#ifdef __cplusplus}#endif#ifdef  __cplusplusextern "C" {#endif#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)#define OPENSSL_NO_SSL2#endif#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM/* This is needed to stop compilers complaining about the * 'struct ssl_st *' function parameters used to prototype callbacks * in SSL_CTX. */typedef struct ssl_st *ssl_crock_st;/* used to hold info on the particular ciphers used */typedef struct ssl_cipher_st	{	int valid;	const char *name;		/* text name */	unsigned long id;		/* id, 4 bytes, first is version */	unsigned long algorithms;	/* what ciphers are used */	unsigned long algo_strength;	/* strength and export flags */	unsigned long algorithm2;	/* Extra flags */	int strength_bits;		/* Number of bits really used */	int alg_bits;			/* Number of bits for algorithm */	unsigned long mask;		/* used for matching */	unsigned long mask_strength;	/* also used for matching */	} SSL_CIPHER;DECLARE_STACK_OF(SSL_CIPHER)/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */typedef struct ssl_method_st	{	int version;	int (*ssl_new)(SSL *s);	void (*ssl_clear)(SSL *s);	void (*ssl_free)(SSL *s);	int (*ssl_accept)(SSL *s);	int (*ssl_connect)(SSL *s);	int (*ssl_read)(SSL *s,void *buf,int len);	int (*ssl_peek)(SSL *s,void *buf,int len);	int (*ssl_write)(SSL *s,const void *buf,int len);	int (*ssl_shutdown)(SSL *s);	int (*ssl_renegotiate)(SSL *s);	int (*ssl_renegotiate_check)(SSL *s);	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long		max, int *ok);	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 		int peek);	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);	int (*ssl_dispatch_alert)(SSL *s);	long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);	SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);	int (*ssl_pending)(const SSL *s);	int (*num_ciphers)(void);	SSL_CIPHER *(*get_cipher)(unsigned ncipher);	struct ssl_method_st *(*get_ssl_method)(int version);	long (*get_timeout)(void);	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */	int (*ssl_version)(void);	long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));	long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));	} SSL_METHOD;/* Lets make this into an ASN.1 type structure as follows * SSL_SESSION_ID ::= SEQUENCE { *	version 		INTEGER,	-- structure version number *	SSLversion 		INTEGER,	-- SSL version number *	Cipher 			OCTET_STRING,	-- the 3 byte cipher ID *	Session_ID 		OCTET_STRING,	-- the Session ID *	Master_key 		OCTET_STRING,	-- the master key *	KRB5_principal		OCTET_STRING	-- optional Kerberos principal *	Key_Arg [ 0 ] IMPLICIT	OCTET_STRING,	-- the optional Key argument *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate *	Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context *	Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer' *	Compression [6] IMPLICIT ASN1_OBJECT	-- compression OID XXXXX *	} * Look in ssl/ssl_asn1.c for more details * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). */typedef struct ssl_session_st	{	int ssl_version;	/* what ssl version session info is				 * being kept in here? */	/* only really used in SSLv2 */	unsigned int key_arg_length;	unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];	int master_key_length;	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];	/* session_id - valid? */	unsigned int session_id_length;	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];	/* this is used to determine whether the session is being reused in	 * the appropriate context. It is up to the application to set this,	 * via SSL_new */	unsigned int sid_ctx_length;	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];#ifndef OPENSSL_NO_KRB5        unsigned int krb5_client_princ_len;        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];#endif /* OPENSSL_NO_KRB5 */	int not_resumable;	/* The cert is the certificate used to establish this connection */	struct sess_cert_st /* SESS_CERT */ *sess_cert;	/* This is the cert for the other end.	 * On clients, it will be the same as sess_cert->peer_key->x509	 * (the latter is not enough as sess_cert is not retained	 * in the external representation of sessions, see ssl_asn1.c). */	X509 *peer;	/* when app_verify_callback accepts a session where the peer's certificate	 * is not ok, we must remember the error for session reuse: */	long verify_result; /* only for servers */	int references;	long timeout;	long time;	int compress_meth;		/* Need to lookup the method */	SSL_CIPHER *cipher;	unsigned long cipher_id;	/* when ASN.1 loaded, this					 * needs to be used to load					 * the 'cipher' structure */	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */	CRYPTO_EX_DATA ex_data; /* application specific data */	/* These are used to make removal of session-ids more	 * efficient and to implement a maximum cache size. */	struct ssl_session_st *prev,*next;#ifndef OPENSSL_NO_TLSEXT	char *tlsext_hostname;	/* RFC4507 info */	unsigned char *tlsext_tick;	/* Session ticket */	size_t	tlsext_ticklen;		/* Session ticket length */		long tlsext_tick_lifetime_hint;	/* Session lifetime hint in seconds */#endif	} SSL_SESSION;#define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L#define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L#define SSL_OP_TLS_D5_BUG				0x00000100L#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d.  Usually (depending on the application protocol) * the workaround is not needed.  Unfortunately some broken SSL/TLS * implementations cannot handle it at all, which is why we include * it in SSL_OP_ALL. */#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e *//* SSL_OP_ALL: various bug workarounds that should be rather harmless. *             This used to be 0x000FFFFFL before 0.9.7. */#define SSL_OP_ALL					0x00000FFFL/* DTLS options */#define SSL_OP_NO_QUERY_MTU                 0x00001000L/* Turn on Cookie Exchange (on relevant for servers) */#define SSL_OP_COOKIE_EXCHANGE              0x00002000L/* Don't use RFC4507 ticket extension */#define SSL_OP_NO_TICKET	            0x00004000L/* As server, disallow session resumption on renegotiation */#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L/* If set, always create a new key when using tmp_ecdh parameters */#define SSL_OP_SINGLE_ECDH_USE				0x00080000L/* If set, always create a new key when using tmp_dh parameters */#define SSL_OP_SINGLE_DH_USE				0x00100000L/* Set to always use the tmp_rsa key when doing RSA operations, * even when this violates protocol specs */#define SSL_OP_EPHEMERAL_RSA				0x00200000L/* Set on servers to choose the cipher according to the server's * preferences */#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L/* If set, a server will allow a client to issue a SSLv3.0 version number * as latest version supported in the premaster secret, even when TLSv1.0 * (version 3.1) was announced in the client hello. Normally this is * forbidden to prevent version rollback attacks. */#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L#define SSL_OP_NO_SSLv2					0x01000000L#define SSL_OP_NO_SSLv3					0x02000000L#define SSL_OP_NO_TLSv1					0x04000000L/* The next flag deliberately changes the ciphertest, this is a check * for the PKCS#1 attack */#define SSL_OP_PKCS1_CHECK_1				0x08000000L#define SSL_OP_PKCS1_CHECK_2				0x10000000L#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success * when just a single record has been written): */#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L/* Make it possible to retry SSL_write() with changed buffer location * (buffer contents must stay the same!); this is not the default to avoid * the misconception that non-blocking SSL_write() behaves like * non-blocking write(): */#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L/* Never bother the application with retries if the transport * is blocking: */#define SSL_MODE_AUTO_RETRY 0x00000004L/* Don't attempt to automatically build certificate chain */#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */#define SSL_CTX_set_options(ctx,op) \	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)#define SSL_CTX_get_options(ctx) \	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)#define SSL_set_options(ssl,op) \	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)#define SSL_get_options(ssl) \        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)#define SSL_CTX_set_mode(ctx,op) \	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)#define SSL_CTX_get_mode(ctx) \	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)#define SSL_set_mode(ssl,op) \	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)#define SSL_get_mode(ssl) \        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)#define SSL_set_mtu(ssl, mtu) \        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */#else#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */#endif#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)/* This callback type is used inside SSL_CTX, SSL, and in the functions that set * them. It is used to override the generation of SSL/TLS session IDs in a * server. Return value should be zero on an error, non-zero to proceed. Also, * callbacks should themselves check if the id they generate is unique otherwise * the SSL handshake will fail with an error - callbacks can do this using the * 'ssl' value they're passed by; *      SSL_has_matching_session_id(ssl, id, *id_len) * The length value passed in is set at the maximum size the session ID can be. * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback * can alter this length to be less if desired, but under SSLv2 session IDs are * supposed to be fixed at 16 bytes so the id will be padded after the callback * returns in this case. It is also an error for the callback to set the size to * zero. */typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,				unsigned int *id_len);typedef struct ssl_comp_st	{	int id;	const char *name;#ifndef OPENSSL_NO_COMP	COMP_METHOD *method;#else	char *method;#endif	} SSL_COMP;DECLARE_STACK_OF(SSL_COMP)struct ssl_ctx_st	{	SSL_METHOD *method;	STACK_OF(SSL_CIPHER) *cipher_list;	/* same as above but sorted for lookup */	STACK_OF(SSL_CIPHER) *cipher_list_by_id;	struct x509_store_st /* X509_STORE */ *cert_store;	struct lhash_st /* LHASH */ *sessions;	/* a set of SSL_SESSIONs */	/* Most session-ids that will be cached, default is	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */	unsigned long session_cache_size;	struct ssl_session_st *session_cache_head;	struct ssl_session_st *session_cache_tail;	/* This can have one of 2 values, ored together,	 * SSL_SESS_CACHE_CLIENT,	 * SSL_SESS_CACHE_SERVER,	 * Default is SSL_SESSION_CACHE_SERVER, which means only	 * SSL_accept which cache SSL_SESSIONS. */	int session_cache_mode;	/* If timeout is not 0, it is the default timeout value set	 * when SSL_new() is called.  This has been put in to make	 * life easier to set things up */	long session_timeout;