/* If this callback is not null, it will be called each	 * time a session id is added to the cache.  If this function	 * returns 1, it means that the callback will do a	 * SSL_SESSION_free() when it has finished using it.  Otherwise,	 * on 0, it means the callback has finished with it.	 * If remove_session_cb is not null, it will be called when	 * a session-id is removed from the cache.  After the call,	 * OpenSSL will SSL_SESSION_free() it. */	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,		unsigned char *data,int len,int *copy);	struct		{		int sess_connect;	/* SSL new conn - started */		int sess_connect_renegotiate;/* SSL reneg - requested */		int sess_connect_good;	/* SSL new conne/reneg - finished */		int sess_accept;	/* SSL new accept - started */		int sess_accept_renegotiate;/* SSL reneg - requested */		int sess_accept_good;	/* SSL accept/reneg - finished */		int sess_miss;		/* session lookup misses  */		int sess_timeout;	/* reuse attempt on timeouted session */		int sess_cache_full;	/* session removed due to full cache */		int sess_hit;		/* session reuse actually done */		int sess_cb_hit;	/* session-id that was not					 * in the cache was					 * passed back via the callback.  This					 * indicates that the application is					 * supplying session-id's from other					 * processes - spooky :-) */		} stats;	int references;	/* if defined, these override the X509_verify_cert() calls */	int (*app_verify_callback)(X509_STORE_CTX *, void *);	void *app_verify_arg;	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored	 * ('app_verify_callback' was called with just one argument) */	/* Default password callback. */	pem_password_cb *default_passwd_callback;	/* Default password callback user data. */	void *default_passwd_callback_userdata;	/* get client cert callback */	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);    /* cookie generate callback */    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,         unsigned int *cookie_len);    /* verify cookie callback */    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,         unsigned int cookie_len);	CRYPTO_EX_DATA ex_data;	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */	STACK_OF(X509) *extra_certs;	STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */	/* Default values used when no per-SSL value is defined follow */	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */	/* what we put in client cert requests */	STACK_OF(X509_NAME) *client_CA;	/* Default values to use in SSL structures follow (these are copied by SSL_new) */	unsigned long options;	unsigned long mode;	long max_cert_list;	struct cert_st /* CERT */ *cert;	int read_ahead;	/* callback that allows applications to peek at protocol messages */	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);	void *msg_callback_arg;	int verify_mode;	unsigned int sid_ctx_length;	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */	/* Default generate session ID callback. */	GEN_SESSION_CB generate_session_id;	X509_VERIFY_PARAM *param;#if 0	int purpose;		/* Purpose setting */	int trust;		/* Trust setting */#endif	int quiet_shutdown;#ifndef OPENSSL_ENGINE	/* Engine to pass requests for client certs to	 */	ENGINE *client_cert_engine;#endif#ifndef OPENSSL_NO_TLSEXT	/* TLS extensions servername callback */	int (*tlsext_servername_callback)(SSL*, int *, void *);	void *tlsext_servername_arg;	/* RFC 4507 session ticket keys */	unsigned char tlsext_tick_key_name[16];	unsigned char tlsext_tick_hmac_key[16];	unsigned char tlsext_tick_aes_key[16];	/* Callback to support customisation of ticket key setting */	int (*tlsext_ticket_key_cb)(SSL *ssl,					unsigned char *name, unsigned char *iv,					EVP_CIPHER_CTX *ectx,					HMAC_CTX *hctx, int enc);	/* certificate status request info */	/* Callback for status request */	int (*tlsext_status_cb)(SSL *ssl, void *arg);	void *tlsext_status_arg;#endif	};#define SSL_SESS_CACHE_OFF			0x0000#define SSL_SESS_CACHE_CLIENT			0x0001#define SSL_SESS_CACHE_SERVER			0x0002#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200#define SSL_SESS_CACHE_NO_INTERNAL \	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)  struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);#define SSL_CTX_sess_number(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)#define SSL_CTX_sess_connect(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)#define SSL_CTX_sess_connect_good(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)#define SSL_CTX_sess_connect_renegotiate(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)#define SSL_CTX_sess_accept(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)#define SSL_CTX_sess_accept_renegotiate(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)#define SSL_CTX_sess_accept_good(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)#define SSL_CTX_sess_hits(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)#define SSL_CTX_sess_cb_hits(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)#define SSL_CTX_sess_misses(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)#define SSL_CTX_sess_timeouts(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)#define SSL_CTX_sess_cache_full(ctx) \	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);#ifndef OPENSSL_NO_ENGINEint SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);#endifvoid SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));#define SSL_NOTHING	1#define SSL_WRITING	2#define SSL_READING	3#define SSL_X509_LOOKUP	4/* These will only be used when doing non-blocking IO */#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)struct ssl_st	{	/* protocol version	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)	 */	int version;	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */	SSL_METHOD *method; /* SSLv3 */	/* There are 2 BIO's even though they are normally both the	 * same.  This is so data can be read and written to different	 * handlers */#ifndef OPENSSL_NO_BIO	BIO *rbio; /* used by SSL_read */	BIO *wbio; /* used by SSL_write */	BIO *bbio; /* used during session-id reuse to concatenate		    * messages */#else	char *rbio; /* used by SSL_read */	char *wbio; /* used by SSL_write */	char *bbio;#endif	/* This holds a variable that indicates what we were doing	 * when a 0 or -1 is returned.  This is needed for	 * non-blocking IO so we know what request needs re-doing when	 * in SSL_accept or SSL_connect */	int rwstate;	/* true when we are actually in SSL_accept() or SSL_connect() */	int in_handshake;	int (*handshake_func)(SSL *);	/* Imagine that here's a boolean member "init" that is	 * switched as soon as SSL_set_{accept/connect}_state	 * is called for the first time, so that "state" and	 * "handshake_func" are properly initialized.  But as	 * handshake_func is == 0 until then, we use this	 * test instead of an "init" member.	 */	int server;	/* are we the server side? - mostly used by SSL_clear*/	int new_session;/* 1 if we are to use a new session.	                 * 2 if we are a server and are inside a handshake	                 *   (i.e. not just sending a HelloRequest)	                 * NB: For servers, the 'new' session may actually be a previously	                 * cached session or even the previous session unless	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */	int quiet_shutdown;/* don't send shutdown packets */	int shutdown;	/* we have shut things down, 0x01 sent, 0x02			 * for received */	int state;	/* where we are */	int rstate;	/* where we are when reading */	BUF_MEM *init_buf;	/* buffer used during init */	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */	int init_num;		/* amount read/written */	int init_off;		/* amount read/written */	/* used internally to point at a raw packet */	unsigned char *packet;	unsigned int packet_length;	struct ssl2_state_st *s2; /* SSLv2 variables */	struct ssl3_state_st *s3; /* SSLv3 variables */	struct dtls1_state_st *d1; /* DTLSv1 variables */	int read_ahead;		/* Read as many input bytes as possible	               	 	 * (for non-blocking reads) */	/* callback that allows applications to peek at protocol messages */	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);	void *msg_callback_arg;	int hit;		/* reusing a previous session */	X509_VERIFY_PARAM *param;#if 0	int purpose;		/* Purpose setting */	int trust;		/* Trust setting */#endif	/* crypto */	STACK_OF(SSL_CIPHER) *cipher_list;	STACK_OF(SSL_CIPHER) *cipher_list_by_id;	/* These are the ones being used, the ones in SSL_SESSION are	 * the ones to be 'copied' into these ones */	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */	const EVP_MD *read_hash;		/* used for mac generation */#ifndef OPENSSL_NO_COMP	COMP_CTX *expand;			/* uncompress */#else	char *expand;#endif	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */	const EVP_MD *write_hash;		/* used for mac generation */#ifndef OPENSSL_NO_COMP	COMP_CTX *compress;			/* compression */#else	char *compress;	#endif	/* session info */	/* client cert? */	/* This is used to hold the server certificate used */	struct cert_st /* CERT */ *cert;	/* the session_id_context is used to ensure sessions are only reused	 * in the appropriate context */	unsigned int sid_ctx_length;	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];	/* This can also be in the session once a session is established */	SSL_SESSION *session;	/* Default generate session ID callback. */	GEN_SESSION_CB generate_session_id;	/* Used in SSL2 and SSL3 */	int verify_mode;	/* 0 don't care about verify failure.				 * 1 fail if verify fails */	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */