@@ -877,7 +877,7 @@ struct ssl_ctx_st {
uint32_t options;
uint32_t mode;
long max_cert_list;
uint32_t max_cert_list;
struct cert_st /* CERT */ *cert;
int read_ahead;
@@ -917,7 +917,7 @@ struct ssl_ctx_st {
/* Maximum amount of data to send in one fragment. actual record size can be
* more than this due to padding and MAC overheads. */
unsigned in t max_send_fragment;
uint16_ t max_send_fragment;
/* TLS extensions servername callback */
int (*tlsext_servername_callback)(SSL *, int *, void *);
@@ -1360,10 +1360,10 @@ struct ssl_st {
uint32_t options; /* protocol behaviour */
uint32_t mode; /* API behaviour */
long max_cert_list;
uint32_t max_cert_list;
int client_version; /* what was passed, used for
* SSLv3/TLS rollback check */
unsigned in t max_send_fragment;
uint16_ t max_send_fragment;
char *tlsext_hostname;
/* should_ack_sni is true if the SNI extension should be acked. This is
* only used by a server. */
@@ -1605,11 +1605,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_SET_SESS_CACHE_MODE 44
#define SSL_CTRL_GET_SESS_CACHE_MODE 45
#define SSL_CTRL_GET_MAX_CERT_LIST 50
#define SSL_CTRL_SET_MAX_CERT_LIST 51
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
/* see tls1.h for macros based on these */
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
@@ -2158,19 +2153,37 @@ OPENSSL_EXPORT int SSL_get_ex_data_X509_STORE_CTX_idx(void);
* is resolved. */
OPENSSL_EXPORT int SSL_CTX_get_read_ahead(const SSL_CTX *ctx);
OPENSSL_EXPORT void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes);
#define SSL_CTX_get_max_cert_list(ctx) \
SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL)
#define SSL_CTX_set_max_cert_list(ctx, m) \
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL)
#define SSL_get_max_cert_list(ssl) \
SSL_ctrl(ssl, SSL_CTRL_GET_MAX_CERT_LIST, 0, NULL)
#define SSL_set_max_cert_list(ssl, m) \
SSL_ctrl(ssl, SSL_CTRL_SET_MAX_CERT_LIST, m, NULL)
#define SSL_CTX_set_max_send_fragment(ctx, m) \
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL)
#define SSL_set_max_send_fragment(ssl, m) \
SSL_ctrl(ssl, SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, NULL)
/* SSL_CTX_get_max_cert_list returns the maximum length, in bytes, of a peer
* certificate chain accepted by |ctx|. */
OPENSSL_EXPORT size_t SSL_CTX_get_max_cert_list(const SSL_CTX *ctx);
/* SSL_CTX_set_max_cert_list sets the maximum length, in bytes, of a peer
* certificate chain to |max_cert_list|. This affects how much memory may be
* consumed during the handshake. */
OPENSSL_EXPORT void SSL_CTX_set_max_cert_list(SSL_CTX *ctx,
size_t max_cert_list);
/* SSL_get_max_cert_list returns the maximum length, in bytes, of a peer
* certificate chain accepted by |ssl|. */
OPENSSL_EXPORT size_t SSL_get_max_cert_list(const SSL *ssl);
/* SSL_set_max_cert_list sets the maximum length, in bytes, of a peer
* certificate chain to |max_cert_list|. This affects how much memory may be
* consumed during the handshake. */
OPENSSL_EXPORT void SSL_set_max_cert_list(SSL *ssl, size_t max_cert_list);
/* SSL_CTX_set_max_send_fragment sets the maximum length, in bytes, of records
* sent by |ctx|. Beyond this length, handshake messages and application data
* will be split into multiple records. */
OPENSSL_EXPORT void SSL_CTX_set_max_send_fragment(SSL_CTX *ctx,
size_t max_send_fragment);
/* SSL_set_max_send_fragment sets the maximum length, in bytes, of records
* sent by |ssl|. Beyond this length, handshake messages and application data
* will be split into multiple records. */
OPENSSL_EXPORT void SSL_set_max_send_fragment(SSL *ssl,
size_t max_send_fragment);
/* SSL_CTX_set_tmp_dh_callback configures |ctx| to use |callback| to determine
* the group for DHE ciphers. |callback| should ignore |is_export| and
@@ -2387,6 +2400,9 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_CTRL_MODE doesnt_exist
#define SSL_CTRL_GET_READ_AHEAD doesnt_exist
#define SSL_CTRL_SET_READ_AHEAD doesnt_exist
#define SSL_CTRL_GET_MAX_CERT_LIST doesnt_exist
#define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist
#define DTLS_CTRL_GET_TIMEOUT doesnt_exist
@@ -2406,6 +2422,12 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_set_mode SSL_set_mode
#define SSL_CTX_get_read_ahead SSL_CTX_get_read_ahead
#define SSL_CTX_set_read_ahead SSL_CTX_set_read_ahead
#define SSL_CTX_get_max_cert_list SSL_CTX_get_max_cert_list
#define SSL_get_max_cert_list SSL_get_max_cert_list
#define SSL_CTX_set_max_cert_list SSL_CTX_set_max_cert_list
#define SSL_set_max_cert_list SSL_set_max_cert_list
#define SSL_CTX_set_max_send_fragment SSL_CTX_set_max_send_fragment
#define SSL_set_max_send_fragment SSL_set_max_send_fragment
#define SSL_CTX_set_tlsext_servername_callback \
SSL_CTX_set_tlsext_servername_callback
#define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb