1use libc::*;
2use std::ptr;
3
4use super::*;
5
6#[cfg(not(ossl110))]
7pub const SSL_MAX_KRB5_PRINCIPAL_LENGTH: c_int = 256;
8
9#[cfg(not(ossl110))]
10pub const SSL_MAX_SSL_SESSION_ID_LENGTH: c_int = 32;
11#[cfg(not(ossl110))]
12pub const SSL_MAX_SID_CTX_LENGTH: c_int = 32;
13
14#[cfg(not(ossl110))]
15pub const SSL_MAX_KEY_ARG_LENGTH: c_int = 8;
16#[cfg(not(ossl110))]
17pub const SSL_MAX_MASTER_KEY_LENGTH: c_int = 48;
18
19pub const SSL_SENT_SHUTDOWN: c_int = 1;
20pub const SSL_RECEIVED_SHUTDOWN: c_int = 2;
21
22pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
23pub const SSL_FILETYPE_ASN1: c_int = X509_FILETYPE_ASN1;
24
25#[cfg(ossl111)]
26pub const SSL_EXT_TLS_ONLY: c_uint = 0x0001;
27#[cfg(ossl111)]
29pub const SSL_EXT_DTLS_ONLY: c_uint = 0x0002;
30#[cfg(ossl111)]
32pub const SSL_EXT_TLS_IMPLEMENTATION_ONLY: c_uint = 0x0004;
33#[cfg(ossl111)]
35pub const SSL_EXT_SSL3_ALLOWED: c_uint = 0x0008;
36#[cfg(ossl111)]
38pub const SSL_EXT_TLS1_2_AND_BELOW_ONLY: c_uint = 0x0010;
39#[cfg(ossl111)]
41pub const SSL_EXT_TLS1_3_ONLY: c_uint = 0x0020;
42#[cfg(ossl111)]
44pub const SSL_EXT_IGNORE_ON_RESUMPTION: c_uint = 0x0040;
45#[cfg(ossl111)]
46pub const SSL_EXT_CLIENT_HELLO: c_uint = 0x0080;
47#[cfg(ossl111)]
49pub const SSL_EXT_TLS1_2_SERVER_HELLO: c_uint = 0x0100;
50#[cfg(ossl111)]
51pub const SSL_EXT_TLS1_3_SERVER_HELLO: c_uint = 0x0200;
52#[cfg(ossl111)]
53pub const SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS: c_uint = 0x0400;
54#[cfg(ossl111)]
55pub const SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST: c_uint = 0x0800;
56#[cfg(ossl111)]
57pub const SSL_EXT_TLS1_3_CERTIFICATE: c_uint = 0x1000;
58#[cfg(ossl111)]
59pub const SSL_EXT_TLS1_3_NEW_SESSION_TICKET: c_uint = 0x2000;
60#[cfg(ossl111)]
61pub const SSL_EXT_TLS1_3_CERTIFICATE_REQUEST: c_uint = 0x4000;
62
63cfg_if! {
64 if #[cfg(ossl300)] {
65 macro_rules! ssl_op_type {
66 () => {u64};
67 }
68 } else {
69 macro_rules! ssl_op_type {
70 () => {c_ulong};
71 }
72 }
73}
74
75pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004;
76cfg_if! {
77 if #[cfg(libressl)] {
78 pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0;
79 } else if #[cfg(ossl102)] {
80 pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x10;
81 }
82}
83#[cfg(ossl102)]
84pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: ssl_op_type!() = 0x00000040;
85
86pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: ssl_op_type!() = 0x00000800;
87
88pub const SSL_OP_NO_QUERY_MTU: ssl_op_type!() = 0x00001000;
89pub const SSL_OP_COOKIE_EXCHANGE: ssl_op_type!() = 0x00002000;
90pub const SSL_OP_NO_TICKET: ssl_op_type!() = 0x00004000;
91cfg_if! {
92 if #[cfg(ossl102)] {
93 pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x00008000;
94 } else {
95 pub const SSL_OP_CISCO_ANYCONNECT: ssl_op_type!() = 0x0;
96 }
97}
98
99pub const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: ssl_op_type!() = 0x00010000;
100cfg_if! {
101 if #[cfg(ossl102)] {
102 pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x00020000;
103 pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x00040000;
104 } else {
105 pub const SSL_OP_NO_COMPRESSION: ssl_op_type!() = 0x0;
106 pub const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: ssl_op_type!() = 0x0;
107 }
108}
109
110#[cfg(ossl111)]
111pub const SSL_OP_ENABLE_MIDDLEBOX_COMPAT: ssl_op_type!() = 0x00100000;
112#[cfg(ossl111)]
113pub const SSL_OP_PRIORITIZE_CHACHA: ssl_op_type!() = 0x00200000;
114
115pub const SSL_OP_CIPHER_SERVER_PREFERENCE: ssl_op_type!() = 0x00400000;
116cfg_if! {
117 if #[cfg(libressl)] {
118 pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0;
119 } else {
120 pub const SSL_OP_TLS_ROLLBACK_BUG: ssl_op_type!() = 0x00800000;
121 }
122}
123
124cfg_if! {
125 if #[cfg(ossl102)] {
126 pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x02000000;
127 } else {
128 pub const SSL_OP_NO_SSLv3: ssl_op_type!() = 0x0;
129 }
130}
131pub const SSL_OP_NO_TLSv1_1: ssl_op_type!() = 0x10000000;
132pub const SSL_OP_NO_TLSv1_2: ssl_op_type!() = 0x08000000;
133
134pub const SSL_OP_NO_TLSv1: ssl_op_type!() = 0x04000000;
135cfg_if! {
136 if #[cfg(ossl102)] {
137 pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x04000000;
138 pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x08000000;
139 } else if #[cfg(libressl)] {
140 pub const SSL_OP_NO_DTLSv1: ssl_op_type!() = 0x40000000;
141 pub const SSL_OP_NO_DTLSv1_2: ssl_op_type!() = 0x80000000;
142 }
143}
144#[cfg(any(ossl111, libressl))]
145pub const SSL_OP_NO_TLSv1_3: ssl_op_type!() = 0x20000000;
146
147#[cfg(ossl110h)]
148pub const SSL_OP_NO_RENEGOTIATION: ssl_op_type!() = 0x40000000;
149
150cfg_if! {
151 if #[cfg(ossl111)] {
152 pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() = SSL_OP_NO_SSLv2
153 | SSL_OP_NO_SSLv3
154 | SSL_OP_NO_TLSv1
155 | SSL_OP_NO_TLSv1_1
156 | SSL_OP_NO_TLSv1_2
157 | SSL_OP_NO_TLSv1_3;
158 } else if #[cfg(ossl102)] {
159 pub const SSL_OP_NO_SSL_MASK: ssl_op_type!() =
160 SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
161 }
162}
163
164cfg_if! {
165 if #[cfg(libressl)] {
166 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x0;
167 } else {
168 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: ssl_op_type!() = 0x80000000;
169 }
170}
171
172cfg_if! {
173 if #[cfg(ossl300)] {
174 pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
175 | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
176 | SSL_OP_TLSEXT_PADDING
177 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
178 } else if #[cfg(ossl110f)] {
179 pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
180 | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
181 | SSL_OP_LEGACY_SERVER_CONNECT
182 | SSL_OP_TLSEXT_PADDING
183 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
184 } else if #[cfg(libressl)] {
185 pub const SSL_OP_ALL: ssl_op_type!() = 0x4;
186 } else {
187 pub const SSL_OP_ALL: ssl_op_type!() = 0x80000BFF;
188 }
189}
190
191cfg_if! {
192 if #[cfg(ossl110)] {
193 pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x00000000;
194 pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x00000000;
195 pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x00000000;
196 pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x00000000;
197 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x00000000;
198 pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x00000000;
199 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x00000000;
200 pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00000000;
201 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00000000;
202 pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x00000000;
203 } else if #[cfg(ossl102)] {
204 pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x00000001;
205 pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x00000002;
206 pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x00000008;
207 pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x00000020;
208 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x00000080;
209 pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x00000100;
210 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x00000200;
211 pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x00080000;
212 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000;
213 pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x01000000;
214 } else {
215 pub const SSL_OP_MICROSOFT_SESS_ID_BUG: ssl_op_type!() = 0x0;
216 pub const SSL_OP_NETSCAPE_CHALLENGE_BUG: ssl_op_type!() = 0x0;
217 pub const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: ssl_op_type!() = 0x0;
218 pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: ssl_op_type!() = 0x0;
219 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: ssl_op_type!() = 0x0;
220 pub const SSL_OP_TLS_D5_BUG: ssl_op_type!() = 0x0;
221 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: ssl_op_type!() = 0x0;
222 #[cfg(libressl)]
223 pub const SSL_OP_SINGLE_ECDH_USE: ssl_op_type!() = 0x0;
224 pub const SSL_OP_SINGLE_DH_USE: ssl_op_type!() = 0x00100000;
225 pub const SSL_OP_NO_SSLv2: ssl_op_type!() = 0x0;
226 }
227}
228
229pub const SSL_MODE_ENABLE_PARTIAL_WRITE: c_long = 0x1;
230pub const SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER: c_long = 0x2;
231pub const SSL_MODE_AUTO_RETRY: c_long = 0x4;
232pub const SSL_MODE_NO_AUTO_CHAIN: c_long = 0x8;
233pub const SSL_MODE_RELEASE_BUFFERS: c_long = 0x10;
234#[cfg(ossl102)]
235pub const SSL_MODE_SEND_CLIENTHELLO_TIME: c_long = 0x20;
236#[cfg(ossl102)]
237pub const SSL_MODE_SEND_SERVERHELLO_TIME: c_long = 0x40;
238#[cfg(ossl102)]
239pub const SSL_MODE_SEND_FALLBACK_SCSV: c_long = 0x80;
240
241pub unsafe fn SSL_CTX_set_mode(ctx: *mut SSL_CTX, op: c_long) -> c_long {
242 SSL_CTX_ctrl(ctx, SSL_CTRL_MODE, op, ptr::null_mut())
243}
244
245#[cfg(ossl111)]
246pub const SSL_COOKIE_LENGTH: c_int = 4096;
247
248cfg_if! {
249 if #[cfg(not(ossl110))] {
250 pub unsafe fn SSL_CTX_get_options(ctx: *const SSL_CTX) -> c_ulong {
251 SSL_CTX_ctrl(ctx as *mut _, SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
252 }
253
254 pub unsafe fn SSL_CTX_set_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
255 SSL_CTX_ctrl(
256 ctx as *mut _,
257 SSL_CTRL_OPTIONS,
258 op as c_long,
259 ptr::null_mut(),
260 ) as c_ulong
261 }
262
263 pub unsafe fn SSL_CTX_clear_options(ctx: *const SSL_CTX, op: c_ulong) -> c_ulong {
264 SSL_CTX_ctrl(
265 ctx as *mut _,
266 SSL_CTRL_CLEAR_OPTIONS,
267 op as c_long,
268 ptr::null_mut(),
269 ) as c_ulong
270 }
271 }
272}
273
274pub unsafe fn SSL_set_mtu(ssl: *mut SSL, mtu: c_long) -> c_long {
275 SSL_ctrl(ssl, SSL_CTRL_SET_MTU, mtu, ptr::null_mut())
276}
277
278#[cfg(ossl110)]
279pub unsafe fn SSL_get_extms_support(ssl: *mut SSL) -> c_long {
280 SSL_ctrl(ssl, SSL_CTRL_GET_EXTMS_SUPPORT, 0, ptr::null_mut())
281}
282
283pub const SSL_SESS_CACHE_OFF: c_long = 0x0;
284pub const SSL_SESS_CACHE_CLIENT: c_long = 0x1;
285pub const SSL_SESS_CACHE_SERVER: c_long = 0x2;
286pub const SSL_SESS_CACHE_BOTH: c_long = SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_SERVER;
287pub const SSL_SESS_CACHE_NO_AUTO_CLEAR: c_long = 0x80;
288pub const SSL_SESS_CACHE_NO_INTERNAL_LOOKUP: c_long = 0x100;
289pub const SSL_SESS_CACHE_NO_INTERNAL_STORE: c_long = 0x200;
290pub const SSL_SESS_CACHE_NO_INTERNAL: c_long =
291 SSL_SESS_CACHE_NO_INTERNAL_LOOKUP | SSL_SESS_CACHE_NO_INTERNAL_STORE;
292
293pub const OPENSSL_NPN_UNSUPPORTED: c_int = 0;
294pub const OPENSSL_NPN_NEGOTIATED: c_int = 1;
295pub const OPENSSL_NPN_NO_OVERLAP: c_int = 2;
296
297pub const SSL_AD_ILLEGAL_PARAMETER: c_int = SSL3_AD_ILLEGAL_PARAMETER;
298pub const SSL_AD_DECODE_ERROR: c_int = TLS1_AD_DECODE_ERROR;
299pub const SSL_AD_UNRECOGNIZED_NAME: c_int = TLS1_AD_UNRECOGNIZED_NAME;
300pub const SSL_ERROR_NONE: c_int = 0;
301pub const SSL_ERROR_SSL: c_int = 1;
302pub const SSL_ERROR_SYSCALL: c_int = 5;
303pub const SSL_ERROR_WANT_ACCEPT: c_int = 8;
304pub const SSL_ERROR_WANT_CONNECT: c_int = 7;
305pub const SSL_ERROR_WANT_READ: c_int = 2;
306pub const SSL_ERROR_WANT_WRITE: c_int = 3;
307pub const SSL_ERROR_WANT_X509_LOOKUP: c_int = 4;
308pub const SSL_ERROR_ZERO_RETURN: c_int = 6;
309#[cfg(ossl111)]
310pub const SSL_ERROR_WANT_CLIENT_HELLO_CB: c_int = 11;
311pub const SSL_VERIFY_NONE: c_int = 0;
312pub const SSL_VERIFY_PEER: c_int = 1;
313pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
314#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
315pub const SSL_CTRL_SET_TMP_DH: c_int = 3;
316#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
317pub const SSL_CTRL_SET_TMP_ECDH: c_int = 4;
318#[cfg(any(libressl, all(ossl102, not(ossl110))))]
319pub const SSL_CTRL_GET_SESSION_REUSED: c_int = 8;
320pub const SSL_CTRL_EXTRA_CHAIN_CERT: c_int = 14;
321pub const SSL_CTRL_SET_MTU: c_int = 17;
322#[cfg(any(libressl, all(ossl102, not(ossl110))))]
323pub const SSL_CTRL_OPTIONS: c_int = 32;
324pub const SSL_CTRL_MODE: c_int = 33;
325pub const SSL_CTRL_SET_READ_AHEAD: c_int = 41;
326pub const SSL_CTRL_SET_SESS_CACHE_SIZE: c_int = 42;
327pub const SSL_CTRL_GET_SESS_CACHE_SIZE: c_int = 43;
328pub const SSL_CTRL_SET_SESS_CACHE_MODE: c_int = 44;
329pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: c_int = 53;
330pub const SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: c_int = 54;
331pub const SSL_CTRL_SET_TLSEXT_HOSTNAME: c_int = 55;
332pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: c_int = 63;
333pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: c_int = 64;
334pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: c_int = 65;
335pub const SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 70;
336pub const SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: c_int = 71;
337#[cfg(any(libressl, all(ossl102, not(ossl110))))]
338pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
339pub const SSL_CTRL_GET_EXTRA_CHAIN_CERTS: c_int = 82;
340#[cfg(ossl102)]
341pub const SSL_CTRL_CHAIN_CERT: c_int = 89;
342#[cfg(any(ossl111, libressl))]
343pub const SSL_CTRL_SET_GROUPS_LIST: c_int = 92;
344#[cfg(any(libressl, all(ossl102, not(ossl110))))]
345pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
346#[cfg(ossl102)]
347pub const SSL_CTRL_SET_SIGALGS_LIST: c_int = 98;
348#[cfg(ossl102)]
349pub const SSL_CTRL_SET_VERIFY_CERT_STORE: c_int = 106;
350#[cfg(ossl300)]
351pub const SSL_CTRL_GET_PEER_TMP_KEY: c_int = 109;
352#[cfg(ossl110)]
353pub const SSL_CTRL_SET_DH_AUTO: c_int = 118;
354#[cfg(ossl110)]
355pub const SSL_CTRL_GET_EXTMS_SUPPORT: c_int = 122;
356#[cfg(any(ossl110, libressl))]
357pub const SSL_CTRL_SET_MIN_PROTO_VERSION: c_int = 123;
358#[cfg(any(ossl110, libressl))]
359pub const SSL_CTRL_SET_MAX_PROTO_VERSION: c_int = 124;
360#[cfg(any(ossl110g, libressl))]
361pub const SSL_CTRL_GET_MIN_PROTO_VERSION: c_int = 130;
362#[cfg(any(ossl110g, libressl))]
363pub const SSL_CTRL_GET_MAX_PROTO_VERSION: c_int = 131;
364#[cfg(ossl300)]
365pub const SSL_CTRL_GET_TMP_KEY: c_int = 133;
366
367#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
368pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long {
369 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
370}
371
372#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
373pub unsafe fn SSL_CTX_set_tmp_ecdh(ctx: *mut SSL_CTX, key: *mut EC_KEY) -> c_long {
374 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
375}
376
377#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
378pub unsafe fn SSL_set_tmp_dh(ssl: *mut SSL, dh: *mut DH) -> c_long {
379 SSL_ctrl(ssl, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
380}
381
382#[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
383pub unsafe fn SSL_set_tmp_ecdh(ssl: *mut SSL, key: *mut EC_KEY) -> c_long {
384 SSL_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH, 0, key as *mut c_void)
385}
386
387#[cfg(ossl110)]
388pub unsafe fn SSL_CTX_set_dh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_long {
389 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut())
390}
391
392#[cfg(ossl110)]
393pub unsafe fn SSL_set_dh_auto(ssl: *mut SSL, onoff: c_int) -> c_long {
394 SSL_ctrl(ssl, SSL_CTRL_SET_DH_AUTO, onoff as c_long, ptr::null_mut())
395}
396
397pub unsafe fn SSL_CTX_add_extra_chain_cert(ctx: *mut SSL_CTX, x509: *mut X509) -> c_long {
398 SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509 as *mut c_void)
399}
400
401pub unsafe fn SSL_CTX_get_extra_chain_certs(
402 ctx: *mut SSL_CTX,
403 chain: *mut *mut stack_st_X509,
404) -> c_long {
405 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, chain as *mut c_void)
406}
407
408#[cfg(ossl102)]
409pub unsafe fn SSL_CTX_set0_verify_cert_store(ctx: *mut SSL_CTX, st: *mut X509_STORE) -> c_long {
410 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
411}
412
413#[cfg(ossl102)]
414pub unsafe fn SSL_set0_verify_cert_store(ssl: *mut SSL, st: *mut X509_STORE) -> c_long {
415 SSL_ctrl(ssl, SSL_CTRL_SET_VERIFY_CERT_STORE, 0, st as *mut c_void)
416}
417
418cfg_if! {
419 if #[cfg(ossl111)] {
420 pub unsafe fn SSL_set1_groups_list(ctx: *mut SSL, s: *const c_char) -> c_long {
421 SSL_ctrl(
422 ctx,
423 SSL_CTRL_SET_GROUPS_LIST,
424 0,
425 s as *const c_void as *mut c_void,
426 )
427 }
428 pub unsafe fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
429 SSL_CTX_ctrl(
430 ctx,
431 SSL_CTRL_SET_GROUPS_LIST,
432 0,
433 s as *const c_void as *mut c_void,
434 )
435 }
436 } else if #[cfg(libressl)] {
437 extern "C" {
438 pub fn SSL_set1_groups_list(ctx: *mut SSL, list: *const c_char) -> c_int;
439 pub fn SSL_CTX_set1_groups_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_int;
440 }
441 }
442}
443
444#[cfg(ossl102)]
445pub unsafe fn SSL_add0_chain_cert(ssl: *mut SSL, ptr: *mut X509) -> c_long {
446 SSL_ctrl(ssl, SSL_CTRL_CHAIN_CERT, 0, ptr as *mut c_void)
447}
448
449#[cfg(ossl102)]
450pub unsafe fn SSL_CTX_set1_sigalgs_list(ctx: *mut SSL_CTX, s: *const c_char) -> c_long {
451 SSL_CTX_ctrl(
452 ctx,
453 SSL_CTRL_SET_SIGALGS_LIST,
454 0,
455 s as *const c_void as *mut c_void,
456 )
457}
458
459#[cfg(any(libressl, all(ossl102, not(ossl110))))]
460pub unsafe fn SSL_CTX_set_ecdh_auto(ctx: *mut SSL_CTX, onoff: c_int) -> c_int {
461 SSL_CTX_ctrl(
462 ctx,
463 SSL_CTRL_SET_ECDH_AUTO,
464 onoff as c_long,
465 ptr::null_mut(),
466 ) as c_int
467}
468
469#[cfg(any(libressl, all(ossl102, not(ossl110))))]
470pub unsafe fn SSL_set_ecdh_auto(ssl: *mut SSL, onoff: c_int) -> c_int {
471 SSL_ctrl(
472 ssl,
473 SSL_CTRL_SET_ECDH_AUTO,
474 onoff as c_long,
475 ptr::null_mut(),
476 ) as c_int
477}
478
479cfg_if! {
480 if #[cfg(ossl110)] {
481 pub unsafe fn SSL_CTX_set_min_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
482 SSL_CTX_ctrl(
483 ctx,
484 SSL_CTRL_SET_MIN_PROTO_VERSION,
485 version as c_long,
486 ptr::null_mut(),
487 ) as c_int
488 }
489
490 pub unsafe fn SSL_CTX_set_max_proto_version(ctx: *mut SSL_CTX, version: c_int) -> c_int {
491 SSL_CTX_ctrl(
492 ctx,
493 SSL_CTRL_SET_MAX_PROTO_VERSION,
494 version as c_long,
495 ptr::null_mut(),
496 ) as c_int
497 }
498
499 pub unsafe fn SSL_set_min_proto_version(s: *mut SSL, version: c_int) -> c_int {
500 SSL_ctrl(
501 s,
502 SSL_CTRL_SET_MIN_PROTO_VERSION,
503 version as c_long,
504 ptr::null_mut(),
505 ) as c_int
506 }
507
508 pub unsafe fn SSL_set_max_proto_version(s: *mut SSL, version: c_int) -> c_int {
509 SSL_ctrl(
510 s,
511 SSL_CTRL_SET_MAX_PROTO_VERSION,
512 version as c_long,
513 ptr::null_mut(),
514 ) as c_int
515 }
516 }
517}
518
519cfg_if! {
520 if #[cfg(ossl110g)] {
521 pub unsafe fn SSL_CTX_get_min_proto_version(ctx: *mut SSL_CTX) -> c_int {
522 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
523 }
524
525 pub unsafe fn SSL_CTX_get_max_proto_version(ctx: *mut SSL_CTX) -> c_int {
526 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
527 }
528 pub unsafe fn SSL_get_min_proto_version(s: *mut SSL) -> c_int {
529 SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, ptr::null_mut()) as c_int
530 }
531 pub unsafe fn SSL_get_max_proto_version(s: *mut SSL) -> c_int {
532 SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, ptr::null_mut()) as c_int
533 }
534 }
535}
536cfg_if! {
537 if #[cfg(ossl300)] {
538 pub unsafe fn SSL_get_peer_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
539 SSL_ctrl(ssl, SSL_CTRL_GET_PEER_TMP_KEY, 0, key as *mut c_void)
540 }
541
542 pub unsafe fn SSL_get_tmp_key(ssl: *mut SSL, key: *mut *mut EVP_PKEY) -> c_long {
543 SSL_ctrl(ssl, SSL_CTRL_GET_TMP_KEY, 0, key as *mut c_void)
544 }
545 }
546}
547
548#[cfg(ossl111)]
549pub const SSL_CLIENT_HELLO_SUCCESS: c_int = 1;
550#[cfg(ossl111)]
551pub const SSL_CLIENT_HELLO_ERROR: c_int = 0;
552#[cfg(ossl111)]
553pub const SSL_CLIENT_HELLO_RETRY: c_int = -1;
554
555#[cfg(any(ossl111, libressl))]
556pub const SSL_READ_EARLY_DATA_ERROR: c_int = 0;
557#[cfg(any(ossl111, libressl))]
558pub const SSL_READ_EARLY_DATA_SUCCESS: c_int = 1;
559#[cfg(any(ossl111, libressl))]
560pub const SSL_READ_EARLY_DATA_FINISH: c_int = 2;
561
562cfg_if! {
563 if #[cfg(ossl110)] {
564 pub unsafe fn SSL_get_ex_new_index(
565 l: c_long,
566 p: *mut c_void,
567 newf: Option<CRYPTO_EX_new>,
568 dupf: Option<CRYPTO_EX_dup>,
569 freef: Option<CRYPTO_EX_free>,
570 ) -> c_int {
571 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
572 }
573 }
574}
575cfg_if! {
576 if #[cfg(ossl110)] {
577 pub unsafe fn SSL_CTX_get_ex_new_index(
578 l: c_long,
579 p: *mut c_void,
580 newf: Option<CRYPTO_EX_new>,
581 dupf: Option<CRYPTO_EX_dup>,
582 freef: Option<CRYPTO_EX_free>,
583 ) -> c_int {
584 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
585 }
586 }
587}
588
589pub unsafe fn SSL_CTX_sess_set_cache_size(ctx: *mut SSL_CTX, t: c_long) -> c_long {
590 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, ptr::null_mut())
591}
592
593pub unsafe fn SSL_CTX_sess_get_cache_size(ctx: *mut SSL_CTX) -> c_long {
594 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, ptr::null_mut())
595}
596
597pub unsafe fn SSL_CTX_set_session_cache_mode(ctx: *mut SSL_CTX, m: c_long) -> c_long {
598 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_SESS_CACHE_MODE, m, ptr::null_mut())
599}
600
601pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long {
602 SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut())
603}
604
605#[allow(clashing_extern_declarations)]
606extern "C" {
607 #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
608 #[deprecated(note = "use SSL_CTX_set_tmp_dh_callback__fixed_rust instead")]
609 pub fn SSL_CTX_set_tmp_dh_callback(
610 ctx: *mut SSL_CTX,
611 dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
612 );
613 #[cfg(not(osslconf = "OPENSSL_NO_DEPRECATED_3_0"))]
614 #[deprecated(note = "use SSL_set_tmp_dh_callback__fixed_rust instead")]
615 pub fn SSL_set_tmp_dh_callback(
616 ctx: *mut SSL,
617 dh: unsafe extern "C" fn(ssl: *mut SSL, is_export: c_int, keylength: c_int) -> *mut DH,
618 );
619 #[deprecated(note = "use SSL_CTX_set_tmp_ecdh_callback__fixed_rust instead")]
620 #[cfg(not(ossl110))]
621 pub fn SSL_CTX_set_tmp_ecdh_callback(
622 ctx: *mut SSL_CTX,
623 ecdh: unsafe extern "C" fn(
624 ssl: *mut SSL,
625 is_export: c_int,
626 keylength: c_int,
627 ) -> *mut EC_KEY,
628 );
629 #[deprecated(note = "use SSL_set_tmp_ecdh_callback__fixed_rust instead")]
630 #[cfg(not(ossl110))]
631 pub fn SSL_set_tmp_ecdh_callback(
632 ssl: *mut SSL,
633 ecdh: unsafe extern "C" fn(
634 ssl: *mut SSL,
635 is_export: c_int,
636 keylength: c_int,
637 ) -> *mut EC_KEY,
638 );
639
640 #[deprecated(note = "use SSL_CTX_callback_ctrl__fixed_rust instead")]
641 pub fn SSL_CTX_callback_ctrl(
642 ctx: *mut SSL_CTX,
643 cmd: c_int,
644 fp: Option<extern "C" fn()>,
645 ) -> c_long;
646
647 #[deprecated(note = "use SSL_CTX_set_alpn_select_cb__fixed_rust instead")]
648 pub fn SSL_CTX_set_alpn_select_cb(
649 ssl: *mut SSL_CTX,
650 cb: extern "C" fn(
651 ssl: *mut SSL,
652 out: *mut *const c_uchar,
653 outlen: *mut c_uchar,
654 inbuf: *const c_uchar,
655 inlen: c_uint,
656 arg: *mut c_void,
657 ) -> c_int,
658 arg: *mut c_void,
659 );
660}
661
662#[cfg(not(ossl110))]
663pub unsafe fn SSL_session_reused(ssl: *mut SSL) -> c_int {
664 SSL_ctrl(ssl, SSL_CTRL_GET_SESSION_REUSED, 0, ptr::null_mut()) as c_int
665}
666
667#[cfg(ossl110)]
668pub const OPENSSL_INIT_LOAD_SSL_STRINGS: u64 = 0x00200000;
669#[cfg(ossl111b)]
670pub const OPENSSL_INIT_NO_ATEXIT: u64 = 0x00080000;
671
672cfg_if! {
673 if #[cfg(ossl330)] {
674 pub const SSL_VALUE_CLASS_GENERIC: c_uint = 0;
675 pub const SSL_VALUE_CLASS_FEATURE_REQUEST: c_uint = 1;
676 pub const SSL_VALUE_CLASS_FEATURE_PEER_REQUEST: c_uint = 2;
677 pub const SSL_VALUE_CLASS_FEATURE_NEGOTIATED: c_uint = 3;
678
679 pub const SSL_VALUE_NONE: c_uint = 0;
680 pub const SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL: c_uint = 1;
681 pub const SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL: c_uint = 2;
682 pub const SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL: c_uint = 3;
683 pub const SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL: c_uint = 4;
684 pub const SSL_VALUE_QUIC_IDLE_TIMEOUT: c_uint = 5;
685 pub const SSL_VALUE_EVENT_HANDLING_MODE: c_uint = 6;
686 pub const SSL_VALUE_STREAM_WRITE_BUF_SIZE: c_uint = 7;
687 pub const SSL_VALUE_STREAM_WRITE_BUF_USED: c_uint = 8;
688 pub const SSL_VALUE_STREAM_WRITE_BUF_AVAIL: c_uint = 9;
689
690 pub const SSL_VALUE_EVENT_HANDLING_MODE_INHERIT: c_uint = 0;
691 pub const SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT: c_uint = 1;
692 pub const SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT: c_uint = 2;
693
694 pub unsafe fn SSL_get_generic_value_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
695 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
696 }
697 pub unsafe fn SSL_set_generic_value_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
698 SSL_set_value_uint(ssl, SSL_VALUE_CLASS_GENERIC, id, value)
699 }
700 pub unsafe fn SSL_get_feature_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
701 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
702 }
703 pub unsafe fn SSL_set_feature_request_uint(ssl: *mut SSL, id: u32, value: u64) -> c_int {
704 SSL_set_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_REQUEST, id, value)
705 }
706 pub unsafe fn SSL_get_feature_peer_request_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
707 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, id, value)
708 }
709 pub unsafe fn SSL_get_feature_negotiated_uint(ssl: *mut SSL, id: u32, value: *mut u64) -> c_int {
710 SSL_get_value_uint(ssl, SSL_VALUE_CLASS_FEATURE_NEGOTIATED, id, value)
711 }
712 pub unsafe fn SSL_get_quic_stream_bidi_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
713 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_LOCAL_AVAIL, value)
714 }
715 pub unsafe fn SSL_get_quic_stream_bidi_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
716 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_BIDI_REMOTE_AVAIL, value)
717 }
718 pub unsafe fn SSL_get_quic_stream_uni_local_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
719 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_LOCAL_AVAIL, value)
720 }
721 pub unsafe fn SSL_get_quic_stream_uni_remote_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
722 SSL_get_generic_value_uint(ssl, SSL_VALUE_QUIC_STREAM_UNI_REMOTE_AVAIL, value)
723 }
724 pub unsafe fn SSL_get_event_handling_mode(ssl: *mut SSL, value: *mut u64) -> c_int {
725 SSL_get_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
726 }
727 pub unsafe fn SSL_set_event_handling_mode(ssl: *mut SSL, value: u64) -> c_int {
728 SSL_set_generic_value_uint(ssl, SSL_VALUE_EVENT_HANDLING_MODE, value)
729 }
730 pub unsafe fn SSL_get_stream_write_buf_size(ssl: *mut SSL, value: *mut u64) -> c_int {
731 SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_SIZE, value)
732 }
733 pub unsafe fn SSL_get_stream_write_buf_avail(ssl: *mut SSL, value: *mut u64) -> c_int {
734 SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_AVAIL, value)
735 }
736 pub unsafe fn SSL_get_stream_write_buf_used(ssl: *mut SSL, value: *mut u64) -> c_int {
737 SSL_get_generic_value_uint(ssl, SSL_VALUE_STREAM_WRITE_BUF_USED, value)
738 }
739 }
740}