALL: ssl_op_type!() = 0x80000BFF;
193    }
194}
195
196pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x0;
197pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x0;
198pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x0;
199pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x0;
200pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x0;
201pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x0;
202pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x0;
203pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x0;
204pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x0;
205cfg_if! {
206    if #[cfg(libressl)] {
207        pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000;
208    } else {
209        pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00000000;
210    }
211}
212
213pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1;
214pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2;
215pub const SSL_MODE_AUTO_RETRY: c_long = 0x4;
216pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8;
217pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10;
218#[cfg(ossl110)]
219pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20;
220#[cfg(ossl110)]
221pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40;
222#[cfg(ossl110)]
223pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80;
224#[cfg(ossl110)]
225pub const SSL_MODE_ASYNC: c_long = 0x100;
226
227pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long {
228    SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut())
229}
230pub unsafe fn SSL_CTX_clear_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long {
231    SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_MODE, op, ptr::null_mut())
232}
233pub unsafe fn SSL_CTX_get_mode(ctx: *mut SSL_CTX) -> c_long {
234    SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, 0, ptr::null_mut())
235}
236
237pub unsafe fn SSL_set_mode(ssl: *mut SSL, op: c_long) -> c_long {
238    SSL_ctrl(ssl, SSL_CTRL_MODE, op, ptr::null_mut())
239}
240pub unsafe fn SSL_clear_mode(ssl: *mut SSL, op: c_long) -> c_long {
241    SSL_ctrl(ssl, SSL_CTRL_CLEAR_MODE, op, ptr::null_mut())
242}
243pub unsafe fn SSL_get_mode(ssl: *mut SSL) -> c_long {
244    SSL_ctrl(ssl, SSL_CTRL_MODE, 0, ptr::null_mut())
245}
246
247#[cfg(ossl111)]
248pub const SSL_COOKIE_LENGTH: c_int = 4096;
249
250cfg_if! {
251    if #[cfg(libressl)] {
252        pub unsafe fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong {
253            SSL_CTX_ctrl(ctx as *mut _, SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
254        }
255
256        pub unsafe fn SSL_CTX_set_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
257            SSL_CTX_ctrl(
258                ctx as *mut _,
259                SSL_CTRL_OPTIONS,
260                op as c_long,
261                ptr::null_mut(),
262            ) as c_ulong
263        }
264
265        pub unsafe fn SSL_CTX_clear_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
266            SSL_CTX_ctrl(
267                ctx as *mut _,
268                SSL_CTRL_CLEAR_OPTIONS,
269                op as c_long,
270                ptr::null_mut(),
271            ) as c_ulong
272        }
273    }
274}
275
276pub unsafe fn SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long {
277    SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, ptr::null_mut())
278}
279
280#[cfg(ossl110)]
281pub unsafe fn SSL_get_extms_support(ssl: *mut SSL) -> c_long {
282    SSL_ctrl(ssl, SSL_CTRL_GET_EXTMS_SUPPORT, 0, ptr::null_mut())
283}
284
285pub const SSL_SESS_CACHE_OFF: c_long = 0x0;
286pub const SSL_SESS_CACHE_CLIENT: c_long = 0x1;
287pub const SSL_SESS_CACHE_SERVER: c_long = 0x2;
288pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER;
289pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80;
290pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100;
291pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200;
292pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
293    SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
294
295pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0;
296pub const OPENSSL_NPN_NEGOTIATED: c_int = 1;
297pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2;
298
299pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;
300pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR;
301pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME;
302pub const SSL_AD_NO_APPLICATION_PROTOCOL: c_int = TLS1_AD_NO_APPLICATION_PROTOCOL;
303pub const SSL_ERROR_NONE: c_int = 0;
304pub const SSL_ERROR_SSL: c_int = 1;
305pub const SSL_ERROR_SYSCALL: c_int = 5;
306pub const SSL_ERROR_WANT_ACCEPT: c_int = 8;
307pub const SSL_ERROR_WANT_CONNECT: c_int = 7;
308#[cfg(ossl110)]
309pub const SSL_ERROR_WANT_ASYNC: c_int = 9;
310#[cfg(ossl110)]
311pub const SSL_ERROR_WANT_ASYNC_JOB: c_int = 10;
312pub const SSL_ERROR_WANT_READ: c_int = 2;
313pub const SSL_ERROR_WANT_WRITE: c_int = 3;
314pub const SSL_ERROR_WANT_X509_LOOKUP: c_int = 4;
315pub const SSL_ERROR_ZERO_RETURN: c_int = 6;
316#[cfg(ossl111)]
317pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11;
318pub const SSL_VERIFY_NONE: c_int = 0;
319pub const SSL_VERIFY_PEER: c_int = 1;
320pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
321pub const SSL_VERIFY_CLIENT_ONCE: c_int = 4;
322#[cfg(ossl111)]
323pub const SSL_VERIFY_POST_HANDSHAKE: c_int = 8;
324#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
325pub const SSL_CTRL_SET_TMP_DH: c_int = 3;
326#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
327pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4;
328#[cfg(libressl)]
329pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8;
330pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
331pub const SSL_CTRL_SET_MTU: c_int = 17;
332#[cfg(libressl)]
333pub const SSL_CTRL_OPTIONS: c_int = 32;
334pub const SSL_CTRL_MODE: c_int = 33;
335pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
336pub const SSL_CTRL_SET_SESS_CACHE_SIZE: c_int = 42;
337pub const SSL_CTRL_GET_SESS_CACHE_SIZE: c_int = 43;
338pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44;
339pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53;
340pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
341pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
342pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: c_int = 63;
343pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: c_int = 64;
344pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65;
345pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70;
346pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71;
347pub const SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: c_int = 72;
348#[cfg(libressl)]
349pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
350pub const SSL_CTRL_CLEAR_MODE: c_int = 78;
351pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82;
352pub const SSL_CTRL_CHAIN_CERT: c_int = 89;
353#[cfg(any(ossl111, libressl))]
354pub const SSL_CTRL_SET_GROUPS_LIST: c_int = 92;
355#[cfg(libressl)]
356pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
357#[cfg(ossl110)]
358pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98;
359#[cfg(ossl110)]
360pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106;
361#[cfg(ossl300)]
362pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = 109;
363#[cfg(ossl110)]
364pub const SSL_CTRL_SET_DH_AUTO: c_int = 118;
365#[cfg(ossl110)]
366pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = 122;
367pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
368pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
369pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE: c_int = 127;
370#[cfg(any(ossl110g, libressl))]
371pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
372#[cfg(any(ossl110g, libressl))]
373pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
374#[cfg(ossl300)]
375pub const SSL_CTRL_GET_TMP_KEY: c_int = 133;
376
377#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
378pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long {
379    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
380}
381
382#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
383pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long {
384    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
385}
386
387#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
388pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long {
389    SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
390}
391
392#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
393pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long {
394    SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
395}
396
397#[cfg(ossl110)]
398pub unsafe fn SSL_CTX_set_dh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_long {
399    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut())
400}
401
402#[cfg(ossl110)]
403pub unsafe fn SSL_set_dh_auto(ssl: *mut SSL, onoff: c_int) -> c_long {
404    SSL_ctrl(ssl, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut())
405}
406
407pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long {
408    SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void)
409}
410
411pub unsafe fn SSL_CTX_get_extra_chain_certs(
412    ctx: *mut SSL_CTX,
413    chain: *mut *mut stack_st_X509,
414) -> c_long {
415    SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void)
416}
417
418#[cfg(ossl110)]
419pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long {
420    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
421}
422
423#[cfg(ossl110)]
424pub unsafe fn SSL_set0_verify_cert_store(ssl: *mut SSL, st: *mut X509_STORE) -> c_long {
425    SSL_ctrl(ssl, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
426}
427
428cfg_if! {
429    if #[cfg(ossl111)] {
430        pub unsafe fn SSL_set1_groups_list(ctx: *mut SSL, s: *const c_char) -> c_long {
431            SSL_ctrl(
432                ctx,
433                SSL_CTRL_SET_GROUPS_LIST,
434                0,
435                s as *const c_void as *mut c_void,
436            )
437        }
438        pub unsafe fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
439            SSL_CTX_ctrl(
440                ctx,
441                SSL_CTRL_SET_GROUPS_LIST,
442                0,
443                s as *const c_void as *mut c_void,
444            )
445        }
446    } else if #[cfg(libressl)] {
447        extern "C" {
448            pub fn SSL_set1_groups_list(ctx: *mut SSL, list: *const c_char) -> c_int;
449            pub fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_int;
450        }
451    }
452}
453
454pub unsafe fn SSL_add0_chain_cert(ssl: *mut SSL, ptr: *mut X509) -> c_long {
455    SSL_ctrl(ssl, SSL_CTRL_CHAIN_CERT, 0, ptr as *mut c_void)
456}
457
458#[cfg(ossl110)]
459pub unsafe fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
460    SSL_CTX_ctrl(
461        ctx,
462        SSL_CTRL_SET_SIGALGS_LIST,
463        0,
464        s as *const c_void as *mut c_void,
465    )
466}
467
468#[cfg(libressl)]
469pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
470    SSL_CTX_ctrl(
471        ctx,
472        SSL_CTRL_SET_ECDH_AUTO,
473        onoff as c_long,
474        ptr::null_mut(),
475    ) as c_int
476}
477
478#[cfg(libressl)]
479pub unsafe fn SSL_set_ecdh_auto(ssl: *mut SSL, onoff: c_int) -> c_int {
480    SSL_ctrl(
481        ssl,
482        SSL_CTRL_SET_ECDH_AUTO,
483        onoff as c_long,
484        ptr::null_mut(),
485    ) as c_int
486}
487
488cfg_if! {
489    if #[cfg(ossl110)] {
490        pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
491            SSL_CTX_ctrl(
492                ctx,
493                SSL_CTRL_SET_MIN_PROTO_VERSION,
494                version as c_long,
495                ptr::null_mut(),
496            ) as c_int
497        }
498
499        pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
500            SSL_CTX_ctrl(
501                ctx,
502                SSL_CTRL_SET_MAX_PROTO_VERSION,
503                version as c_long,
504                ptr::null_mut(),
505            ) as c_int
506        }
507
508        pub unsafe fn SSL_set_min_proto_version(s: *mut SSL, version: c_int) -> c_int {
509            SSL_ctrl(
510                s,
511                SSL_CTRL_SET_MIN_PROTO_VERSION,
512                version as c_long,
513                ptr::null_mut(),
514            ) as c_int
515        }
516
517        pub unsafe fn SSL_set_max_proto_version(s: *mut SSL, version: c_int) -> c_int {
518            SSL_ctrl(
519                s,
520                SSL_CTRL_SET_MAX_PROTO_VERSION,
521                version as c_long,
522                ptr::null_mut(),
523            ) as c_int
524        }
525    }
526}
527
528cfg_if! {
529    if #[cfg(ossl110g)] {
530        pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int {
531            SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
532        }
533
534        pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int {
535            SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
536        }
537        pub unsafe fn SSL_get_min_proto_version(s: *mut SSL) -> c_int {
538            SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
539        }
540        pub unsafe fn SSL_get_max_proto_version(s: *mut SSL) -> c_int {
541            SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
542        }
543    }
544}
545cfg_if! {
546    if #[cfg(ossl300)] {
547        pub unsafe fn SSL_get_peer_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
548            SSL_ctrl(ssl, SSL_CTRL_GET_PEER_TMP_KEY, 0, key as *mut c_void)
549        }
550
551        pub unsafe fn SSL_get_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
552            SSL_ctrl(ssl, SSL_CTRL_GET_TMP_KEY, 0, key as *mut c_void)
553        }
554    }
555}
556
557#[cfg(ossl111)]
558pub const SSL_CLIENT_HELLO_SUCCESS: c_int = 1;
559#[cfg(ossl111)]
560pub const SSL_CLIENT_HELLO_ERROR: c_int = 0;
561#[cfg(ossl111)]
562pub const SSL_CLIENT_HELLO_RETRY: c_int = -1;
563
564#[cfg(any(ossl111, libressl))]
565pub const SSL_READ_EARLY_DATA_ERROR: c_int = 0;
566#[cfg(any(ossl111, libressl))]
567pub const SSL_READ_EARLY_DATA_SUCCESS: c_int = 1;
568#[cfg(any(ossl111, libressl))]
569pub const SSL_READ_EARLY_DATA_FINISH: c_int = 2;
570
571cfg_if! {
572    if #[cfg(ossl110)] {
573        pub unsafe fn SSL_get_ex_new_index(
574            l: c_long,
575            p: *mut c_void,
576            newf: CRYPTO_EX_new,
577            dupf: CRYPTO_EX_dup,
578            freef: CRYPTO_EX_free,
579        ) -> c_int {
580            CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
581        }
582
583        pub unsafe fn SSL_CTX_get_ex_new_index(
584            l: c_long,
585            p: *mut c_void,
586            newf: CRYPTO_EX_new,
587            dupf: CRYPTO_EX_dup,
588            freef: CRYPTO_EX_free,
589        ) -> c_int {
590            CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
591        }
592    }
593}
594
595pub unsafe fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long {
596    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, ptr::null_mut())
597}
598
599pub unsafe fn SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long {
600    SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, ptr::null_mut())
601}
602
603pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long {
604    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut())
605}
606
607pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long {
608    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut())
609}
610
611#[cfg(not(ossl110))]
612pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int {
613    SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int
614}
615
616#[cfg(ossl110)]
617pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = 0x00200000;
618#[cfg(ossl111b)]
619pub const OPENSSL_INIT_NO_ATEXIT: u64 = 0x00080000;
620
621#[cfg(ossl111)]
622pub const SSL_CT_VALIDATION_PERMISSIVE: c_int = 0;
623#[cfg(ossl111)]
624pub const SSL_CT_VALIDATION_STRICT: c_int = 1;
625
626cfg_if! {
627    if #[cfg(ossl330)] {
628        pub const SSL_VALUE_CLASS_GENERIC: c_uint = 0;
629        pub const SSL_VALUE_CLASS_FEATURE_REQUEST: c_uint = 1;
630        pub const SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: c_uint = 2;
631        pub const SSL_VALUE_CLASS_FEATURE_NEGOTIATED: c_uint = 3;
632
633        pub const SSL_VALUE_NONE: c_uint = 0;
634        pub const SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: c_uint = 1;
635        pub const SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: c_uint = 2;
636        pub const SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: c_uint = 3;
637        pub const SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: c_uint = 4;
638        pub const SSL_VALUE_QUIC_IDLE_TIMEOUT: c_uint = 5;
639        pub const SSL_VALUE_EVENT_HANDLING_MODE: c_uint = 6;
640        pub const SSL_VALUE_STREAM_WRITE_BUF_SIZE: c_uint = 7;
641        pub const SSL_VALUE_STREAM_WRITE_BUF_USED: c_uint = 8;
642        pub const SSL_VALUE_STREAM_WRITE_BUF_AVAIL: c_uint = 9;
643
644        pub const SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: c_uint = 0;
645        pub const SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: c_uint = 1;
646        pub const SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: c_uint = 2;
647
648        pub unsafe fn SSL_get_generic_value_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
649            SSL_get_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
650        }
651        pub unsafe fn SSL_set_generic_value_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
652            SSL_set_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
653        }
654        pub unsafe fn SSL_get_feature_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
655            SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
656        }
657        pub unsafe fn SSL_set_feature_request_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
658            SSL_set_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
659        }
660        pub unsafe fn SSL_get_feature_peer_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
661            SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, id, value)
662        }
663        pub unsafe fn SSL_get_feature_negotiated_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
664            SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_NEGOTIATED, id, value)
665        }
666        pub unsafe fn SSL_get_quic_stream_bidi_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
667            SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, value)
668        }
669        pub unsafe fn SSL_get_quic_stream_bidi_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
670            SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, value)
671        }
672        pub unsafe fn SSL_get_quic_stream_uni_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
673            SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, value)
674        }
675        pub unsafe fn SSL_get_quic_stream_uni_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
676            SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, value)
677        }
678        pub unsafe fn SSL_get_event_handling_mode(ssl: *mut SSL, value: *mut u64) -> c_int {
679            SSL_get_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
680        }
681        pub unsafe fn SSL_set_event_handling_mode(ssl: *mut SSL, value: u64) -> c_int {
682            SSL_set_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
683        }
684        pub unsafe fn SSL_get_stream_write_buf_size(ssl: *mut SSL, value: *mut u64) -> c_int {
685            SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_SIZE, value)
686        }
687        pub unsafe fn SSL_get_stream_write_buf_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
688            SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_AVAIL, value)
689        }
690        pub unsafe fn SSL_get_stream_write_buf_used(ssl: *mut SSL, value: *mut u64) -> c_int {
691            SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_USED, value)
692        }
693    }
694}