ssl.rs source code [crates/openssl_sys/src/ssl.rs]

1	use libc::*;
2	use std::ptr;
3
4	use super::*;
5
6	#[cfg(not(ossl110))]
7	pub const SSL_MAX_KRB5_PRINCIPAL_LENGTH: c_int = `256`;
8
9	#[cfg(not(ossl110))]
10	pub const SSL_MAX_SSL_SESSION_ID_LENGTH: c_int = `32`;
11	#[cfg(not(ossl110))]
12	pub const SSL_MAX_SID_CTX_LENGTH: c_int = `32`;
13
14	#[cfg(not(ossl110))]
15	pub const SSL_MAX_KEY_ARG_LENGTH: c_int = `8`;
16	#[cfg(not(ossl110))]
17	pub const SSL_MAX_MASTER_KEY_LENGTH: c_int = `48`;
18
19	pub const SSL_SENT_SHUTDOWN: c_int = `1`;
20	pub const SSL_RECEIVED_SHUTDOWN: c_int = `2`;
21
22	pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
23	pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
24
25	#[cfg(ossl111)]
26	pub const SSL_EXT_TLS_ONLY: c_uint = `0x0001`;
27	/ This extension is only allowed in DTLS /
28	#[cfg(ossl111)]
29	pub const SSL_EXT_DTLS_ONLY: c_uint = `0x0002`;
30	/ Some extensions may be allowed in DTLS but we don't implement them for it /
31	#[cfg(ossl111)]
32	pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = `0x0004`;
33	/ Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is /
34	#[cfg(ossl111)]
35	pub const SSL_EXT_SSL3_ALLOWED: c_uint = `0x0008`;
36	/ Extension is only defined for TLS1.2 and below /
37	#[cfg(ossl111)]
38	pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = `0x0010`;
39	/ Extension is only defined for TLS1.3 and above /
40	#[cfg(ossl111)]
41	pub const SSL_EXT_TLS1_3_ONLY: c_uint = `0x0020`;
42	/ Ignore this extension during parsing if we are resuming /
43	#[cfg(ossl111)]
44	pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = `0x0040`;
45	#[cfg(ossl111)]
46	pub const SSL_EXT_CLIENT_HELLO: c_uint = `0x0080`;
47	/ Really means TLS1.2 or below /
48	#[cfg(ossl111)]
49	pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = `0x0100`;
50	#[cfg(ossl111)]
51	pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = `0x0200`;
52	#[cfg(ossl111)]
53	pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = `0x0400`;
54	#[cfg(ossl111)]
55	pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = `0x0800`;
56	#[cfg(ossl111)]
57	pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = `0x1000`;
58	#[cfg(ossl111)]
59	pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = `0x2000`;
60	#[cfg(ossl111)]
61	pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = `0x4000`;
62
63	cfg_if! {
64	if #[cfg(ossl300)] {
65	macro_rules! ssl_op_type {
66	() => {u64};
67	}
68	} else {
69	macro_rules! ssl_op_type {
70	() => {c_ulong};
71	}
72	}
73	}
74
75	pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = `0x00000004`;
76	cfg_if! {
77	if #[cfg(libressl261)] {
78	pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = `0x0`;
79	} else if #[cfg(any(ossl102, libressl))] {
80	pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = `0x10`;
81	}
82	}
83	#[cfg(ossl101)]
84	pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: ssl_op_type!() = `0x00000040`;
85
86	pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = `0x00000800`;
87
88	pub const SSL_OP_NO_QUERY_MTU: ssl_op_type!() = `0x00001000`;
89	pub const SSL_OP_COOKIE_EXCHANGE: ssl_op_type!() = `0x00002000`;
90	pub const SSL_OP_NO_TICKET: ssl_op_type!() = `0x00004000`;
91	cfg_if! {
92	if #[cfg(ossl101)] {
93	pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = `0x00008000`;
94	} else {
95	pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = `0x0`;
96	}
97	}
98
99	pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: ssl_op_type!() = `0x00010000`;
100	cfg_if! {
101	if #[cfg(ossl101)] {
102	pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = `0x00020000`;
103	pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = `0x00040000`;
104	} else {
105	pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = `0x0`;
106	pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = `0x0`;
107	}
108	}
109
110	#[cfg(ossl111)]
111	pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: ssl_op_type!() = `0x00100000`;
112	#[cfg(ossl111)]
113	pub const SSL_OP_PRIORITIZE_CHACHA: ssl_op_type!() = `0x00200000`;
114
115	pub const SSL_OP_CIPHER_SERVER_PREFERENCE: ssl_op_type!() = `0x00400000`;
116	cfg_if! {
117	if #[cfg(libressl280)] {
118	pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = `0`;
119	} else {
120	pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = `0x00800000`;
121	}
122	}
123
124	cfg_if! {
125	if #[cfg(ossl101)] {
126	pub const SSL_OP_NO_SSLv3: ssl_op_type!() = `0x02000000`;
127	} else {
128	pub const SSL_OP_NO_SSLv3: ssl_op_type!() = `0x0`;
129	}
130	}
131	pub const SSL_OP_NO_TLSv1_1: ssl_op_type!() = `0x10000000`;
132	pub const SSL_OP_NO_TLSv1_2: ssl_op_type!() = `0x08000000`;
133
134	pub const SSL_OP_NO_TLSv1: ssl_op_type!() = `0x04000000`;
135	cfg_if! {
136	if #[cfg(ossl102)] {
137	pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = `0x04000000`;
138	pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = `0x08000000`;
139	} else if #[cfg(libressl332)] {
140	pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = `0x40000000`;
141	pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = `0x80000000`;
142	}
143	}
144	#[cfg(any(ossl111, libressl340))]
145	pub const SSL_OP_NO_TLSv1_3: ssl_op_type!() = `0x20000000`;
146
147	#[cfg(ossl110h)]
148	pub const SSL_OP_NO_RENEGOTIATION: ssl_op_type!() = `0x40000000`;
149
150	cfg_if! {
151	if #[cfg(ossl111)] {
152	pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2
153	\| SSL_OP_NO_SSLv3
154	\| SSL_OP_NO_TLSv1
155	\| SSL_OP_NO_TLSv1_1
156	\| SSL_OP_NO_TLSv1_2
157	\| SSL_OP_NO_TLSv1_3;
158	} else if #[cfg(ossl102)] {
159	pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() =
160	SSL_OP_NO_SSLv2 \| SSL_OP_NO_SSLv3 \| SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \| SSL_OP_NO_TLSv1_2;
161	}
162	}
163
164	cfg_if! {
165	if #[cfg(libressl261)] {
166	pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = `0x0`;
167	} else {
168	pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = `0x80000000`;
169	}
170	}
171
172	cfg_if! {
173	if #[cfg(ossl300)] {
174	pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
175	\| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
176	\| SSL_OP_TLSEXT_PADDING
177	\| SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
178	} else if #[cfg(ossl110f)] {
179	pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
180	\| SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
181	\| SSL_OP_LEGACY_SERVER_CONNECT
182	\| SSL_OP_TLSEXT_PADDING
183	\| SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
184	} else if #[cfg(libressl261)] {
185	pub const SSL_OP_ALL: ssl_op_type!() = `0x4`;
186	} else if #[cfg(libressl)] {
187	pub const SSL_OP_ALL: ssl_op_type!() = `0x80000014`;
188	} else {
189	pub const SSL_OP_ALL: ssl_op_type!() = `0x80000BFF`;
190	}
191	}
192
193	cfg_if! {
194	if #[cfg(ossl110)] {
195	pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = `0x00000000`;
196	pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = `0x00000000`;
197	pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = `0x00000000`;
198	pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = `0x00000000`;
199	pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = `0x00000000`;
200	pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = `0x00000000`;
201	pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = `0x00000000`;
202	pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = `0x00000000`;
203	pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = `0x00000000`;
204	pub const SSL_OP_NO_SSLv2: ssl_op_type!() = `0x00000000`;
205	} else if #[cfg(ossl101)] {
206	pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = `0x00000001`;
207	pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = `0x00000002`;
208	pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = `0x00000008`;
209	pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = `0x00000020`;
210	pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = `0x00000080`;
211	pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = `0x00000100`;
212	pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = `0x00000200`;
213	pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = `0x00080000`;
214	pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = `0x00100000`;
215	pub const SSL_OP_NO_SSLv2: ssl_op_type!() = `0x01000000`;
216	} else {
217	pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = `0x0`;
218	pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = `0x0`;
219	pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = `0x0`;
220	pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = `0x0`;
221	pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = `0x0`;
222	pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = `0x0`;
223	pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = `0x0`;
224	#[cfg(libressl261)]
225	pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = `0x0`;
226	#[cfg(not(libressl261))]
227	pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = `0x00080000`;
228	pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = `0x00100000`;
229	pub const SSL_OP_NO_SSLv2: ssl_op_type!() = `0x0`;
230	}
231	}
232
233	pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = `0x1`;
234	pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = `0x2`;
235	pub const SSL_MODE_AUTO_RETRY: c_long = `0x4`;
236	pub const SSL_MODE_NO_AUTO_CHAIN: c_long = `0x8`;
237	pub const SSL_MODE_RELEASE_BUFFERS: c_long = `0x10`;
238	#[cfg(ossl101)]
239	pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = `0x20`;
240	#[cfg(ossl101)]
241	pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = `0x40`;
242	#[cfg(ossl101)]
243	pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = `0x80`;
244
245	pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long {
246	SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, larg:op, parg:ptr::null_mut())
247	}
248
249	#[cfg(ossl111)]
250	pub const SSL_COOKIE_LENGTH: c_int = `4096`;
251
252	cfg_if! {
253	if #[cfg(not(ossl110))] {
254	pub unsafe fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong {
255	SSL_CTX_ctrl(ctx as *mut _, SSL_CTRL_OPTIONS, `0`, ptr::null_mut()) as c_ulong
256	}
257
258	pub unsafe fn SSL_CTX_set_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
259	SSL_CTX_ctrl(
260	ctx as *mut _,
261	SSL_CTRL_OPTIONS,
262	op as c_long,
263	ptr::null_mut(),
264	) as c_ulong
265	}
266
267	pub unsafe fn SSL_CTX_clear_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
268	SSL_CTX_ctrl(
269	ctx as *mut _,
270	SSL_CTRL_CLEAR_OPTIONS,
271	op as c_long,
272	ptr::null_mut(),
273	) as c_ulong
274	}
275	}
276	}
277
278	pub unsafe fn SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long {
279	SSL_ctrl(ssl, SSL_CTRL_SET_MTU, larg:mtu, parg:ptr::null_mut())
280	}
281
282	#[cfg(ossl110)]
283	pub unsafe fn SSL_get_extms_support(ssl: *mut SSL) -> c_long {
284	SSL_ctrl(ssl, SSL_CTRL_GET_EXTMS_SUPPORT, larg:`0`, parg:ptr::null_mut())
285	}
286
287	pub const SSL_SESS_CACHE_OFF: c_long = `0x0`;
288	pub const SSL_SESS_CACHE_CLIENT: c_long = `0x1`;
289	pub const SSL_SESS_CACHE_SERVER: c_long = `0x2`;
290	pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT \| SSL_SESS_CACHE_SERVER;
291	pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = `0x80`;
292	pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = `0x100`;
293	pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = `0x200`;
294	pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
295	SSL_SESS_CACHE_NO_INTERNAL_LOOKUP \| SSL_SESS_CACHE_NO_INTERNAL_STORE;
296
297	pub const OPENSSL_NPN_UNSUPPORTED: c_int = `0`;
298	pub const OPENSSL_NPN_NEGOTIATED: c_int = `1`;
299	pub const OPENSSL_NPN_NO_OVERLAP: c_int = `2`;
300
301	pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;
302	pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR;
303	pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME;
304	pub const SSL_ERROR_NONE: c_int = `0`;
305	pub const SSL_ERROR_SSL: c_int = `1`;
306	pub const SSL_ERROR_SYSCALL: c_int = `5`;
307	pub const SSL_ERROR_WANT_ACCEPT: c_int = `8`;
308	pub const SSL_ERROR_WANT_CONNECT: c_int = `7`;
309	pub const SSL_ERROR_WANT_READ: c_int = `2`;
310	pub const SSL_ERROR_WANT_WRITE: c_int = `3`;
311	pub const SSL_ERROR_WANT_X509_LOOKUP: c_int = `4`;
312	pub const SSL_ERROR_ZERO_RETURN: c_int = `6`;
313	#[cfg(ossl111)]
314	pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = `11`;
315	pub const SSL_VERIFY_NONE: c_int = `0`;
316	pub const SSL_VERIFY_PEER: c_int = `1`;
317	pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = `2`;
318	pub const SSL_CTRL_SET_TMP_DH: c_int = `3`;
319	pub const SSL_CTRL_SET_TMP_ECDH: c_int = `4`;
320	#[cfg(any(libressl, all(ossl101, not(ossl110))))]
321	pub const SSL_CTRL_GET_SESSION_REUSED: c_int = `8`;
322	pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = `14`;
323	pub const SSL_CTRL_SET_MTU: c_int = `17`;
324	#[cfg(any(libressl, all(ossl101, not(ossl110))))]
325	pub const SSL_CTRL_OPTIONS: c_int = `32`;
326	pub const SSL_CTRL_MODE: c_int = `33`;
327	pub const SSL_CTRL_SET_READ_AHEAD: c_int = `41`;
328	pub const SSL_CTRL_SET_SESS_CACHE_SIZE: c_int = `42`;
329	pub const SSL_CTRL_GET_SESS_CACHE_SIZE: c_int = `43`;
330	pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = `44`;
331	pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = `53`;
332	pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = `54`;
333	pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = `55`;
334	pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: c_int = `63`;
335	pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: c_int = `64`;
336	pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = `65`;
337	pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = `70`;
338	pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = `71`;
339	#[cfg(any(libressl, all(ossl101, not(ossl110))))]
340	pub const SSL_CTRL_CLEAR_OPTIONS: c_int = `77`;
341	pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = `82`;
342	#[cfg(ossl102)]
343	pub const SSL_CTRL_CHAIN_CERT: c_int = `89`;
344	#[cfg(any(ossl111, libressl252))]
345	pub const SSL_CTRL_SET_GROUPS_LIST: c_int = `92`;
346	#[cfg(any(libressl, all(ossl102, not(ossl110))))]
347	pub const SSL_CTRL_SET_ECDH_AUTO: c_int = `94`;
348	#[cfg(ossl102)]
349	pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = `98`;
350	#[cfg(ossl102)]
351	pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = `106`;
352	#[cfg(ossl300)]
353	pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = `109`;
354	#[cfg(ossl110)]
355	pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = `122`;
356	#[cfg(any(ossl110, libressl261))]
357	pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = `123`;
358	#[cfg(any(ossl110, libressl261))]
359	pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = `124`;
360	#[cfg(any(ossl110g, libressl270))]
361	pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = `130`;
362	#[cfg(any(ossl110g, libressl270))]
363	pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = `131`;
364	#[cfg(ossl300)]
365	pub const SSL_CTRL_GET_TMP_KEY: c_int = `133`;
366
367	pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long {
368	SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, larg:`0`, parg:dh as *mut c_void)
369	}
370
371	pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long {
372	SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, larg:`0`, parg:key as *mut c_void)
373	}
374
375	pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long {
376	SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, larg:`0`, parg:dh as *mut c_void)
377	}
378
379	pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long {
380	SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, larg:`0`, parg:key as *mut c_void)
381	}
382
383	pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long {
384	SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, larg:`0`, parg:x509 as *mut c_void)
385	}
386
387	pub unsafe fn SSL_CTX_get_extra_chain_certs(
388	ctx: *mut SSL_CTX,
389	chain: *mut *mut stack_st_X509,
390	) -> c_long {
391	SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, larg:`0`, parg:chain as *mut c_void)
392	}
393
394	#[cfg(ossl102)]
395	pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long {
396	SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, larg:`0`, parg:st as *mut c_void)
397	}
398
399	#[cfg(ossl102)]
400	pub unsafe fn SSL_set0_verify_cert_store(ssl: *mut SSL, st: *mut X509_STORE) -> c_long {
401	SSL_ctrl(ssl, SSL_CTRL_SET_VERIFY_CERT_STORE, larg:`0`, parg:st as *mut c_void)
402	}
403
404	cfg_if! {
405	if #[cfg(ossl111)] {
406	pub unsafe fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
407	SSL_CTX_ctrl(
408	ctx,
409	SSL_CTRL_SET_GROUPS_LIST,
410	`0`,
411	s as *const c_void as *mut c_void,
412	)
413	}
414	} else if #[cfg(libressl251)] {
415	extern "C" {
416	pub fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_int;
417	}
418	}
419	}
420
421	#[cfg(ossl102)]
422	pub unsafe fn SSL_add0_chain_cert(ssl: *mut SSL, ptr: *mut X509) -> c_long {
423	SSL_ctrl(ssl, SSL_CTRL_CHAIN_CERT, larg:`0`, parg:ptr as *mut c_void)
424	}
425
426	#[cfg(ossl102)]
427	pub unsafe fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
428	SSL_CTX_ctrl(
429	ctx,
430	SSL_CTRL_SET_SIGALGS_LIST,
431	larg:`0`,
432	parg:s as *const c_void as *mut c_void,
433	)
434	}
435
436	#[cfg(any(libressl, all(ossl102, not(ossl110))))]
437	pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
438	SSL_CTX_ctrl(
439	ctx,
440	SSL_CTRL_SET_ECDH_AUTO,
441	onoff as c_long,
442	ptr::null_mut(),
443	) as c_int
444	}
445
446	#[cfg(any(libressl, all(ossl102, not(ossl110))))]
447	pub unsafe fn SSL_set_ecdh_auto(ssl: *mut SSL, onoff: c_int) -> c_int {
448	SSL_ctrl(
449	ssl,
450	SSL_CTRL_SET_ECDH_AUTO,
451	onoff as c_long,
452	ptr::null_mut(),
453	) as c_int
454	}
455
456	cfg_if! {
457	if #[cfg(ossl110)] {
458	pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
459	SSL_CTX_ctrl(
460	ctx,
461	SSL_CTRL_SET_MIN_PROTO_VERSION,
462	version as c_long,
463	ptr::null_mut(),
464	) as c_int
465	}
466
467	pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
468	SSL_CTX_ctrl(
469	ctx,
470	SSL_CTRL_SET_MAX_PROTO_VERSION,
471	version as c_long,
472	ptr::null_mut(),
473	) as c_int
474	}
475
476	pub unsafe fn SSL_set_min_proto_version(s: *mut SSL, version: c_int) -> c_int {
477	SSL_ctrl(
478	s,
479	SSL_CTRL_SET_MIN_PROTO_VERSION,
480	version as c_long,
481	ptr::null_mut(),
482	) as c_int
483	}
484
485	pub unsafe fn SSL_set_max_proto_version(s: *mut SSL, version: c_int) -> c_int {
486	SSL_ctrl(
487	s,
488	SSL_CTRL_SET_MAX_PROTO_VERSION,
489	version as c_long,
490	ptr::null_mut(),
491	) as c_int
492	}
493	}
494	}
495
496	cfg_if! {
497	if #[cfg(ossl110g)] {
498	pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int {
499	SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, `0`, ptr::null_mut()) as c_int
500	}
501
502	pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int {
503	SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, `0`, ptr::null_mut()) as c_int
504	}
505	pub unsafe fn SSL_get_min_proto_version(s: *mut SSL) -> c_int {
506	SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, `0`, ptr::null_mut()) as c_int
507	}
508	pub unsafe fn SSL_get_max_proto_version(s: *mut SSL) -> c_int {
509	SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, `0`, ptr::null_mut()) as c_int
510	}
511	}
512	}
513	cfg_if! {
514	if #[cfg(ossl300)] {
515	pub unsafe fn SSL_get_peer_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
516	SSL_ctrl(ssl, SSL_CTRL_GET_PEER_TMP_KEY, `0`, key as *mut c_void)
517	}
518
519	pub unsafe fn SSL_get_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
520	SSL_ctrl(ssl, SSL_CTRL_GET_TMP_KEY, `0`, key as *mut c_void)
521	}
522	}
523	}
524
525	#[cfg(ossl111)]
526	pub const SSL_CLIENT_HELLO_SUCCESS: c_int = `1`;
527	#[cfg(ossl111)]
528	pub const SSL_CLIENT_HELLO_ERROR: c_int = `0`;
529	#[cfg(ossl111)]
530	pub const SSL_CLIENT_HELLO_RETRY: c_int = `-1`;
531
532	#[cfg(any(ossl111, libressl340))]
533	pub const SSL_READ_EARLY_DATA_ERROR: c_int = `0`;
534	#[cfg(any(ossl111, libressl340))]
535	pub const SSL_READ_EARLY_DATA_SUCCESS: c_int = `1`;
536	#[cfg(any(ossl111, libressl340))]
537	pub const SSL_READ_EARLY_DATA_FINISH: c_int = `2`;
538
539	cfg_if! {
540	if #[cfg(ossl110)] {
541	pub unsafe fn SSL_get_ex_new_index(
542	l: c_long,
543	p: *mut c_void,
544	newf: Option<CRYPTO_EX_new>,
545	dupf: Option<CRYPTO_EX_dup>,
546	freef: Option<CRYPTO_EX_free>,
547	) -> c_int {
548	CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
549	}
550	}
551	}
552	cfg_if! {
553	if #[cfg(ossl110)] {
554	pub unsafe fn SSL_CTX_get_ex_new_index(
555	l: c_long,
556	p: *mut c_void,
557	newf: Option<CRYPTO_EX_new>,
558	dupf: Option<CRYPTO_EX_dup>,
559	freef: Option<CRYPTO_EX_free>,
560	) -> c_int {
561	CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
562	}
563	}
564	}
565
566	pub unsafe fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long {
567	SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, larg:t, parg:ptr::null_mut())
568	}
569
570	pub unsafe fn SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long {
571	SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, larg:`0`, parg:ptr::null_mut())
572	}
573
574	pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long {
575	SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, larg:m, parg:ptr::null_mut())
576	}
577
578	pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long {
579	SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, larg:m, parg:ptr::null_mut())
580	}
581
582	#[allow(clashing_extern_declarations)]
583	unsafeextern "C" {
584	#[deprecated(note = "use SSL_CTX_set_tmp_dh_callback__fixed_rust instead")]
585	pub unsafefn SSL_CTX_set_tmp_dh_callback(
586	ctx: *mut SSL_CTX,
587	dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
588	);
589	#[deprecated(note = "use SSL_set_tmp_dh_callback__fixed_rust instead")]
590	pub unsafefn SSL_set_tmp_dh_callback(
591	ctx: *mut SSL,
592	dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
593	);
594	#[deprecated(note = "use SSL_CTX_set_tmp_ecdh_callback__fixed_rust instead")]
595	#[cfg(not(ossl110))]
596	pub fn SSL_CTX_set_tmp_ecdh_callback(
597	ctx: *mut SSL_CTX,
598	ecdh: unsafe extern "C" fn(
599	ssl: *mut SSL,
600	is_export: c_int,
601	keylength: c_int,
602	) -> *mut EC_KEY,
603	);
604	#[deprecated(note = "use SSL_set_tmp_ecdh_callback__fixed_rust instead")]
605	#[cfg(not(ossl110))]
606	pub fn SSL_set_tmp_ecdh_callback(
607	ssl: *mut SSL,
608	ecdh: unsafe extern "C" fn(
609	ssl: *mut SSL,
610	is_export: c_int,
611	keylength: c_int,
612	) -> *mut EC_KEY,
613	);
614
615	#[deprecated(note = "use SSL_CTX_callback_ctrl__fixed_rust instead")]
616	pub unsafefn SSL_CTX_callback_ctrl(
617	ctx: *mut SSL_CTX,
618	cmd: c_int,
619	fp: Option<extern "C" fn()>,
620	) -> c_long;
621
622	#[deprecated(note = "use SSL_CTX_set_alpn_select_cb__fixed_rust instead")]
623	#[cfg(any(ossl102, libressl261))]
624	pub unsafefn SSL_CTX_set_alpn_select_cb(
625	ssl: *mut SSL_CTX,
626	cb: extern "C" fn(
627	ssl: *mut SSL,
628	out: *mut *const c_uchar,
629	outlen: *mut c_uchar,
630	inbuf: *const c_uchar,
631	inlen: c_uint,
632	arg: *mut c_void,
633	) -> c_int,
634	arg: *mut c_void,
635	);
636	}
637
638	#[cfg(not(ossl110))]
639	pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int {
640	SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, `0`, ptr::null_mut()) as c_int
641	}
642
643	#[cfg(ossl110)]
644	pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = `0x00200000`;
645	#[cfg(ossl111b)]
646	pub const OPENSSL_INIT_NO_ATEXIT: u64 = `0x00080000`;
647
648	cfg_if! {
649	if #[cfg(ossl330)] {
650	pub const SSL_VALUE_CLASS_GENERIC: c_uint = `0`;
651	pub const SSL_VALUE_CLASS_FEATURE_REQUEST: c_uint = `1`;
652	pub const SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: c_uint = `2`;
653	pub const SSL_VALUE_CLASS_FEATURE_NEGOTIATED: c_uint = `3`;
654
655	pub const SSL_VALUE_NONE: c_uint = `0`;
656	pub const SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: c_uint = `1`;
657	pub const SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: c_uint = `2`;
658	pub const SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: c_uint = `3`;
659	pub const SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: c_uint = `4`;
660	pub const SSL_VALUE_QUIC_IDLE_TIMEOUT: c_uint = `5`;
661	pub const SSL_VALUE_EVENT_HANDLING_MODE: c_uint = `6`;
662	pub const SSL_VALUE_STREAM_WRITE_BUF_SIZE: c_uint = `7`;
663	pub const SSL_VALUE_STREAM_WRITE_BUF_USED: c_uint = `8`;
664	pub const SSL_VALUE_STREAM_WRITE_BUF_AVAIL: c_uint = `9`;
665
666	pub const SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: c_uint = `0`;
667	pub const SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: c_uint = `1`;
668	pub const SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: c_uint = `2`;
669
670	pub unsafe fn SSL_get_generic_value_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
671	SSL_get_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
672	}
673	pub unsafe fn SSL_set_generic_value_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
674	SSL_set_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
675	}
676	pub unsafe fn SSL_get_feature_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
677	SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
678	}
679	pub unsafe fn SSL_set_feature_request_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
680	SSL_set_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
681	}
682	pub unsafe fn SSL_get_feature_peer_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
683	SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, id, value)
684	}
685	pub unsafe fn SSL_get_feature_negotiated_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
686	SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_NEGOTIATED, id, value)
687	}
688	pub unsafe fn SSL_get_quic_stream_bidi_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
689	SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, value)
690	}
691	pub unsafe fn SSL_get_quic_stream_bidi_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
692	SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, value)
693	}
694	pub unsafe fn SSL_get_quic_stream_uni_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
695	SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, value)
696	}
697	pub unsafe fn SSL_get_quic_stream_uni_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
698	SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, value)
699	}
700	pub unsafe fn SSL_get_event_handling_mode(ssl: *mut SSL, value: *mut u64) -> c_int {
701	SSL_get_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
702	}
703	pub unsafe fn SSL_set_event_handling_mode(ssl: *mut SSL, value: u64) -> c_int {
704	SSL_set_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
705	}
706	pub unsafe fn SSL_get_stream_write_buf_size(ssl: *mut SSL, value: *mut u64) -> c_int {
707	SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_SIZE, value)
708	}
709	pub unsafe fn SSL_get_stream_write_buf_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
710	SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_AVAIL, value)
711	}
712	pub unsafe fn SSL_get_stream_write_buf_used(ssl: *mut SSL, value: *mut u64) -> c_int {
713	SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_USED, value)
714	}
715	}
716	}
717