summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeikki Vatiainen <hvn@radiatorsoftware.com>2023-09-06 23:17:04 +0300
committerGitHub <noreply@github.com>2023-09-06 23:17:04 +0300
commit3fdcaabf2282110132bdf0143c61f0d9f583f636 (patch)
tree616c0ead0b9ff2f7e5bad5166443911cc6b4e54e
parent8434d9a14dd916f159ef37689e1ae3d57a36fe72 (diff)
parenta91f2bbc972eb6009f0c180f5f2b90f215bebd5d (diff)
Merge pull request #441 from radiator-software/GH-71-add-ctx_set_client_hello_cb
GH-71 Expose SSL_CTX_set_client_hello_cb and related functions
Diffstat
-rw-r--r--Changes23
-rw-r--r--MANIFEST1
-rw-r--r--SSLeay.xs166
-rw-r--r--constants.c2423
-rw-r--r--helper_script/constants.txt74
-rw-r--r--lib/Net/SSLeay.pm74
-rw-r--r--lib/Net/SSLeay.pod459
-rw-r--r--t/local/21_constants.t76
-rw-r--r--t/local/48_client_hello_callback.t346
9 files changed, 2713 insertions, 929 deletions
diff --git a/Changes b/Changes
index bcccd57..838058d 100644
--- a/Changes
+++ b/Changes
@@ -30,6 +30,29 @@ Revision history for Perl extension Net::SSLeay.
Update the previous minor releases to their latest versions. Add
NetBSD to BSDs job and update the other BSDs and Alpine Linux jobs to
cover additional and latest releases. Use the latest MacOS runners.
+ - Expose SSL_CTX_set_client_hello_cb for setting a callback
+ the server calls when it processes a ClientHello. Expose the
+ following functions that can be called only from the
+ callback.
+ - SSL_client_hello_isv2
+ - SSL_client_hello_get0_legacy_version
+ - SSL_client_hello_get0_random
+ - SSL_client_hello_get0_session_id
+ - SSL_client_hello_get0_ciphers
+ - SSL_client_hello_get0_compression_methods
+ - SSL_client_hello_get1_extensions_present
+ - SSL_client_hello_get_extension_order
+ - SSL_client_hello_get0_ext
+ - Expose constants used by SSL_CTX_set_client_hello_cb related
+ functions:
+ - AD_ prefixed constants naming TLS alert codes for
+ returning from a ClientHello callback or where alert types
+ are used
+ - CLIENT_HELLO_ERROR, CLIENT_HELLO_RETRY and
+ CLIENT_HELLO_SUCCESS for returning from a ClientHello
+ callback
+ - TLSEXT_TYPE_ prefixed contants for naming TLS extension
+ types
1.93_02 2023-02-22
- Update ppport.h to version 3.68. This eliminates thousands of
diff --git a/MANIFEST b/MANIFEST
index 0fe4f9d..2753c9b 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -221,6 +221,7 @@ t/local/44_sess.t
t/local/45_exporter.t
t/local/46_msg_callback.t
t/local/47_keylog.t
+t/local/48_client_hello_callback.t
t/local/50_digest.t
t/local/61_threads-cb-crash.t
t/local/62_threads-ctx_new-deadlock.t
diff --git a/SSLeay.xs b/SSLeay.xs
index 492a3a1..7136e17 100644
--- a/SSLeay.xs
+++ b/SSLeay.xs
@@ -1810,6 +1810,47 @@ void ssl_ctx_keylog_cb_func_invoke(const SSL *ssl, const char *line)
}
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
+int ssl_client_hello_cb_fn_invoke(SSL *ssl, int *al, void *arg)
+{
+ dSP;
+ int count, res;
+ SV *cb_func, *cb_arg;
+ SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
+
+ PR1("STARTED: ssl_client_hello_cb_fn_invoke\n");
+ cb_func = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_client_hello_cb!!func");
+ cb_arg = cb_data_advanced_get(ctx, "ssleay_ssl_ctx_client_hello_cb!!arg");
+ if(!SvOK(cb_func))
+ croak ("Net::SSLeay: ssl_client_hello_cb_fn_invoke called, but not set to point to any perl function.\n");
+
+ ENTER;
+ SAVETMPS;
+
+ PUSHMARK(SP);
+ XPUSHs(sv_2mortal(newSViv(PTR2IV(ssl))));
+ XPUSHs(sv_2mortal(newSVsv(cb_arg)));
+
+ PUTBACK;
+
+ count = call_sv(cb_func, G_LIST);
+
+ SPAGAIN;
+
+ if (count < 1 || count > 2)
+ croak ("Net::SSLeay: ssl_client_hello_cb_fn perl function returned %d values, 1 or 2 expected\n", count);
+ if (count == 2)
+ *al = POPi;
+ res = POPi;
+
+ PUTBACK;
+ FREETMPS;
+ LEAVE;
+
+ return res;
+}
+#endif
+
/* ============= end of callback stuff, begin helper functions ============== */
time_t ASN1_TIME_timet(ASN1_TIME *asn1t, time_t *gmtoff) {
@@ -5837,6 +5878,131 @@ SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10101001L && !defined(LIBRESSL_VERSION_NUMBER)
+
+void
+SSL_CTX_set_client_hello_cb(SSL_CTX *ctx, SV *callback, SV *arg=&PL_sv_undef)
+ CODE:
+ if (callback==NULL || !SvOK(callback)) {
+ SSL_CTX_set_client_hello_cb(ctx, NULL, NULL);
+ cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!func", NULL);
+ cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!arg", NULL);
+ } else {
+ cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!func", newSVsv(callback));
+ cb_data_advanced_put(ctx, "ssleay_ssl_ctx_client_hello_cb!!arg", newSVsv(arg));
+ SSL_CTX_set_client_hello_cb(ctx, ssl_client_hello_cb_fn_invoke, NULL);
+ }
+
+int
+SSL_client_hello_isv2(SSL *s)
+
+unsigned int
+SSL_client_hello_get0_legacy_version(SSL *s)
+
+void
+SSL_client_hello_get0_random(SSL *s)
+ PREINIT:
+ const unsigned char *out = NULL;
+ size_t outlen;
+ CODE:
+ outlen = SSL_client_hello_get0_random(s, &out);
+ if (outlen == 0) XSRETURN_PV("");
+ ST(0) = sv_newmortal();
+ sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
+
+void
+SSL_client_hello_get0_session_id(SSL *s)
+ PREINIT:
+ const unsigned char *out = NULL;
+ size_t outlen;
+ CODE:
+ outlen = SSL_client_hello_get0_session_id(s, &out);
+ if (outlen == 0) XSRETURN_PV("");
+ ST(0) = sv_newmortal();
+ sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
+
+void
+SSL_client_hello_get0_ciphers(SSL *s)
+ PREINIT:
+ const unsigned char *out = NULL;
+ size_t outlen;
+ CODE:
+ outlen = SSL_client_hello_get0_ciphers(s, &out);
+ if (outlen == 0) XSRETURN_PV("");
+ ST(0) = sv_newmortal();
+ sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
+
+void
+SSL_client_hello_get0_compression_methods(SSL *s)
+ PREINIT:
+ const unsigned char *out = NULL;
+ size_t outlen;
+ CODE:
+ outlen = SSL_client_hello_get0_compression_methods(s, &out);
+ if (outlen == 0) XSRETURN_PV("");
+ ST(0) = sv_newmortal();
+ sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
+
+void
+SSL_client_hello_get1_extensions_present(SSL *s)
+ PREINIT:
+ int ret, *out = NULL, i;
+ size_t outlen;
+ AV *av;
+ PPCODE:
+ ret = SSL_client_hello_get1_extensions_present(s, &out, &outlen);
+ if (ret != 1) XSRETURN_UNDEF;
+
+ av = newAV();
+ mXPUSHs(newRV_noinc((SV*)av));
+ for (i=0; i < outlen; i++) {
+ av_push(av, newSViv(*(out + i)));
+ }
+ OPENSSL_free(out);
+
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+void
+SSL_client_hello_get_extension_order(SSL *s)
+ PREINIT:
+ int ret, i;
+ uint16_t *exts;
+ size_t num_exts;
+ AV *av;
+ PPCODE:
+ ret = SSL_client_hello_get_extension_order(s, NULL, &num_exts);
+ if (ret != 1) XSRETURN_UNDEF;
+
+ Newx(exts, num_exts, uint16_t);
+ ret = SSL_client_hello_get_extension_order(s, exts, &num_exts);
+ if (ret != 1) {
+ Safefree(exts);
+ XSRETURN_UNDEF;
+ }
+
+ av = newAV();
+ mXPUSHs(newRV_noinc((SV*)av));
+ for (i=0; i < num_exts; i++) {
+ av_push(av, newSViv(*(exts + i)));
+ }
+ Safefree(exts);
+
+#endif
+
+void
+SSL_client_hello_get0_ext(SSL *s, unsigned int type)
+ PREINIT:
+ int ret;
+ const unsigned char *out = NULL;
+ size_t outlen;
+ CODE:
+ ret = SSL_client_hello_get0_ext(s, type, &out, &outlen);
+ if (ret != 1) XSRETURN_UNDEF;
+
+ ST(0) = sv_newmortal();
+ sv_setpvn(ST(0), (const char *)out, (STRLEN)outlen);
+
+#endif
int
SSL_set_purpose(s,purpose)
diff --git a/constants.c b/constants.c
index f6ca2b9..ad3e101 100644
--- a/constants.c
+++ b/constants.c
@@ -1488,14 +1488,14 @@ constant (const char *name, size_t len) {
break;
case 13:
/* Names all of length 13. */
- /* ASYNC_NO_JOBS CB_READ_ALERT ERROR_SYSCALL FILETYPE_ASN1 F_SSL_SET_RFD
- F_SSL_SET_WFD GEN_OTHERNAME MBSTRING_FLAG MBSTRING_UNIV MBSTRING_UTF8
- NID_OCSP_sign NID_algorithm NID_cast5_cbc NID_cast5_ecb NID_code_sign
- NID_delta_crl NID_des_cfb64 NID_des_ofb64 NID_givenName NID_id_pbkdf2
- NID_id_qt_cps NID_key_usage NID_rc2_cfb64 NID_rc2_ofb64 NID_rc5_cfb64
- NID_rc5_ofb64 NID_ripemd160 NID_secretBag OP_NO_TLSv1_1 OP_NO_TLSv1_2
- OP_NO_TLSv1_3 OP_TLS_D5_BUG SENT_SHUTDOWN SSL2_MT_ERROR SSL3_RT_ALERT
- SSLEAY_CFLAGS XN_FLAG_FN_LN XN_FLAG_FN_SN */
+ /* AD_UNKNOWN_CA ASYNC_NO_JOBS CB_READ_ALERT ERROR_SYSCALL FILETYPE_ASN1
+ F_SSL_SET_RFD F_SSL_SET_WFD GEN_OTHERNAME MBSTRING_FLAG MBSTRING_UNIV
+ MBSTRING_UTF8 NID_OCSP_sign NID_algorithm NID_cast5_cbc NID_cast5_ecb
+ NID_code_sign NID_delta_crl NID_des_cfb64 NID_des_ofb64 NID_givenName
+ NID_id_pbkdf2 NID_id_qt_cps NID_key_usage NID_rc2_cfb64 NID_rc2_ofb64
+ NID_rc5_cfb64 NID_rc5_ofb64 NID_ripemd160 NID_secretBag OP_NO_TLSv1_1
+ OP_NO_TLSv1_2 OP_NO_TLSv1_3 OP_TLS_D5_BUG SENT_SHUTDOWN SSL2_MT_ERROR
+ SSL3_RT_ALERT SSLEAY_CFLAGS XN_FLAG_FN_LN XN_FLAG_FN_SN */
/* Offset 12 gives the best switch position. */
switch (name[12]) {
case '0':
@@ -1640,6 +1640,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'A':
+ if (!memcmp(name, "AD_UNKNOWN_C", 12)) {
+ /* A */
+
+#ifdef SSL_AD_UNKNOWN_CA
+ return SSL_AD_UNKNOWN_CA;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'D':
if (!memcmp(name, "F_SSL_SET_RF", 12)) {
/* D */
@@ -2362,13 +2374,14 @@ constant (const char *name, size_t len) {
break;
case 15:
/* Names all of length 15. */
- /* CB_CONNECT_EXIT CB_CONNECT_LOOP CLIENT_HELLO_CB ERROR_WANT_READ
- F_WRITE_PENDING MODE_AUTO_RETRY NID_cast5_cfb64 NID_cast5_ofb64
- NID_client_auth NID_countryName NID_des_ede_cbc NID_description
- NID_dnQualifier NID_dsaWithSHA1 NID_info_access NID_mdc2WithRSA
- NID_ms_code_com NID_ms_code_ind NID_ms_ctl_sign NID_server_auth
- NID_sha1WithRSA OPENSSL_VERSION OP_NO_QUERY_MTU R_NO_PRIVATEKEY
- R_UNKNOWN_STATE SESS_CACHE_BOTH SSLEAY_BUILT_ON SSLEAY_PLATFORM
+ /* AD_CLOSE_NOTIFY AD_DECODE_ERROR CB_CONNECT_EXIT CB_CONNECT_LOOP
+ CLIENT_HELLO_CB ERROR_WANT_READ F_WRITE_PENDING MODE_AUTO_RETRY
+ NID_cast5_cfb64 NID_cast5_ofb64 NID_client_auth NID_countryName
+ NID_des_ede_cbc NID_description NID_dnQualifier NID_dsaWithSHA1
+ NID_info_access NID_mdc2WithRSA NID_ms_code_com NID_ms_code_ind
+ NID_ms_ctl_sign NID_server_auth NID_sha1WithRSA OPENSSL_VERSION
+ OP_NO_QUERY_MTU R_NO_PRIVATEKEY R_UNKNOWN_STATE SESS_CACHE_BOTH
+ SSLEAY_BUILT_ON SSLEAY_PLATFORM TLSEXT_TYPE_psk TLSEXT_TYPE_srp
XN_FLAG_FN_MASK XN_FLAG_FN_NONE XN_FLAG_ONELINE XN_FLAG_RFC2253 */
/* Offset 14 gives the best switch position. */
switch (name[14]) {
@@ -2578,6 +2591,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'R':
+ if (!memcmp(name, "AD_DECODE_ERRO", 14)) {
+ /* R */
+
+#ifdef SSL_AD_DECODE_ERROR
+ return SSL_AD_DECODE_ERROR;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'T':
if (!memcmp(name, "CB_CONNECT_EXI", 14)) {
/* T */
@@ -2603,6 +2628,16 @@ constant (const char *name, size_t len) {
}
break;
case 'Y':
+ if (!memcmp(name, "AD_CLOSE_NOTIF", 14)) {
+ /* Y */
+
+#ifdef SSL_AD_CLOSE_NOTIFY
+ return SSL_AD_CLOSE_NOTIFY;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "MODE_AUTO_RETR", 14)) {
/* Y */
@@ -2682,6 +2717,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'k':
+ if (!memcmp(name, "TLSEXT_TYPE_ps", 14)) {
+ /* k */
+
+#ifdef TLSEXT_TYPE_psk
+ return TLSEXT_TYPE_psk;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'm':
if (!memcmp(name, "NID_ms_code_co", 14)) {
/* m */
@@ -2716,6 +2763,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'p':
+ if (!memcmp(name, "TLSEXT_TYPE_sr", 14)) {
+ /* p */
+
+#ifdef TLSEXT_TYPE_srp
+ return TLSEXT_TYPE_srp;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'r':
if (!memcmp(name, "NID_dnQualifie", 14)) {
/* r */
@@ -2744,12 +2803,13 @@ constant (const char *name, size_t len) {
break;
case 16:
/* Names all of length 16. */
- /* ERROR_WANT_ASYNC ERROR_WANT_WRITE NID_des_ede3_cbc NID_friendlyName
- NID_hmacWithSHA1 NID_localityName NID_pkcs7_digest NID_pkcs7_signed
- NID_serialNumber OPENSSL_BUILT_ON OPENSSL_CPU_INFO OPENSSL_PLATFORM
- OP_EPHEMERAL_RSA OP_PKCS1_CHECK_1 OP_PKCS1_CHECK_2 OP_SINGLE_DH_USE
- R_BAD_MAC_DECODE R_NO_CIPHER_LIST SSL3_MT_FINISHED X509_PURPOSE_ANY
- X509_TRUST_EMAIL XN_FLAG_FN_ALIGN XN_FLAG_SEP_MASK */
+ /* AD_ACCESS_DENIED AD_DECRYPT_ERROR ERROR_WANT_ASYNC ERROR_WANT_WRITE
+ NID_des_ede3_cbc NID_friendlyName NID_hmacWithSHA1 NID_localityName
+ NID_pkcs7_digest NID_pkcs7_signed NID_serialNumber OPENSSL_BUILT_ON
+ OPENSSL_CPU_INFO OPENSSL_PLATFORM OP_EPHEMERAL_RSA OP_PKCS1_CHECK_1
+ OP_PKCS1_CHECK_2 OP_SINGLE_DH_USE R_BAD_MAC_DECODE R_NO_CIPHER_LIST
+ SSL3_MT_FINISHED X509_PURPOSE_ANY X509_TRUST_EMAIL XN_FLAG_FN_ALIGN
+ XN_FLAG_SEP_MASK */
/* Offset 15 gives the best switch position. */
switch (name[15]) {
case '1':
@@ -2811,6 +2871,16 @@ constant (const char *name, size_t len) {
}
break;
case 'D':
+ if (!memcmp(name, "AD_ACCESS_DENIE", 15)) {
+ /* D */
+
+#ifdef SSL_AD_ACCESS_DENIED
+ return SSL_AD_ACCESS_DENIED;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "SSL3_MT_FINISHE", 15)) {
/* D */
@@ -2924,6 +2994,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'R':
+ if (!memcmp(name, "AD_DECRYPT_ERRO", 15)) {
+ /* R */
+
+#ifdef SSL_AD_DECRYPT_ERROR
+ return SSL_AD_DECRYPT_ERROR;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'T':
if (!memcmp(name, "R_NO_CIPHER_LIS", 15)) {
/* T */
@@ -3022,52 +3104,53 @@ constant (const char *name, size_t len) {
break;
case 17:
/* Names all of length 17. */
- /* CB_HANDSHAKE_DONE ERROR_WANT_ACCEPT ERROR_ZERO_RETURN F_D2I_SSL_SESSION
+ /* AD_BAD_RECORD_MAC AD_INTERNAL_ERROR AD_NO_CERTIFICATE AD_USER_CANCELLED
+ CB_HANDSHAKE_DONE ERROR_WANT_ACCEPT ERROR_ZERO_RETURN F_D2I_SSL_SESSION
F_I2D_SSL_SESSION F_SSL_SESSION_NEW NID_ad_ca_issuers NID_des_ede_cfb64
NID_des_ede_ofb64 NID_dsaWithSHA1_2 NID_email_protect NID_ext_key_usage
NID_id_qt_unotice NID_rsaEncryption OP_NO_ANTI_REPLAY OP_NO_COMPRESSION
OP_TLSEXT_PADDING RECEIVED_SHUTDOWN R_BAD_WRITE_RETRY R_NO_CIPHER_MATCH
SESS_CACHE_CLIENT SESS_CACHE_SERVER SSL3_RT_HANDSHAKE X509_FILETYPE_PEM
X509_TRUST_COMPAT XN_FLAG_MULTILINE */
- /* Offset 13 gives the best switch position. */
- switch (name[13]) {
- case 'A':
- if (!memcmp(name, "NID_dsaWithSHA1_2", 17)) {
- /* ^ */
+ /* Offset 8 gives the best switch position. */
+ switch (name[8]) {
+ case 'C':
+ if (!memcmp(name, "AD_USER_CANCELLED", 17)) {
+ /* ^ */
-#ifdef NID_dsaWithSHA1_2
- return NID_dsaWithSHA1_2;
+#ifdef SSL_AD_USER_CANCELLED
+ return SSL_AD_USER_CANCELLED;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "R_NO_CIPHER_MATCH", 17)) {
- /* ^ */
+ break;
+ case 'E':
+ if (!memcmp(name, "AD_BAD_RECORD_MAC", 17)) {
+ /* ^ */
-#ifdef SSL_R_NO_CIPHER_MATCH
- return SSL_R_NO_CIPHER_MATCH;
+#ifdef SSL_AD_BAD_RECORD_MAC
+ return SSL_AD_BAD_RECORD_MAC;
#else
goto not_there;
#endif
}
- break;
- case 'C':
- if (!memcmp(name, "ERROR_WANT_ACCEPT", 17)) {
- /* ^ */
+ if (!memcmp(name, "X509_FILETYPE_PEM", 17)) {
+ /* ^ */
-#ifdef SSL_ERROR_WANT_ACCEPT
- return SSL_ERROR_WANT_ACCEPT;
+#ifdef X509_FILETYPE_PEM
+ return X509_FILETYPE_PEM;
#else
goto not_there;
#endif
}
break;
- case 'D':
+ case 'H':
if (!memcmp(name, "CB_HANDSHAKE_DONE", 17)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_CB_HANDSHAKE_DONE
return SSL_CB_HANDSHAKE_DONE;
@@ -3076,42 +3159,38 @@ constant (const char *name, size_t len) {
#endif
}
- if (!memcmp(name, "OP_TLSEXT_PADDING", 17)) {
- /* ^ */
+ if (!memcmp(name, "R_NO_CIPHER_MATCH", 17)) {
+ /* ^ */
-#ifdef SSL_OP_TLSEXT_PADDING
- return SSL_OP_TLSEXT_PADDING;
+#ifdef SSL_R_NO_CIPHER_MATCH
+ return SSL_R_NO_CIPHER_MATCH;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "RECEIVED_SHUTDOWN", 17)) {
- /* ^ */
+ if (!memcmp(name, "SESS_CACHE_CLIENT", 17)) {
+ /* ^ */
-#ifdef SSL_RECEIVED_SHUTDOWN
- return SSL_RECEIVED_SHUTDOWN;
+#ifdef SSL_SESS_CACHE_CLIENT
+ return SSL_SESS_CACHE_CLIENT;
#else
goto not_there;
#endif
}
- break;
- case 'E':
- if (!memcmp(name, "R_BAD_WRITE_RETRY", 17)) {
- /* ^ */
+ if (!memcmp(name, "SESS_CACHE_SERVER", 17)) {
+ /* ^ */
-#ifdef SSL_R_BAD_WRITE_RETRY
- return SSL_R_BAD_WRITE_RETRY;
+#ifdef SSL_SESS_CACHE_SERVER
+ return SSL_SESS_CACHE_SERVER;
#else
goto not_there;
#endif
}
- break;
- case 'H':
if (!memcmp(name, "SSL3_RT_HANDSHAKE", 17)) {
- /* ^ */
+ /* ^ */
#ifdef SSL3_RT_HANDSHAKE
return SSL3_RT_HANDSHAKE;
@@ -3122,11 +3201,11 @@ constant (const char *name, size_t len) {
}
break;
case 'I':
- if (!memcmp(name, "SESS_CACHE_CLIENT", 17)) {
- /* ^ */
+ if (!memcmp(name, "R_BAD_WRITE_RETRY", 17)) {
+ /* ^ */
-#ifdef SSL_SESS_CACHE_CLIENT
- return SSL_SESS_CACHE_CLIENT;
+#ifdef SSL_R_BAD_WRITE_RETRY
+ return SSL_R_BAD_WRITE_RETRY;
#else
goto not_there;
#endif
@@ -3134,8 +3213,40 @@ constant (const char *name, size_t len) {
}
break;
case 'L':
+ if (!memcmp(name, "F_D2I_SSL_SESSION", 17)) {
+ /* ^ */
+
+#ifdef SSL_F_D2I_SSL_SESSION
+ return SSL_F_D2I_SSL_SESSION;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "F_I2D_SSL_SESSION", 17)) {
+ /* ^ */
+
+#ifdef SSL_F_I2D_SSL_SESSION
+ return SSL_F_I2D_SSL_SESSION;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'M':
+ if (!memcmp(name, "OP_NO_COMPRESSION", 17)) {
+ /* ^ */
+
+#ifdef SSL_OP_NO_COMPRESSION
+ return SSL_OP_NO_COMPRESSION;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "XN_FLAG_MULTILINE", 17)) {
- /* ^ */
+ /* ^ */
#ifdef XN_FLAG_MULTILINE
return XN_FLAG_MULTILINE;
@@ -3145,24 +3256,22 @@ constant (const char *name, size_t len) {
}
break;
- case 'M':
- if (!memcmp(name, "X509_TRUST_COMPAT", 17)) {
- /* ^ */
+ case 'N':
+ if (!memcmp(name, "AD_INTERNAL_ERROR", 17)) {
+ /* ^ */
-#ifdef X509_TRUST_COMPAT
- return X509_TRUST_COMPAT;
+#ifdef SSL_AD_INTERNAL_ERROR
+ return SSL_AD_INTERNAL_ERROR;
#else
goto not_there;
#endif
}
- break;
- case 'P':
- if (!memcmp(name, "OP_NO_ANTI_REPLAY", 17)) {
- /* ^ */
+ if (!memcmp(name, "ERROR_WANT_ACCEPT", 17)) {
+ /* ^ */
-#ifdef SSL_OP_NO_ANTI_REPLAY
- return SSL_OP_NO_ANTI_REPLAY;
+#ifdef SSL_ERROR_WANT_ACCEPT
+ return SSL_ERROR_WANT_ACCEPT;
#else
goto not_there;
#endif
@@ -3170,43 +3279,43 @@ constant (const char *name, size_t len) {
}
break;
case 'R':
- if (!memcmp(name, "SESS_CACHE_SERVER", 17)) {
- /* ^ */
+ if (!memcmp(name, "AD_NO_CERTIFICATE", 17)) {
+ /* ^ */
-#ifdef SSL_SESS_CACHE_SERVER
- return SSL_SESS_CACHE_SERVER;
+#ifdef SSL_AD_NO_CERTIFICATE
+ return SSL_AD_NO_CERTIFICATE;
#else
goto not_there;
#endif
}
- break;
- case 'S':
- if (!memcmp(name, "F_D2I_SSL_SESSION", 17)) {
- /* ^ */
+ if (!memcmp(name, "ERROR_ZERO_RETURN", 17)) {
+ /* ^ */
-#ifdef SSL_F_D2I_SSL_SESSION
- return SSL_F_D2I_SSL_SESSION;
+#ifdef SSL_ERROR_ZERO_RETURN
+ return SSL_ERROR_ZERO_RETURN;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "F_I2D_SSL_SESSION", 17)) {
- /* ^ */
+ break;
+ case 'S':
+ if (!memcmp(name, "F_SSL_SESSION_NEW", 17)) {
+ /* ^ */
-#ifdef SSL_F_I2D_SSL_SESSION
- return SSL_F_I2D_SSL_SESSION;
+#ifdef SSL_F_SSL_SESSION_NEW
+ return SSL_F_SSL_SESSION_NEW;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "OP_NO_COMPRESSION", 17)) {
- /* ^ */
+ if (!memcmp(name, "X509_TRUST_COMPAT", 17)) {
+ /* ^ */
-#ifdef SSL_OP_NO_COMPRESSION
- return SSL_OP_NO_COMPRESSION;
+#ifdef X509_TRUST_COMPAT
+ return X509_TRUST_COMPAT;
#else
goto not_there;
#endif
@@ -3214,11 +3323,21 @@ constant (const char *name, size_t len) {
}
break;
case 'T':
- if (!memcmp(name, "ERROR_ZERO_RETURN", 17)) {
- /* ^ */
+ if (!memcmp(name, "OP_NO_ANTI_REPLAY", 17)) {
+ /* ^ */
-#ifdef SSL_ERROR_ZERO_RETURN
- return SSL_ERROR_ZERO_RETURN;
+#ifdef SSL_OP_NO_ANTI_REPLAY
+ return SSL_OP_NO_ANTI_REPLAY;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "OP_TLSEXT_PADDING", 17)) {
+ /* ^ */
+
+#ifdef SSL_OP_TLSEXT_PADDING
+ return SSL_OP_TLSEXT_PADDING;
#else
goto not_there;
#endif
@@ -3226,30 +3345,32 @@ constant (const char *name, size_t len) {
}
break;
case '_':
- if (!memcmp(name, "F_SSL_SESSION_NEW", 17)) {
- /* ^ */
+ if (!memcmp(name, "RECEIVED_SHUTDOWN", 17)) {
+ /* ^ */
-#ifdef SSL_F_SSL_SESSION_NEW
- return SSL_F_SSL_SESSION_NEW;
+#ifdef SSL_RECEIVED_SHUTDOWN
+ return SSL_RECEIVED_SHUTDOWN;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_FILETYPE_PEM", 17)) {
- /* ^ */
+ break;
+ case 'a':
+ if (!memcmp(name, "NID_ad_ca_issuers", 17)) {
+ /* ^ */
-#ifdef X509_FILETYPE_PEM
- return X509_FILETYPE_PEM;
+#ifdef NID_ad_ca_issuers
+ return NID_ad_ca_issuers;
#else
goto not_there;
#endif
}
break;
- case 'f':
+ case 'e':
if (!memcmp(name, "NID_des_ede_cfb64", 17)) {
- /* ^ */
+ /* ^ */
#ifdef NID_des_ede_cfb64
return NID_des_ede_cfb64;
@@ -3259,7 +3380,7 @@ constant (const char *name, size_t len) {
}
if (!memcmp(name, "NID_des_ede_ofb64", 17)) {
- /* ^ */
+ /* ^ */
#ifdef NID_des_ede_ofb64
return NID_des_ede_ofb64;
@@ -3269,41 +3390,45 @@ constant (const char *name, size_t len) {
}
break;
- case 's':
- if (!memcmp(name, "NID_ext_key_usage", 17)) {
- /* ^ */
+ case 'i':
+ if (!memcmp(name, "NID_dsaWithSHA1_2", 17)) {
+ /* ^ */
-#ifdef NID_ext_key_usage
- return NID_ext_key_usage;
+#ifdef NID_dsaWithSHA1_2
+ return NID_dsaWithSHA1_2;
#else
goto not_there;
#endif
}
break;
- case 't':
- if (!memcmp(name, "NID_email_protect", 17)) {
- /* ^ */
+ case 'k':
+ if (!memcmp(name, "NID_ext_key_usage", 17)) {
+ /* ^ */
-#ifdef NID_email_protect
- return NID_email_protect;
+#ifdef NID_ext_key_usage
+ return NID_ext_key_usage;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "NID_id_qt_unotice", 17)) {
- /* ^ */
+ break;
+ case 'l':
+ if (!memcmp(name, "NID_email_protect", 17)) {
+ /* ^ */
-#ifdef NID_id_qt_unotice
- return NID_id_qt_unotice;
+#ifdef NID_email_protect
+ return NID_email_protect;
#else
goto not_there;
#endif
}
+ break;
+ case 'n':
if (!memcmp(name, "NID_rsaEncryption", 17)) {
- /* ^ */
+ /* ^ */
#ifdef NID_rsaEncryption
return NID_rsaEncryption;
@@ -3313,12 +3438,12 @@ constant (const char *name, size_t len) {
}
break;
- case 'u':
- if (!memcmp(name, "NID_ad_ca_issuers", 17)) {
- /* ^ */
+ case 't':
+ if (!memcmp(name, "NID_id_qt_unotice", 17)) {
+ /* ^ */
-#ifdef NID_ad_ca_issuers
- return NID_ad_ca_issuers;
+#ifdef NID_id_qt_unotice
+ return NID_id_qt_unotice;
#else
goto not_there;
#endif
@@ -3329,12 +3454,13 @@ constant (const char *name, size_t len) {
break;
case 18:
/* Names all of length 18. */
- /* CB_HANDSHAKE_START ERROR_WANT_CONNECT F_GET_CLIENT_HELLO
- F_GET_SERVER_HELLO MODE_NO_AUTO_CHAIN NID_des_ede3_cfb64
- NID_des_ede3_ofb64 NID_dhKeyAgreement OP_COOKIE_EXCHANGE
- OP_SINGLE_ECDH_USE R_BAD_SSL_FILETYPE SSL3_MT_KEY_UPDATE
- SSL3_MT_NEXT_PROTO VERIFY_CLIENT_ONCE X509_FILETYPE_ASN1
- X509_TRUST_DEFAULT */
+ /* AD_BAD_CERTIFICATE AD_RECORD_OVERFLOW CB_HANDSHAKE_START
+ CLIENT_HELLO_ERROR CLIENT_HELLO_RETRY ERROR_WANT_CONNECT
+ F_GET_CLIENT_HELLO F_GET_SERVER_HELLO MODE_NO_AUTO_CHAIN
+ NID_des_ede3_cfb64 NID_des_ede3_ofb64 NID_dhKeyAgreement
+ OP_COOKIE_EXCHANGE OP_SINGLE_ECDH_USE R_BAD_SSL_FILETYPE
+ SSL3_MT_KEY_UPDATE SSL3_MT_NEXT_PROTO TLSEXT_TYPE_cookie
+ VERIFY_CLIENT_ONCE X509_FILETYPE_ASN1 X509_TRUST_DEFAULT */
/* Offset 11 gives the best switch position. */
switch (name[11]) {
case '3':
@@ -3406,6 +3532,16 @@ constant (const char *name, size_t len) {
}
break;
case 'I':
+ if (!memcmp(name, "AD_BAD_CERTIFICATE", 18)) {
+ /* ^ */
+
+#ifdef SSL_AD_BAD_CERTIFICATE
+ return SSL_AD_BAD_CERTIFICATE;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "R_BAD_SSL_FILETYPE", 18)) {
/* ^ */
@@ -3430,6 +3566,26 @@ constant (const char *name, size_t len) {
}
break;
case 'O':
+ if (!memcmp(name, "CLIENT_HELLO_ERROR", 18)) {
+ /* ^ */
+
+#ifdef SSL_CLIENT_HELLO_ERROR
+ return SSL_CLIENT_HELLO_ERROR;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "CLIENT_HELLO_RETRY", 18)) {
+ /* ^ */
+
+#ifdef SSL_CLIENT_HELLO_RETRY
+ return SSL_CLIENT_HELLO_RETRY;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "MODE_NO_AUTO_CHAIN", 18)) {
/* ^ */
@@ -3487,6 +3643,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'V':
+ if (!memcmp(name, "AD_RECORD_OVERFLOW", 18)) {
+ /* ^ */
+
+#ifdef SSL_AD_RECORD_OVERFLOW
+ return SSL_AD_RECORD_OVERFLOW;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'X':
if (!memcmp(name, "OP_COOKIE_EXCHANGE", 18)) {
/* ^ */
@@ -3510,6 +3678,16 @@ constant (const char *name, size_t len) {
#endif
}
+ if (!memcmp(name, "TLSEXT_TYPE_cookie", 18)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_cookie
+ return TLSEXT_TYPE_cookie;
+#else
+ goto not_there;
+#endif
+
+ }
break;
case 'r':
if (!memcmp(name, "NID_dhKeyAgreement", 18)) {
@@ -3527,13 +3705,14 @@ constant (const char *name, size_t len) {
break;
case 19:
/* Names all of length 19. */
- /* F_CLIENT_MASTER_KEY F_GET_SERVER_VERIFY NID_invalidity_date
- NID_issuer_alt_name NID_pkcs7_encrypted NID_pkcs7_enveloped
- NID_rle_compression NID_safeContentsBag NID_sdsiCertificate
- NID_x509Certificate OPENSSL_ENGINES_DIR OPENSSL_MODULES_DIR
- OP_ALLOW_NO_DHE_KEX OP_CISCO_ANYCONNECT OP_NON_EXPORT_FIRST
- OP_NO_RENEGOTIATION OP_TLS_ROLLBACK_BUG SSL3_MT_CERTIFICATE
- SSL3_MT_SERVER_DONE */
+ /* AD_NO_RENEGOTIATION AD_PROTOCOL_VERSION F_CLIENT_MASTER_KEY
+ F_GET_SERVER_VERIFY NID_invalidity_date NID_issuer_alt_name
+ NID_pkcs7_encrypted NID_pkcs7_enveloped NID_rle_compression
+ NID_safeContentsBag NID_sdsiCertificate NID_x509Certificate
+ OPENSSL_ENGINES_DIR OPENSSL_MODULES_DIR OP_ALLOW_NO_DHE_KEX
+ OP_CISCO_ANYCONNECT OP_NON_EXPORT_FIRST OP_NO_RENEGOTIATION
+ OP_TLS_ROLLBACK_BUG SSL3_MT_CERTIFICATE SSL3_MT_SERVER_DONE
+ TLSEXT_TYPE_padding */
/* Offset 12 gives the best switch position. */
switch (name[12]) {
case 'A':
@@ -3621,6 +3800,16 @@ constant (const char *name, size_t len) {
}
break;
case 'T':
+ if (!memcmp(name, "AD_NO_RENEGOTIATION", 19)) {
+ /* ^ */
+
+#ifdef SSL_AD_NO_RENEGOTIATION
+ return SSL_AD_NO_RENEGOTIATION;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "F_CLIENT_MASTER_KEY", 19)) {
/* ^ */
@@ -3652,6 +3841,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'V':
+ if (!memcmp(name, "AD_PROTOCOL_VERSION", 19)) {
+ /* ^ */
+
+#ifdef SSL_AD_PROTOCOL_VERSION
+ return SSL_AD_PROTOCOL_VERSION;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case '_':
if (!memcmp(name, "F_GET_SERVER_VERIFY", 19)) {
/* ^ */
@@ -3722,6 +3923,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'p':
+ if (!memcmp(name, "TLSEXT_TYPE_padding", 19)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_padding
+ return TLSEXT_TYPE_padding;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'r':
if (!memcmp(name, "NID_rle_compression", 19)) {
/* ^ */
@@ -3762,41 +3975,85 @@ constant (const char *name, size_t len) {
break;
case 20:
/* Names all of length 20. */
- /* ASN1_STRFLGS_ESC_MSB ASN1_STRFLGS_RFC2253 ERROR_WANT_ASYNC_JOB
+ /* AD_DECRYPTION_FAILED AD_HANDSHAKE_FAILURE AD_ILLEGAL_PARAMETER
+ AD_MISSING_EXTENSION AD_UNRECOGNIZED_NAME ASN1_STRFLGS_ESC_MSB
+ ASN1_STRFLGS_RFC2253 CLIENT_HELLO_SUCCESS ERROR_WANT_ASYNC_JOB
F_CLIENT_CERTIFICATE F_SSL_USE_PRIVATEKEY MODE_RELEASE_BUFFERS
NID_netscape_comment NID_organizationName NID_ripemd160WithRSA
NID_subject_alt_name NID_uniqueIdentifier NID_zlib_compression
OP_CLEANSE_PLAINTEXT OP_PRIORITIZE_CHACHA R_NO_CERTIFICATE_SET
SESSION_ASN1_VERSION SSL2_MT_CLIENT_HELLO SSL2_MT_SERVER_HELLO
SSL3_MT_CLIENT_HELLO SSL3_MT_MESSAGE_HASH SSL3_MT_SERVER_HELLO
- X509_TRUST_OCSP_SIGN X509_V_ERR_PATH_LOOP */
- /* Offset 13 gives the best switch position. */
- switch (name[13]) {
+ TLSEXT_TYPE_use_srtp X509_TRUST_OCSP_SIGN X509_V_ERR_PATH_LOOP */
+ /* Offset 8 gives the best switch position. */
+ switch (name[8]) {
case 'A':
- if (!memcmp(name, "OP_CLEANSE_PLAINTEXT", 20)) {
- /* ^ */
+ if (!memcmp(name, "AD_ILLEGAL_PARAMETER", 20)) {
+ /* ^ */
-#ifdef SSL_OP_CLEANSE_PLAINTEXT
- return SSL_OP_CLEANSE_PLAINTEXT;
+#ifdef SSL_AD_ILLEGAL_PARAMETER
+ return SSL_AD_ILLEGAL_PARAMETER;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "R_NO_CERTIFICATE_SET", 20)) {
- /* ^ */
+ if (!memcmp(name, "SESSION_ASN1_VERSION", 20)) {
+ /* ^ */
-#ifdef SSL_R_NO_CERTIFICATE_SET
- return SSL_R_NO_CERTIFICATE_SET;
+#ifdef SSL_SESSION_ASN1_VERSION
+ return SSL_SESSION_ASN1_VERSION;
#else
goto not_there;
#endif
}
break;
- case 'B':
+ case 'C':
+ if (!memcmp(name, "SSL2_MT_CLIENT_HELLO", 20)) {
+ /* ^ */
+
+#ifdef SSL2_MT_CLIENT_HELLO
+ return SSL2_MT_CLIENT_HELLO;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "SSL3_MT_CLIENT_HELLO", 20)) {
+ /* ^ */
+
+#ifdef SSL3_MT_CLIENT_HELLO
+ return SSL3_MT_CLIENT_HELLO;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'E':
+ if (!memcmp(name, "CLIENT_HELLO_SUCCESS", 20)) {
+ /* ^ */
+
+#ifdef SSL_CLIENT_HELLO_SUCCESS
+ return SSL_CLIENT_HELLO_SUCCESS;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "F_SSL_USE_PRIVATEKEY", 20)) {
+ /* ^ */
+
+#ifdef SSL_F_SSL_USE_PRIVATEKEY
+ return SSL_F_SSL_USE_PRIVATEKEY;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "MODE_RELEASE_BUFFERS", 20)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_MODE_RELEASE_BUFFERS
return SSL_MODE_RELEASE_BUFFERS;
@@ -3806,9 +4063,9 @@ constant (const char *name, size_t len) {
}
break;
- case 'E':
+ case 'F':
if (!memcmp(name, "ASN1_STRFLGS_ESC_MSB", 20)) {
- /* ^ */
+ /* ^ */
#ifdef ASN1_STRFLGS_ESC_MSB
return ASN1_STRFLGS_ESC_MSB;
@@ -3817,98 +4074,102 @@ constant (const char *name, size_t len) {
#endif
}
- break;
- case 'G':
- if (!memcmp(name, "SSL3_MT_MESSAGE_HASH", 20)) {
- /* ^ */
+ if (!memcmp(name, "ASN1_STRFLGS_RFC2253", 20)) {
+ /* ^ */
-#ifdef SSL3_MT_MESSAGE_HASH
- return SSL3_MT_MESSAGE_HASH;
+#ifdef ASN1_STRFLGS_RFC2253
+ return ASN1_STRFLGS_RFC2253;
#else
goto not_there;
#endif
}
break;
- case 'I':
- if (!memcmp(name, "F_CLIENT_CERTIFICATE", 20)) {
- /* ^ */
+ case 'H':
+ if (!memcmp(name, "AD_HANDSHAKE_FAILURE", 20)) {
+ /* ^ */
-#ifdef SSL_F_CLIENT_CERTIFICATE
- return SSL_F_CLIENT_CERTIFICATE;
+#ifdef SSL_AD_HANDSHAKE_FAILURE
+ return SSL_AD_HANDSHAKE_FAILURE;
#else
goto not_there;
#endif
}
break;
- case 'R':
- if (!memcmp(name, "ASN1_STRFLGS_RFC2253", 20)) {
- /* ^ */
+ case 'I':
+ if (!memcmp(name, "OP_PRIORITIZE_CHACHA", 20)) {
+ /* ^ */
-#ifdef ASN1_STRFLGS_RFC2253
- return ASN1_STRFLGS_RFC2253;
+#ifdef SSL_OP_PRIORITIZE_CHACHA
+ return SSL_OP_PRIORITIZE_CHACHA;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "SSL2_MT_SERVER_HELLO", 20)) {
- /* ^ */
+ break;
+ case 'M':
+ if (!memcmp(name, "SSL3_MT_MESSAGE_HASH", 20)) {
+ /* ^ */
-#ifdef SSL2_MT_SERVER_HELLO
- return SSL2_MT_SERVER_HELLO;
+#ifdef SSL3_MT_MESSAGE_HASH
+ return SSL3_MT_MESSAGE_HASH;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "SSL3_MT_SERVER_HELLO", 20)) {
- /* ^ */
+ break;
+ case 'N':
+ if (!memcmp(name, "AD_MISSING_EXTENSION", 20)) {
+ /* ^ */
-#ifdef SSL3_MT_SERVER_HELLO
- return SSL3_MT_SERVER_HELLO;
+#ifdef SSL_AD_MISSING_EXTENSION
+ return SSL_AD_MISSING_EXTENSION;
#else
goto not_there;
#endif
}
- break;
- case 'S':
- if (!memcmp(name, "X509_TRUST_OCSP_SIGN", 20)) {
- /* ^ */
+ if (!memcmp(name, "ERROR_WANT_ASYNC_JOB", 20)) {
+ /* ^ */
-#ifdef X509_TRUST_OCSP_SIGN
- return X509_TRUST_OCSP_SIGN;
+#ifdef SSL_ERROR_WANT_ASYNC_JOB
+ return SSL_ERROR_WANT_ASYNC_JOB;
#else
goto not_there;
#endif
}
break;
- case 'T':
- if (!memcmp(name, "SSL2_MT_CLIENT_HELLO", 20)) {
- /* ^ */
+ case 'O':
+ if (!memcmp(name, "AD_UNRECOGNIZED_NAME", 20)) {
+ /* ^ */
-#ifdef SSL2_MT_CLIENT_HELLO
- return SSL2_MT_CLIENT_HELLO;
+#ifdef SSL_AD_UNRECOGNIZED_NAME
+ return SSL_AD_UNRECOGNIZED_NAME;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "SSL3_MT_CLIENT_HELLO", 20)) {
- /* ^ */
+ break;
+ case 'P':
+ if (!memcmp(name, "AD_DECRYPTION_FAILED", 20)) {
+ /* ^ */
-#ifdef SSL3_MT_CLIENT_HELLO
- return SSL3_MT_CLIENT_HELLO;
+#ifdef SSL_AD_DECRYPTION_FAILED
+ return SSL_AD_DECRYPTION_FAILED;
#else
goto not_there;
#endif
}
+ break;
+ case 'R':
if (!memcmp(name, "X509_V_ERR_PATH_LOOP", 20)) {
- /* ^ */
+ /* ^ */
#ifdef X509_V_ERR_PATH_LOOP
return X509_V_ERR_PATH_LOOP;
@@ -3918,34 +4179,54 @@ constant (const char *name, size_t len) {
}
break;
- case 'V':
- if (!memcmp(name, "F_SSL_USE_PRIVATEKEY", 20)) {
- /* ^ */
+ case 'S':
+ if (!memcmp(name, "OP_CLEANSE_PLAINTEXT", 20)) {
+ /* ^ */
-#ifdef SSL_F_SSL_USE_PRIVATEKEY
- return SSL_F_SSL_USE_PRIVATEKEY;
+#ifdef SSL_OP_CLEANSE_PLAINTEXT
+ return SSL_OP_CLEANSE_PLAINTEXT;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "SESSION_ASN1_VERSION", 20)) {
- /* ^ */
+ if (!memcmp(name, "SSL2_MT_SERVER_HELLO", 20)) {
+ /* ^ */
-#ifdef SSL_SESSION_ASN1_VERSION
- return SSL_SESSION_ASN1_VERSION;
+#ifdef SSL2_MT_SERVER_HELLO
+ return SSL2_MT_SERVER_HELLO;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "SSL3_MT_SERVER_HELLO", 20)) {
+ /* ^ */
+
+#ifdef SSL3_MT_SERVER_HELLO
+ return SSL3_MT_SERVER_HELLO;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "X509_TRUST_OCSP_SIGN", 20)) {
+ /* ^ */
+
+#ifdef X509_TRUST_OCSP_SIGN
+ return X509_TRUST_OCSP_SIGN;
#else
goto not_there;
#endif
}
break;
- case 'W':
- if (!memcmp(name, "NID_ripemd160WithRSA", 20)) {
- /* ^ */
+ case 'T':
+ if (!memcmp(name, "R_NO_CERTIFICATE_SET", 20)) {
+ /* ^ */
-#ifdef NID_ripemd160WithRSA
- return NID_ripemd160WithRSA;
+#ifdef SSL_R_NO_CERTIFICATE_SET
+ return SSL_R_NO_CERTIFICATE_SET;
#else
goto not_there;
#endif
@@ -3953,11 +4234,11 @@ constant (const char *name, size_t len) {
}
break;
case 'Y':
- if (!memcmp(name, "ERROR_WANT_ASYNC_JOB", 20)) {
- /* ^ */
+ if (!memcmp(name, "TLSEXT_TYPE_use_srtp", 20)) {
+ /* ^ */
-#ifdef SSL_ERROR_WANT_ASYNC_JOB
- return SSL_ERROR_WANT_ASYNC_JOB;
+#ifdef TLSEXT_TYPE_use_srtp
+ return TLSEXT_TYPE_use_srtp;
#else
goto not_there;
#endif
@@ -3965,11 +4246,21 @@ constant (const char *name, size_t len) {
}
break;
case '_':
- if (!memcmp(name, "OP_PRIORITIZE_CHACHA", 20)) {
- /* ^ */
+ if (!memcmp(name, "F_CLIENT_CERTIFICATE", 20)) {
+ /* ^ */
-#ifdef SSL_OP_PRIORITIZE_CHACHA
- return SSL_OP_PRIORITIZE_CHACHA;
+#ifdef SSL_F_CLIENT_CERTIFICATE
+ return SSL_F_CLIENT_CERTIFICATE;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "NID_zlib_compression", 20)) {
+ /* ^ */
+
+#ifdef NID_zlib_compression
+ return NID_zlib_compression;
#else
goto not_there;
#endif
@@ -3978,7 +4269,7 @@ constant (const char *name, size_t len) {
break;
case 'c':
if (!memcmp(name, "NID_netscape_comment", 20)) {
- /* ^ */
+ /* ^ */
#ifdef NID_netscape_comment
return NID_netscape_comment;
@@ -3988,24 +4279,24 @@ constant (const char *name, size_t len) {
}
break;
- case 'i':
- if (!memcmp(name, "NID_organizationName", 20)) {
- /* ^ */
+ case 'e':
+ if (!memcmp(name, "NID_subject_alt_name", 20)) {
+ /* ^ */
-#ifdef NID_organizationName
- return NID_organizationName;
+#ifdef NID_subject_alt_name
+ return NID_subject_alt_name;
#else
goto not_there;
#endif
}
break;
- case 'l':
- if (!memcmp(name, "NID_subject_alt_name", 20)) {
- /* ^ */
+ case 'm':
+ if (!memcmp(name, "NID_ripemd160WithRSA", 20)) {
+ /* ^ */
-#ifdef NID_subject_alt_name
- return NID_subject_alt_name;
+#ifdef NID_ripemd160WithRSA
+ return NID_ripemd160WithRSA;
#else
goto not_there;
#endif
@@ -4013,23 +4304,23 @@ constant (const char *name, size_t len) {
}
break;
case 'n':
- if (!memcmp(name, "NID_uniqueIdentifier", 20)) {
- /* ^ */
+ if (!memcmp(name, "NID_organizationName", 20)) {
+ /* ^ */
-#ifdef NID_uniqueIdentifier
- return NID_uniqueIdentifier;
+#ifdef NID_organizationName
+ return NID_organizationName;
#else
goto not_there;
#endif
}
break;
- case 'r':
- if (!memcmp(name, "NID_zlib_compression", 20)) {
- /* ^ */
+ case 'u':
+ if (!memcmp(name, "NID_uniqueIdentifier", 20)) {
+ /* ^ */
-#ifdef NID_zlib_compression
- return NID_zlib_compression;
+#ifdef NID_uniqueIdentifier
+ return NID_uniqueIdentifier;
#else
goto not_there;
#endif
@@ -4040,16 +4331,17 @@ constant (const char *name, size_t len) {
break;
case 21:
/* Names all of length 21. */
- /* ASN1_STRFLGS_ESC_CTRL F_GET_CLIENT_FINISHED F_GET_SERVER_FINISHED
- F_REQUEST_CERTIFICATE F_SSL_GET_NEW_SESSION F_SSL_USE_CERTIFICATE
- NID_SMIMECapabilities NID_basic_constraints NID_netscape_base_url
- NID_pkcs9_contentType NID_pkcs9_signingTime OPENSSL_VERSION_MAJOR
- OPENSSL_VERSION_MINOR OPENSSL_VERSION_PATCH OP_NETSCAPE_CA_DN_BUG
- SSL2_MT_SERVER_VERIFY SSL3_MT_HELLO_REQUEST VERIFY_POST_HANDSHAKE
- X509_FILETYPE_DEFAULT X509_PURPOSE_CRL_SIGN X509_TRUST_SSL_CLIENT
- X509_TRUST_SSL_SERVER X509_V_ERR_INVALID_CA X509_V_ERR_OUT_OF_MEM
- X509_V_FLAG_CRL_CHECK XN_FLAG_SEP_CPLUS_SPC XN_FLAG_SEP_MULTILINE
- XN_FLAG_SEP_SPLUS_SPC */
+ /* AD_EXPORT_RESTRICTION AD_UNEXPECTED_MESSAGE ASN1_STRFLGS_ESC_CTRL
+ F_GET_CLIENT_FINISHED F_GET_SERVER_FINISHED F_REQUEST_CERTIFICATE
+ F_SSL_GET_NEW_SESSION F_SSL_USE_CERTIFICATE NID_SMIMECapabilities
+ NID_basic_constraints NID_netscape_base_url NID_pkcs9_contentType
+ NID_pkcs9_signingTime OPENSSL_VERSION_MAJOR OPENSSL_VERSION_MINOR
+ OPENSSL_VERSION_PATCH OP_NETSCAPE_CA_DN_BUG SSL2_MT_SERVER_VERIFY
+ SSL3_MT_HELLO_REQUEST TLSEXT_TYPE_cert_type TLSEXT_TYPE_key_share
+ VERIFY_POST_HANDSHAKE X509_FILETYPE_DEFAULT X509_PURPOSE_CRL_SIGN
+ X509_TRUST_SSL_CLIENT X509_TRUST_SSL_SERVER X509_V_ERR_INVALID_CA
+ X509_V_ERR_OUT_OF_MEM X509_V_FLAG_CRL_CHECK XN_FLAG_SEP_CPLUS_SPC
+ XN_FLAG_SEP_MULTILINE XN_FLAG_SEP_SPLUS_SPC */
/* Offset 19 gives the best switch position. */
switch (name[19]) {
case 'C':
@@ -4139,6 +4431,16 @@ constant (const char *name, size_t len) {
}
break;
case 'G':
+ if (!memcmp(name, "AD_UNEXPECTED_MESSAGE", 21)) {
+ /* ^ */
+
+#ifdef SSL_AD_UNEXPECTED_MESSAGE
+ return SSL_AD_UNEXPECTED_MESSAGE;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "X509_PURPOSE_CRL_SIGN", 21)) {
/* ^ */
@@ -4197,6 +4499,16 @@ constant (const char *name, size_t len) {
}
break;
case 'O':
+ if (!memcmp(name, "AD_EXPORT_RESTRICTION", 21)) {
+ /* ^ */
+
+#ifdef SSL_AD_EXPORT_RESTRICTION
+ return SSL_AD_EXPORT_RESTRICTION;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "F_SSL_GET_NEW_SESSION", 21)) {
/* ^ */
@@ -4343,6 +4655,16 @@ constant (const char *name, size_t len) {
#endif
}
+ if (!memcmp(name, "TLSEXT_TYPE_cert_type", 21)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_cert_type
+ return TLSEXT_TYPE_cert_type;
+#else
+ goto not_there;
+#endif
+
+ }
break;
case 'r':
if (!memcmp(name, "NID_netscape_base_url", 21)) {
@@ -4355,6 +4677,16 @@ constant (const char *name, size_t len) {
#endif
}
+ if (!memcmp(name, "TLSEXT_TYPE_key_share", 21)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_key_share
+ return TLSEXT_TYPE_key_share;
+#else
+ goto not_there;
+#endif
+
+ }
break;
case 't':
if (!memcmp(name, "NID_basic_constraints", 21)) {
@@ -4372,12 +4704,14 @@ constant (const char *name, size_t len) {
break;
case 22:
/* Names all of length 22. */
- /* ASN1_STRFLGS_ESC_QUOTE ERROR_WANT_X509_LOOKUP F_SSL_SESSION_PRINT_FP
+ /* AD_CERTIFICATE_EXPIRED AD_CERTIFICATE_REVOKED AD_CERTIFICATE_UNKNOWN
+ ASN1_STRFLGS_ESC_QUOTE ERROR_WANT_X509_LOOKUP F_SSL_SESSION_PRINT_FP
NID_netscape_cert_type NID_netscape_data_type NID_pkcs9_emailAddress
OPENSSL_VERSION_NUMBER OPENSSL_VERSION_STRING OP_NO_ENCRYPT_THEN_MAC
R_PEER_ERROR_NO_CIPHER SESS_CACHE_NO_INTERNAL SESS_CACHE_UPDATE_TIME
- TLSEXT_STATUSTYPE_ocsp V_OCSP_CERTSTATUS_GOOD X509_TRUST_OBJECT_SIGN
- X509_V_ERR_UNSPECIFIED X509_V_FLAG_USE_DELTAS XN_FLAG_SEP_COMMA_PLUS */
+ TLSEXT_STATUSTYPE_ocsp TLSEXT_TYPE_early_data V_OCSP_CERTSTATUS_GOOD
+ X509_TRUST_OBJECT_SIGN X509_V_ERR_UNSPECIFIED X509_V_FLAG_USE_DELTAS
+ XN_FLAG_SEP_COMMA_PLUS */
/* Offset 18 gives the best switch position. */
switch (name[18]) {
case 'F':
@@ -4404,6 +4738,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'I':
+ if (!memcmp(name, "AD_CERTIFICATE_EXPIRED", 22)) {
+ /* ^ */
+
+#ifdef SSL_AD_CERTIFICATE_EXPIRED
+ return SSL_AD_CERTIFICATE_EXPIRED;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'L':
if (!memcmp(name, "X509_V_FLAG_USE_DELTAS", 22)) {
/* ^ */
@@ -4428,7 +4774,29 @@ constant (const char *name, size_t len) {
}
break;
+ case 'N':
+ if (!memcmp(name, "AD_CERTIFICATE_UNKNOWN", 22)) {
+ /* ^ */
+
+#ifdef SSL_AD_CERTIFICATE_UNKNOWN
+ return SSL_AD_CERTIFICATE_UNKNOWN;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'O':
+ if (!memcmp(name, "AD_CERTIFICATE_REVOKED", 22)) {
+ /* ^ */
+
+#ifdef SSL_AD_CERTIFICATE_REVOKED
+ return SSL_AD_CERTIFICATE_REVOKED;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "ERROR_WANT_X509_LOOKUP", 22)) {
/* ^ */
@@ -4542,6 +4910,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'd':
+ if (!memcmp(name, "TLSEXT_TYPE_early_data", 22)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_early_data
+ return TLSEXT_TYPE_early_data;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'o':
if (!memcmp(name, "TLSEXT_STATUSTYPE_ocsp", 22)) {
/* ^ */
@@ -4592,15 +4972,16 @@ constant (const char *name, size_t len) {
break;
case 23:
/* Names all of length 23. */
- /* ERROR_WANT_RETRY_VERIFY F_GET_CLIENT_MASTER_KEY F_SSL_USE_RSAPRIVATEKEY
- LIBRESSL_VERSION_NUMBER NID_pkcs8ShroudedKeyBag NID_pkcs9_messageDigest
- NID_stateOrProvinceName OPENSSL_INFO_CONFIG_DIR OP_CRYPTOPRO_TLSEXT_BUG
- R_BAD_RESPONSE_ARGUMENT R_PUBLIC_KEY_IS_NOT_RSA SSL2_MT_CLIENT_FINISHED
- SSL2_MT_SERVER_FINISHED SSL3_MT_CERTIFICATE_URL X509_PURPOSE_SMIME_SIGN
- X509_PURPOSE_SSL_CLIENT X509_PURPOSE_SSL_SERVER X509_TRUST_OCSP_REQUEST
- X509_V_ERR_CERT_REVOKED X509_V_ERR_INVALID_CALL X509_V_ERR_STORE_LOOKUP
- X509_V_FLAG_INHIBIT_ANY X509_V_FLAG_INHIBIT_MAP X509_V_FLAG_POLICY_MASK
- X509_V_FLAG_X509_STRICT */
+ /* AD_CERTIFICATE_REQUIRED AD_UNKNOWN_PSK_IDENTITY ERROR_WANT_RETRY_VERIFY
+ F_GET_CLIENT_MASTER_KEY F_SSL_USE_RSAPRIVATEKEY LIBRESSL_VERSION_NUMBER
+ NID_pkcs8ShroudedKeyBag NID_pkcs9_messageDigest NID_stateOrProvinceName
+ OPENSSL_INFO_CONFIG_DIR OP_CRYPTOPRO_TLSEXT_BUG R_BAD_RESPONSE_ARGUMENT
+ R_PUBLIC_KEY_IS_NOT_RSA SSL2_MT_CLIENT_FINISHED SSL2_MT_SERVER_FINISHED
+ SSL3_MT_CERTIFICATE_URL TLSEXT_TYPE_renegotiate TLSEXT_TYPE_server_name
+ X509_PURPOSE_SMIME_SIGN X509_PURPOSE_SSL_CLIENT X509_PURPOSE_SSL_SERVER
+ X509_TRUST_OCSP_REQUEST X509_V_ERR_CERT_REVOKED X509_V_ERR_INVALID_CALL
+ X509_V_ERR_STORE_LOOKUP X509_V_FLAG_INHIBIT_ANY X509_V_FLAG_INHIBIT_MAP
+ X509_V_FLAG_POLICY_MASK X509_V_FLAG_X509_STRICT */
/* Offset 13 gives the best switch position. */
switch (name[13]) {
case '5':
@@ -4628,6 +5009,16 @@ constant (const char *name, size_t len) {
}
break;
case 'E':
+ if (!memcmp(name, "AD_CERTIFICATE_REQUIRED", 23)) {
+ /* ^ */
+
+#ifdef SSL_AD_CERTIFICATE_REQUIRED
+ return SSL_AD_CERTIFICATE_REQUIRED;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "R_BAD_RESPONSE_ARGUMENT", 23)) {
/* ^ */
@@ -4673,6 +5064,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'K':
+ if (!memcmp(name, "AD_UNKNOWN_PSK_IDENTITY", 23)) {
+ /* ^ */
+
+#ifdef SSL_AD_UNKNOWN_PSK_IDENTITY
+ return SSL_AD_UNKNOWN_PSK_IDENTITY;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'M':
if (!memcmp(name, "F_GET_CLIENT_MASTER_KEY", 23)) {
/* ^ */
@@ -4849,6 +5252,28 @@ constant (const char *name, size_t len) {
}
break;
+ case 'e':
+ if (!memcmp(name, "TLSEXT_TYPE_renegotiate", 23)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_renegotiate
+ return TLSEXT_TYPE_renegotiate;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "TLSEXT_TYPE_server_name", 23)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_server_name
+ return TLSEXT_TYPE_server_name;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'o':
if (!memcmp(name, "NID_stateOrProvinceName", 23)) {
/* ^ */
@@ -4889,18 +5314,21 @@ constant (const char *name, size_t len) {
break;
case 24:
/* Names all of length 24. */
- /* F_SSL_RSA_PUBLIC_ENCRYPT NID_certificate_policies
- NID_md2WithRSAEncryption NID_md5WithRSAEncryption
- NID_netscape_renewal_url NID_pbeWithMD2AndDES_CBC
- NID_pbeWithMD2AndRC2_CBC NID_pbeWithMD5AndDES_CBC
- NID_pbeWithMD5AndRC2_CBC NID_shaWithRSAEncryption
- OPENSSL_INFO_ENGINES_DIR OPENSSL_INFO_MODULES_DIR
- OPENSSL_INFO_SEED_SOURCE OP_IGNORE_UNEXPECTED_EOF
- OP_LEGACY_SERVER_CONNECT OP_MICROSOFT_SESS_ID_BUG
- OP_TLS_BLOCK_PADDING_BUG R_CHALLENGE_IS_DIFFERENT
- R_CIPHER_TABLE_SRC_ERROR R_PEER_ERROR_CERTIFICATE
- R_READ_WRONG_PACKET_TYPE SESS_CACHE_NO_AUTO_CLEAR
- SSL3_RT_APPLICATION_DATA X509_PURPOSE_OCSP_HELPER
+ /* AD_DECOMPRESSION_FAILURE AD_INSUFFICIENT_SECURITY
+ AD_UNSUPPORTED_EXTENSION F_SSL_RSA_PUBLIC_ENCRYPT
+ NID_certificate_policies NID_md2WithRSAEncryption
+ NID_md5WithRSAEncryption NID_netscape_renewal_url
+ NID_pbeWithMD2AndDES_CBC NID_pbeWithMD2AndRC2_CBC
+ NID_pbeWithMD5AndDES_CBC NID_pbeWithMD5AndRC2_CBC
+ NID_shaWithRSAEncryption OPENSSL_INFO_ENGINES_DIR
+ OPENSSL_INFO_MODULES_DIR OPENSSL_INFO_SEED_SOURCE
+ OP_IGNORE_UNEXPECTED_EOF OP_LEGACY_SERVER_CONNECT
+ OP_MICROSOFT_SESS_ID_BUG OP_TLS_BLOCK_PADDING_BUG
+ R_CHALLENGE_IS_DIFFERENT R_CIPHER_TABLE_SRC_ERROR
+ R_PEER_ERROR_CERTIFICATE R_READ_WRONG_PACKET_TYPE
+ SESS_CACHE_NO_AUTO_CLEAR SSL3_RT_APPLICATION_DATA
+ TLSEXT_TYPE_client_authz TLSEXT_TYPE_server_authz
+ TLSEXT_TYPE_user_mapping X509_PURPOSE_OCSP_HELPER
X509_V_ERR_CERT_REJECTED X509_V_ERR_DANE_NO_MATCH
X509_V_ERR_NO_VALID_SCTS X509_V_FLAG_POLICY_CHECK */
/* Offset 13 gives the best switch position. */
@@ -5003,6 +5431,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'D':
+ if (!memcmp(name, "AD_UNSUPPORTED_EXTENSION", 24)) {
+ /* ^ */
+
+#ifdef SSL_AD_UNSUPPORTED_EXTENSION
+ return SSL_AD_UNSUPPORTED_EXTENSION;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'E':
if (!memcmp(name, "OPENSSL_INFO_ENGINES_DIR", 24)) {
/* ^ */
@@ -5025,6 +5465,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'I':
+ if (!memcmp(name, "AD_DECOMPRESSION_FAILURE", 24)) {
+ /* ^ */
+
+#ifdef SSL_AD_DECOMPRESSION_FAILURE
+ return SSL_AD_DECOMPRESSION_FAILURE;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'L':
if (!memcmp(name, "F_SSL_RSA_PUBLIC_ENCRYPT", 24)) {
/* ^ */
@@ -5050,6 +5502,16 @@ constant (const char *name, size_t len) {
}
break;
case 'N':
+ if (!memcmp(name, "AD_INSUFFICIENT_SECURITY", 24)) {
+ /* ^ */
+
+#ifdef SSL_AD_INSUFFICIENT_SECURITY
+ return SSL_AD_INSUFFICIENT_SECURITY;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "X509_V_ERR_DANE_NO_MATCH", 24)) {
/* ^ */
@@ -5195,6 +5657,30 @@ constant (const char *name, size_t len) {
}
break;
+ case 'e':
+ if (!memcmp(name, "TLSEXT_TYPE_server_authz", 24)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_server_authz
+ return TLSEXT_TYPE_server_authz;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'l':
+ if (!memcmp(name, "TLSEXT_TYPE_client_authz", 24)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_client_authz
+ return TLSEXT_TYPE_client_authz;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'r':
if (!memcmp(name, "NID_netscape_renewal_url", 24)) {
/* ^ */
@@ -5207,6 +5693,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 's':
+ if (!memcmp(name, "TLSEXT_TYPE_user_mapping", 24)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_user_mapping
+ return TLSEXT_TYPE_user_mapping;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 't':
if (!memcmp(name, "NID_certificate_policies", 24)) {
/* ^ */
@@ -5223,14 +5721,15 @@ constant (const char *name, size_t len) {
break;
case 25:
/* Names all of length 25. */
- /* F_SSL_RSA_PRIVATE_DECRYPT F_SSL_USE_PRIVATEKEY_ASN1
- F_SSL_USE_PRIVATEKEY_FILE MODE_ENABLE_PARTIAL_WRITE
- NID_pbeWithSHA1AndDES_CBC NID_pbeWithSHA1AndRC2_CBC
- NID_sha1WithRSAEncryption OPENSSL_INFO_CPU_SETTINGS
- OP_MSIE_SSLV2_RSA_PADDING OP_NETSCAPE_CHALLENGE_BUG
- OP_SAFARI_ECDHE_ECDSA_BUG R_BAD_AUTHENTICATION_TYPE
- SSL2_MT_CLIENT_MASTER_KEY SSL3_MT_END_OF_EARLY_DATA
- SSL3_MT_NEWSESSION_TICKET SSL3_MT_SUPPLEMENTAL_DATA
+ /* AD_INAPPROPRIATE_FALLBACK F_SSL_RSA_PRIVATE_DECRYPT
+ F_SSL_USE_PRIVATEKEY_ASN1 F_SSL_USE_PRIVATEKEY_FILE
+ MODE_ENABLE_PARTIAL_WRITE NID_pbeWithSHA1AndDES_CBC
+ NID_pbeWithSHA1AndRC2_CBC NID_sha1WithRSAEncryption
+ OPENSSL_INFO_CPU_SETTINGS OP_MSIE_SSLV2_RSA_PADDING
+ OP_NETSCAPE_CHALLENGE_BUG OP_SAFARI_ECDHE_ECDSA_BUG
+ R_BAD_AUTHENTICATION_TYPE SSL2_MT_CLIENT_MASTER_KEY
+ SSL3_MT_END_OF_EARLY_DATA SSL3_MT_NEWSESSION_TICKET
+ SSL3_MT_SUPPLEMENTAL_DATA TLSEXT_TYPE_psk_kex_modes
V_OCSP_CERTSTATUS_REVOKED V_OCSP_CERTSTATUS_UNKNOWN
X509_V_ERR_CA_MD_TOO_WEAK X509_V_ERR_CERT_UNTRUSTED
X509_V_ERR_EMAIL_MISMATCH X509_V_ERR_INVALID_NON_CA
@@ -5238,168 +5737,174 @@ constant (const char *name, size_t len) {
X509_V_FLAG_LEGACY_VERIFY X509_V_FLAG_NOTIFY_POLICY
X509_V_FLAG_NO_ALT_CHAINS X509_V_FLAG_NO_CHECK_TIME
X509_V_FLAG_PARTIAL_CHAIN X509_V_FLAG_TRUSTED_FIRST */
- /* Offset 19 gives the best switch position. */
- switch (name[19]) {
- case 'A':
- if (!memcmp(name, "OP_MSIE_SSLV2_RSA_PADDING", 25)) {
- /* ^ */
+ /* Offset 20 gives the best switch position. */
+ switch (name[20]) {
+ case '2':
+ if (!memcmp(name, "NID_pbeWithSHA1AndRC2_CBC", 25)) {
+ /* ^ */
-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
- return SSL_OP_MSIE_SSLV2_RSA_PADDING;
+#ifdef NID_pbeWithSHA1AndRC2_CBC
+ return NID_pbeWithSHA1AndRC2_CBC;
#else
goto not_there;
#endif
}
break;
- case 'C':
- if (!memcmp(name, "NID_pbeWithSHA1AndRC2_CBC", 25)) {
- /* ^ */
+ case 'A':
+ if (!memcmp(name, "OP_SAFARI_ECDHE_ECDSA_BUG", 25)) {
+ /* ^ */
-#ifdef NID_pbeWithSHA1AndRC2_CBC
- return NID_pbeWithSHA1AndRC2_CBC;
+#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+ return SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_FLAG_CRL_CHECK_ALL", 25)) {
- /* ^ */
+ break;
+ case 'C':
+ if (!memcmp(name, "F_SSL_RSA_PRIVATE_DECRYPT", 25)) {
+ /* ^ */
-#ifdef X509_V_FLAG_CRL_CHECK_ALL
- return X509_V_FLAG_CRL_CHECK_ALL;
+#ifdef SSL_F_SSL_RSA_PRIVATE_DECRYPT
+ return SSL_F_SSL_RSA_PRIVATE_DECRYPT;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_FLAG_NO_ALT_CHAINS", 25)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_FLAG_PARTIAL_CHAIN", 25)) {
+ /* ^ */
-#ifdef X509_V_FLAG_NO_ALT_CHAINS
- return X509_V_FLAG_NO_ALT_CHAINS;
+#ifdef X509_V_FLAG_PARTIAL_CHAIN
+ return X509_V_FLAG_PARTIAL_CHAIN;
#else
goto not_there;
#endif
}
break;
- case 'E':
- if (!memcmp(name, "F_SSL_RSA_PRIVATE_DECRYPT", 25)) {
- /* ^ */
+ case 'D':
+ if (!memcmp(name, "OP_MSIE_SSLV2_RSA_PADDING", 25)) {
+ /* ^ */
-#ifdef SSL_F_SSL_RSA_PRIVATE_DECRYPT
- return SSL_F_SSL_RSA_PRIVATE_DECRYPT;
+#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
+ return SSL_OP_MSIE_SSLV2_RSA_PADDING;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "NID_pbeWithSHA1AndDES_CBC", 25)) {
- /* ^ */
+ break;
+ case 'E':
+ if (!memcmp(name, "OP_NETSCAPE_CHALLENGE_BUG", 25)) {
+ /* ^ */
-#ifdef NID_pbeWithSHA1AndDES_CBC
- return NID_pbeWithSHA1AndDES_CBC;
+#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
+ return SSL_OP_NETSCAPE_CHALLENGE_BUG;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "SSL2_MT_CLIENT_MASTER_KEY", 25)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_FLAG_LEGACY_VERIFY", 25)) {
+ /* ^ */
-#ifdef SSL2_MT_CLIENT_MASTER_KEY
- return SSL2_MT_CLIENT_MASTER_KEY;
+#ifdef X509_V_FLAG_LEGACY_VERIFY
+ return X509_V_FLAG_LEGACY_VERIFY;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "V_OCSP_CERTSTATUS_REVOKED", 25)) {
- /* ^ */
+ break;
+ case 'F':
+ if (!memcmp(name, "X509_V_FLAG_TRUSTED_FIRST", 25)) {
+ /* ^ */
-#ifdef V_OCSP_CERTSTATUS_REVOKED
- return V_OCSP_CERTSTATUS_REVOKED;
+#ifdef X509_V_FLAG_TRUSTED_FIRST
+ return X509_V_FLAG_TRUSTED_FIRST;
#else
goto not_there;
#endif
}
break;
- case 'G':
- if (!memcmp(name, "OP_NETSCAPE_CHALLENGE_BUG", 25)) {
- /* ^ */
+ case 'H':
+ if (!memcmp(name, "X509_V_FLAG_NO_ALT_CHAINS", 25)) {
+ /* ^ */
-#ifdef SSL_OP_NETSCAPE_CHALLENGE_BUG
- return SSL_OP_NETSCAPE_CHALLENGE_BUG;
+#ifdef X509_V_FLAG_NO_ALT_CHAINS
+ return X509_V_FLAG_NO_ALT_CHAINS;
#else
goto not_there;
#endif
}
break;
- case 'K':
- if (!memcmp(name, "X509_V_FLAG_NO_CHECK_TIME", 25)) {
- /* ^ */
+ case 'I':
+ if (!memcmp(name, "SSL3_MT_NEWSESSION_TICKET", 25)) {
+ /* ^ */
-#ifdef X509_V_FLAG_NO_CHECK_TIME
- return X509_V_FLAG_NO_CHECK_TIME;
+#ifdef SSL3_MT_NEWSESSION_TICKET
+ return SSL3_MT_NEWSESSION_TICKET;
#else
goto not_there;
#endif
}
- break;
- case 'L':
- if (!memcmp(name, "SSL3_MT_SUPPLEMENTAL_DATA", 25)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_ERR_SUBTREE_MINMAX", 25)) {
+ /* ^ */
-#ifdef SSL3_MT_SUPPLEMENTAL_DATA
- return SSL3_MT_SUPPLEMENTAL_DATA;
+#ifdef X509_V_ERR_SUBTREE_MINMAX
+ return X509_V_ERR_SUBTREE_MINMAX;
#else
goto not_there;
#endif
}
break;
- case 'M':
- if (!memcmp(name, "X509_V_ERR_SUBTREE_MINMAX", 25)) {
- /* ^ */
+ case 'K':
+ if (!memcmp(name, "V_OCSP_CERTSTATUS_UNKNOWN", 25)) {
+ /* ^ */
-#ifdef X509_V_ERR_SUBTREE_MINMAX
- return X509_V_ERR_SUBTREE_MINMAX;
+#ifdef V_OCSP_CERTSTATUS_UNKNOWN
+ return V_OCSP_CERTSTATUS_UNKNOWN;
#else
goto not_there;
#endif
}
- break;
- case 'N':
- if (!memcmp(name, "R_BAD_AUTHENTICATION_TYPE", 25)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_FLAG_CRL_CHECK_ALL", 25)) {
+ /* ^ */
-#ifdef SSL_R_BAD_AUTHENTICATION_TYPE
- return SSL_R_BAD_AUTHENTICATION_TYPE;
+#ifdef X509_V_FLAG_CRL_CHECK_ALL
+ return X509_V_FLAG_CRL_CHECK_ALL;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "V_OCSP_CERTSTATUS_UNKNOWN", 25)) {
- /* ^ */
+ break;
+ case 'L':
+ if (!memcmp(name, "AD_INAPPROPRIATE_FALLBACK", 25)) {
+ /* ^ */
-#ifdef V_OCSP_CERTSTATUS_UNKNOWN
- return V_OCSP_CERTSTATUS_UNKNOWN;
+#ifdef SSL_AD_INAPPROPRIATE_FALLBACK
+ return SSL_AD_INAPPROPRIATE_FALLBACK;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_ERR_INVALID_NON_CA", 25)) {
- /* ^ */
+ break;
+ case 'M':
+ if (!memcmp(name, "X509_V_ERR_EMAIL_MISMATCH", 25)) {
+ /* ^ */
-#ifdef X509_V_ERR_INVALID_NON_CA
- return X509_V_ERR_INVALID_NON_CA;
+#ifdef X509_V_ERR_EMAIL_MISMATCH
+ return X509_V_ERR_EMAIL_MISMATCH;
#else
goto not_there;
#endif
@@ -5407,20 +5912,18 @@ constant (const char *name, size_t len) {
}
break;
case 'O':
- if (!memcmp(name, "X509_V_ERR_CA_MD_TOO_WEAK", 25)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_ERR_INVALID_NON_CA", 25)) {
+ /* ^ */
-#ifdef X509_V_ERR_CA_MD_TOO_WEAK
- return X509_V_ERR_CA_MD_TOO_WEAK;
+#ifdef X509_V_ERR_INVALID_NON_CA
+ return X509_V_ERR_INVALID_NON_CA;
#else
goto not_there;
#endif
}
- break;
- case 'P':
if (!memcmp(name, "X509_V_FLAG_NOTIFY_POLICY", 25)) {
- /* ^ */
+ /* ^ */
#ifdef X509_V_FLAG_NOTIFY_POLICY
return X509_V_FLAG_NOTIFY_POLICY;
@@ -5431,11 +5934,11 @@ constant (const char *name, size_t len) {
}
break;
case 'R':
- if (!memcmp(name, "X509_V_ERR_CERT_UNTRUSTED", 25)) {
- /* ^ */
+ if (!memcmp(name, "SSL2_MT_CLIENT_MASTER_KEY", 25)) {
+ /* ^ */
-#ifdef X509_V_ERR_CERT_UNTRUSTED
- return X509_V_ERR_CERT_UNTRUSTED;
+#ifdef SSL2_MT_CLIENT_MASTER_KEY
+ return SSL2_MT_CLIENT_MASTER_KEY;
#else
goto not_there;
#endif
@@ -5443,64 +5946,68 @@ constant (const char *name, size_t len) {
}
break;
case 'S':
- if (!memcmp(name, "OP_SAFARI_ECDHE_ECDSA_BUG", 25)) {
- /* ^ */
+ if (!memcmp(name, "NID_pbeWithSHA1AndDES_CBC", 25)) {
+ /* ^ */
-#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG
- return SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
+#ifdef NID_pbeWithSHA1AndDES_CBC
+ return NID_pbeWithSHA1AndDES_CBC;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_ERR_EMAIL_MISMATCH", 25)) {
- /* ^ */
+ break;
+ case 'T':
+ if (!memcmp(name, "OPENSSL_INFO_CPU_SETTINGS", 25)) {
+ /* ^ */
-#ifdef X509_V_ERR_EMAIL_MISMATCH
- return X509_V_ERR_EMAIL_MISMATCH;
+#ifdef OPENSSL_INFO_CPU_SETTINGS
+ return OPENSSL_INFO_CPU_SETTINGS;
#else
goto not_there;
#endif
}
break;
- case 'T':
- if (!memcmp(name, "OPENSSL_INFO_CPU_SETTINGS", 25)) {
- /* ^ */
+ case 'U':
+ if (!memcmp(name, "X509_V_ERR_CERT_UNTRUSTED", 25)) {
+ /* ^ */
-#ifdef OPENSSL_INFO_CPU_SETTINGS
- return OPENSSL_INFO_CPU_SETTINGS;
+#ifdef X509_V_ERR_CERT_UNTRUSTED
+ return X509_V_ERR_CERT_UNTRUSTED;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "SSL3_MT_NEWSESSION_TICKET", 25)) {
- /* ^ */
+ break;
+ case 'V':
+ if (!memcmp(name, "V_OCSP_CERTSTATUS_REVOKED", 25)) {
+ /* ^ */
-#ifdef SSL3_MT_NEWSESSION_TICKET
- return SSL3_MT_NEWSESSION_TICKET;
+#ifdef V_OCSP_CERTSTATUS_REVOKED
+ return V_OCSP_CERTSTATUS_REVOKED;
#else
goto not_there;
#endif
}
break;
- case 'V':
- if (!memcmp(name, "X509_V_FLAG_LEGACY_VERIFY", 25)) {
- /* ^ */
+ case 'W':
+ if (!memcmp(name, "MODE_ENABLE_PARTIAL_WRITE", 25)) {
+ /* ^ */
-#ifdef X509_V_FLAG_LEGACY_VERIFY
- return X509_V_FLAG_LEGACY_VERIFY;
+#ifdef SSL_MODE_ENABLE_PARTIAL_WRITE
+ return SSL_MODE_ENABLE_PARTIAL_WRITE;
#else
goto not_there;
#endif
}
break;
- case 'Y':
+ case '_':
if (!memcmp(name, "F_SSL_USE_PRIVATEKEY_ASN1", 25)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_F_SSL_USE_PRIVATEKEY_ASN1
return SSL_F_SSL_USE_PRIVATEKEY_ASN1;
@@ -5510,7 +6017,7 @@ constant (const char *name, size_t len) {
}
if (!memcmp(name, "F_SSL_USE_PRIVATEKEY_FILE", 25)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_F_SSL_USE_PRIVATEKEY_FILE
return SSL_F_SSL_USE_PRIVATEKEY_FILE;
@@ -5519,8 +6026,18 @@ constant (const char *name, size_t len) {
#endif
}
+ if (!memcmp(name, "R_BAD_AUTHENTICATION_TYPE", 25)) {
+ /* ^ */
+
+#ifdef SSL_R_BAD_AUTHENTICATION_TYPE
+ return SSL_R_BAD_AUTHENTICATION_TYPE;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "SSL3_MT_END_OF_EARLY_DATA", 25)) {
- /* ^ */
+ /* ^ */
#ifdef SSL3_MT_END_OF_EARLY_DATA
return SSL3_MT_END_OF_EARLY_DATA;
@@ -5529,42 +6046,52 @@ constant (const char *name, size_t len) {
#endif
}
- break;
- case '_':
- if (!memcmp(name, "MODE_ENABLE_PARTIAL_WRITE", 25)) {
- /* ^ */
+ if (!memcmp(name, "SSL3_MT_SUPPLEMENTAL_DATA", 25)) {
+ /* ^ */
-#ifdef SSL_MODE_ENABLE_PARTIAL_WRITE
- return SSL_MODE_ENABLE_PARTIAL_WRITE;
+#ifdef SSL3_MT_SUPPLEMENTAL_DATA
+ return SSL3_MT_SUPPLEMENTAL_DATA;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_FLAG_PARTIAL_CHAIN", 25)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_ERR_CA_MD_TOO_WEAK", 25)) {
+ /* ^ */
-#ifdef X509_V_FLAG_PARTIAL_CHAIN
- return X509_V_FLAG_PARTIAL_CHAIN;
+#ifdef X509_V_ERR_CA_MD_TOO_WEAK
+ return X509_V_ERR_CA_MD_TOO_WEAK;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_FLAG_TRUSTED_FIRST", 25)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_FLAG_NO_CHECK_TIME", 25)) {
+ /* ^ */
-#ifdef X509_V_FLAG_TRUSTED_FIRST
- return X509_V_FLAG_TRUSTED_FIRST;
+#ifdef X509_V_FLAG_NO_CHECK_TIME
+ return X509_V_FLAG_NO_CHECK_TIME;
#else
goto not_there;
#endif
}
break;
- case 'y':
+ case 'm':
+ if (!memcmp(name, "TLSEXT_TYPE_psk_kex_modes", 25)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_psk_kex_modes
+ return TLSEXT_TYPE_psk_kex_modes;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'p':
if (!memcmp(name, "NID_sha1WithRSAEncryption", 25)) {
- /* ^ */
+ /* ^ */
#ifdef NID_sha1WithRSAEncryption
return NID_sha1WithRSAEncryption;
@@ -5578,7 +6105,8 @@ constant (const char *name, size_t len) {
break;
case 26:
/* Names all of length 26. */
- /* ERROR_WANT_CLIENT_HELLO_CB F_SSL_USE_CERTIFICATE_ASN1
+ /* AD_NO_APPLICATION_PROTOCOL AD_UNSUPPORTED_CERTIFICATE
+ ERROR_WANT_CLIENT_HELLO_CB F_SSL_USE_CERTIFICATE_ASN1
F_SSL_USE_CERTIFICATE_FILE NID_netscape_ca_policy_url
NID_netscape_cert_sequence NID_organizationalUnitName
NID_pbeWithMD5AndCast5_CBC NID_pkcs9_countersignature
@@ -5589,7 +6117,9 @@ constant (const char *name, size_t len) {
R_PUBLIC_KEY_ENCRYPT_ERROR SSL2_MT_CLIENT_CERTIFICATE
SSL3_MT_CERTIFICATE_STATUS SSL3_MT_CERTIFICATE_VERIFY
SSL3_MT_CHANGE_CIPHER_SPEC SSL3_RT_CHANGE_CIPHER_SPEC
- SSL3_RT_INNER_CONTENT_TYPE X509_PURPOSE_NS_SSL_SERVER
+ SSL3_RT_INNER_CONTENT_TYPE TLSEXT_TYPE_next_proto_neg
+ TLSEXT_TYPE_session_ticket TLSEXT_TYPE_status_request
+ TLSEXT_TYPE_truncated_hmac X509_PURPOSE_NS_SSL_SERVER
X509_PURPOSE_SMIME_ENCRYPT X509_V_ERR_CRL_HAS_EXPIRED
X509_V_ERR_INVALID_PURPOSE X509_V_FLAG_SUITEB_128_LOS
X509_V_FLAG_SUITEB_192_LOS X509_V_FLAG_USE_CHECK_TIME */
@@ -5674,6 +6204,16 @@ constant (const char *name, size_t len) {
}
break;
case 'F':
+ if (!memcmp(name, "AD_UNSUPPORTED_CERTIFICATE", 26)) {
+ /* ^ */
+
+#ifdef SSL_AD_UNSUPPORTED_CERTIFICATE
+ return SSL_AD_UNSUPPORTED_CERTIFICATE;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "SSL2_MT_CLIENT_CERTIFICATE", 26)) {
/* ^ */
@@ -5743,6 +6283,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'O':
+ if (!memcmp(name, "AD_NO_APPLICATION_PROTOCOL", 26)) {
+ /* ^ */
+
+#ifdef SSL_AD_NO_APPLICATION_PROTOCOL
+ return SSL_AD_NO_APPLICATION_PROTOCOL;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'R':
if (!memcmp(name, "SSL3_MT_CHANGE_CIPHER_SPEC", 26)) {
/* ^ */
@@ -5869,6 +6421,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'd':
+ if (!memcmp(name, "TLSEXT_TYPE_truncated_hmac", 26)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_truncated_hmac
+ return TLSEXT_TYPE_truncated_hmac;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'e':
if (!memcmp(name, "NID_pkcs9_unstructuredName", 26)) {
/* ^ */
@@ -5880,6 +6444,16 @@ constant (const char *name, size_t len) {
#endif
}
+ if (!memcmp(name, "TLSEXT_TYPE_status_request", 26)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_status_request
+ return TLSEXT_TYPE_status_request;
+#else
+ goto not_there;
+#endif
+
+ }
break;
case 'i':
if (!memcmp(name, "NID_organizationalUnitName", 26)) {
@@ -5938,145 +6512,174 @@ constant (const char *name, size_t len) {
#endif
}
+ if (!memcmp(name, "TLSEXT_TYPE_next_proto_neg", 26)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_next_proto_neg
+ return TLSEXT_TYPE_next_proto_neg;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "TLSEXT_TYPE_session_ticket", 26)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_session_ticket
+ return TLSEXT_TYPE_session_ticket;
+#else
+ goto not_there;
+#endif
+
+ }
break;
}
break;
case 27:
/* Names all of length 27. */
- /* NID_crl_distribution_points NID_netscape_cert_extension
- NID_netscape_revocation_url NID_pbe_WithSHA1And40BitRC4
- NID_pkcs9_challengePassword NID_pkcs9_extCertAttributes
- OPENSSL_FULL_VERSION_STRING OPENSSL_INFO_LIST_SEPARATOR
- OP_CIPHER_SERVER_PREFERENCE OP_SSLEAY_080_CLIENT_DH_BUG
- R_BAD_SSL_SESSION_ID_LENGTH R_UNKNOWN_REMOTE_ERROR_TYPE
- SSL2_MT_REQUEST_CERTIFICATE SSL3_MT_CERTIFICATE_REQUEST
- SSL3_MT_CLIENT_KEY_EXCHANGE SSL3_MT_SERVER_KEY_EXCHANGE
- VERIFY_FAIL_IF_NO_PEER_CERT X509_PURPOSE_TIMESTAMP_SIGN
- X509_V_ERR_CA_KEY_TOO_SMALL X509_V_ERR_CERT_HAS_EXPIRED
- X509_V_ERR_EE_KEY_TOO_SMALL X509_V_FLAG_CB_ISSUER_CHECK
- X509_V_FLAG_EXPLICIT_POLICY X509_V_FLAG_IGNORE_CRITICAL
- XN_FLAG_DUMP_UNKNOWN_FIELDS */
- /* Offset 13 gives the best switch position. */
- switch (name[13]) {
- case 'B':
- if (!memcmp(name, "X509_V_FLAG_CB_ISSUER_CHECK", 27)) {
- /* ^ */
+ /* AD_CERTIFICATE_UNOBTAINABLE NID_crl_distribution_points
+ NID_netscape_cert_extension NID_netscape_revocation_url
+ NID_pbe_WithSHA1And40BitRC4 NID_pkcs9_challengePassword
+ NID_pkcs9_extCertAttributes OPENSSL_FULL_VERSION_STRING
+ OPENSSL_INFO_LIST_SEPARATOR OP_CIPHER_SERVER_PREFERENCE
+ OP_SSLEAY_080_CLIENT_DH_BUG R_BAD_SSL_SESSION_ID_LENGTH
+ R_UNKNOWN_REMOTE_ERROR_TYPE SSL2_MT_REQUEST_CERTIFICATE
+ SSL3_MT_CERTIFICATE_REQUEST SSL3_MT_CLIENT_KEY_EXCHANGE
+ SSL3_MT_SERVER_KEY_EXCHANGE TLSEXT_TYPE_elliptic_curves
+ TLSEXT_TYPE_trusted_ca_keys VERIFY_FAIL_IF_NO_PEER_CERT
+ X509_PURPOSE_TIMESTAMP_SIGN X509_V_ERR_CA_KEY_TOO_SMALL
+ X509_V_ERR_CERT_HAS_EXPIRED X509_V_ERR_EE_KEY_TOO_SMALL
+ X509_V_FLAG_CB_ISSUER_CHECK X509_V_FLAG_EXPLICIT_POLICY
+ X509_V_FLAG_IGNORE_CRITICAL XN_FLAG_DUMP_UNKNOWN_FIELDS */
+ /* Offset 21 gives the best switch position. */
+ switch (name[21]) {
+ case 'A':
+ if (!memcmp(name, "OPENSSL_INFO_LIST_SEPARATOR", 27)) {
+ /* ^ */
-#ifdef X509_V_FLAG_CB_ISSUER_CHECK
- return X509_V_FLAG_CB_ISSUER_CHECK;
+#ifdef OPENSSL_INFO_LIST_SEPARATOR
+ return OPENSSL_INFO_LIST_SEPARATOR;
#else
goto not_there;
#endif
}
break;
- case 'C':
- if (!memcmp(name, "NID_pkcs9_extCertAttributes", 27)) {
- /* ^ */
+ case 'B':
+ if (!memcmp(name, "NID_pbe_WithSHA1And40BitRC4", 27)) {
+ /* ^ */
-#ifdef NID_pkcs9_extCertAttributes
- return NID_pkcs9_extCertAttributes;
+#ifdef NID_pbe_WithSHA1And40BitRC4
+ return NID_pbe_WithSHA1And40BitRC4;
#else
goto not_there;
#endif
}
break;
- case 'F':
- if (!memcmp(name, "SSL3_MT_CERTIFICATE_REQUEST", 27)) {
- /* ^ */
+ case 'C':
+ if (!memcmp(name, "SSL3_MT_CLIENT_KEY_EXCHANGE", 27)) {
+ /* ^ */
-#ifdef SSL3_MT_CERTIFICATE_REQUEST
- return SSL3_MT_CERTIFICATE_REQUEST;
+#ifdef SSL3_MT_CLIENT_KEY_EXCHANGE
+ return SSL3_MT_CLIENT_KEY_EXCHANGE;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "VERIFY_FAIL_IF_NO_PEER_CERT", 27)) {
- /* ^ */
+ if (!memcmp(name, "SSL3_MT_SERVER_KEY_EXCHANGE", 27)) {
+ /* ^ */
-#ifdef SSL_VERIFY_FAIL_IF_NO_PEER_CERT
- return SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+#ifdef SSL3_MT_SERVER_KEY_EXCHANGE
+ return SSL3_MT_SERVER_KEY_EXCHANGE;
#else
goto not_there;
#endif
}
break;
- case 'G':
- if (!memcmp(name, "X509_V_FLAG_IGNORE_CRITICAL", 27)) {
- /* ^ */
+ case 'D':
+ if (!memcmp(name, "OP_SSLEAY_080_CLIENT_DH_BUG", 27)) {
+ /* ^ */
-#ifdef X509_V_FLAG_IGNORE_CRITICAL
- return X509_V_FLAG_IGNORE_CRITICAL;
+#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+ return SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
#else
goto not_there;
#endif
}
break;
- case 'H':
- if (!memcmp(name, "NID_pbe_WithSHA1And40BitRC4", 27)) {
- /* ^ */
+ case 'E':
+ if (!memcmp(name, "OP_CIPHER_SERVER_PREFERENCE", 27)) {
+ /* ^ */
-#ifdef NID_pbe_WithSHA1And40BitRC4
- return NID_pbe_WithSHA1And40BitRC4;
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+ return SSL_OP_CIPHER_SERVER_PREFERENCE;
#else
goto not_there;
#endif
}
- break;
- case 'L':
- if (!memcmp(name, "OPENSSL_INFO_LIST_SEPARATOR", 27)) {
- /* ^ */
+ if (!memcmp(name, "SSL3_MT_CERTIFICATE_REQUEST", 27)) {
+ /* ^ */
-#ifdef OPENSSL_INFO_LIST_SEPARATOR
- return OPENSSL_INFO_LIST_SEPARATOR;
+#ifdef SSL3_MT_CERTIFICATE_REQUEST
+ return SSL3_MT_CERTIFICATE_REQUEST;
#else
goto not_there;
#endif
}
break;
- case 'O':
- if (!memcmp(name, "R_UNKNOWN_REMOTE_ERROR_TYPE", 27)) {
- /* ^ */
+ case 'F':
+ if (!memcmp(name, "SSL2_MT_REQUEST_CERTIFICATE", 27)) {
+ /* ^ */
-#ifdef SSL_R_UNKNOWN_REMOTE_ERROR_TYPE
- return SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
+#ifdef SSL2_MT_REQUEST_CERTIFICATE
+ return SSL2_MT_REQUEST_CERTIFICATE;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "XN_FLAG_DUMP_UNKNOWN_FIELDS", 27)) {
+ /* ^ */
+
+#ifdef XN_FLAG_DUMP_UNKNOWN_FIELDS
+ return XN_FLAG_DUMP_UNKNOWN_FIELDS;
#else
goto not_there;
#endif
}
break;
- case 'R':
- if (!memcmp(name, "SSL3_MT_SERVER_KEY_EXCHANGE", 27)) {
- /* ^ */
+ case 'I':
+ if (!memcmp(name, "AD_CERTIFICATE_UNOBTAINABLE", 27)) {
+ /* ^ */
-#ifdef SSL3_MT_SERVER_KEY_EXCHANGE
- return SSL3_MT_SERVER_KEY_EXCHANGE;
+#ifdef SSL_AD_CERTIFICATE_UNOBTAINABLE
+ return SSL_AD_CERTIFICATE_UNOBTAINABLE;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_ERR_CERT_HAS_EXPIRED", 27)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_FLAG_IGNORE_CRITICAL", 27)) {
+ /* ^ */
-#ifdef X509_V_ERR_CERT_HAS_EXPIRED
- return X509_V_ERR_CERT_HAS_EXPIRED;
+#ifdef X509_V_FLAG_IGNORE_CRITICAL
+ return X509_V_FLAG_IGNORE_CRITICAL;
#else
goto not_there;
#endif
}
break;
- case 'S':
+ case 'L':
if (!memcmp(name, "R_BAD_SSL_SESSION_ID_LENGTH", 27)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_R_BAD_SSL_SESSION_ID_LENGTH
return SSL_R_BAD_SSL_SESSION_ID_LENGTH;
@@ -6085,54 +6688,54 @@ constant (const char *name, size_t len) {
#endif
}
- if (!memcmp(name, "SSL2_MT_REQUEST_CERTIFICATE", 27)) {
- /* ^ */
+ break;
+ case 'P':
+ if (!memcmp(name, "X509_PURPOSE_TIMESTAMP_SIGN", 27)) {
+ /* ^ */
-#ifdef SSL2_MT_REQUEST_CERTIFICATE
- return SSL2_MT_REQUEST_CERTIFICATE;
+#ifdef X509_PURPOSE_TIMESTAMP_SIGN
+ return X509_PURPOSE_TIMESTAMP_SIGN;
#else
goto not_there;
#endif
}
- break;
- case 'T':
- if (!memcmp(name, "SSL3_MT_CLIENT_KEY_EXCHANGE", 27)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_FLAG_EXPLICIT_POLICY", 27)) {
+ /* ^ */
-#ifdef SSL3_MT_CLIENT_KEY_EXCHANGE
- return SSL3_MT_CLIENT_KEY_EXCHANGE;
+#ifdef X509_V_FLAG_EXPLICIT_POLICY
+ return X509_V_FLAG_EXPLICIT_POLICY;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_PURPOSE_TIMESTAMP_SIGN", 27)) {
- /* ^ */
+ break;
+ case 'R':
+ if (!memcmp(name, "R_UNKNOWN_REMOTE_ERROR_TYPE", 27)) {
+ /* ^ */
-#ifdef X509_PURPOSE_TIMESTAMP_SIGN
- return X509_PURPOSE_TIMESTAMP_SIGN;
+#ifdef SSL_R_UNKNOWN_REMOTE_ERROR_TYPE
+ return SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
#else
goto not_there;
#endif
}
- break;
- case 'U':
- if (!memcmp(name, "XN_FLAG_DUMP_UNKNOWN_FIELDS", 27)) {
- /* ^ */
+ if (!memcmp(name, "VERIFY_FAIL_IF_NO_PEER_CERT", 27)) {
+ /* ^ */
-#ifdef XN_FLAG_DUMP_UNKNOWN_FIELDS
- return XN_FLAG_DUMP_UNKNOWN_FIELDS;
+#ifdef SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+ return SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
#else
goto not_there;
#endif
}
break;
- case 'V':
+ case 'S':
if (!memcmp(name, "OPENSSL_FULL_VERSION_STRING", 27)) {
- /* ^ */
+ /* ^ */
#ifdef OPENSSL_FULL_VERSION_STRING
return OPENSSL_FULL_VERSION_STRING;
@@ -6141,55 +6744,57 @@ constant (const char *name, size_t len) {
#endif
}
- if (!memcmp(name, "OP_CIPHER_SERVER_PREFERENCE", 27)) {
- /* ^ */
+ break;
+ case 'X':
+ if (!memcmp(name, "X509_V_ERR_CERT_HAS_EXPIRED", 27)) {
+ /* ^ */
-#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
- return SSL_OP_CIPHER_SERVER_PREFERENCE;
+#ifdef X509_V_ERR_CERT_HAS_EXPIRED
+ return X509_V_ERR_CERT_HAS_EXPIRED;
#else
goto not_there;
#endif
}
break;
- case 'X':
- if (!memcmp(name, "X509_V_FLAG_EXPLICIT_POLICY", 27)) {
- /* ^ */
+ case '_':
+ if (!memcmp(name, "X509_V_ERR_CA_KEY_TOO_SMALL", 27)) {
+ /* ^ */
-#ifdef X509_V_FLAG_EXPLICIT_POLICY
- return X509_V_FLAG_EXPLICIT_POLICY;
+#ifdef X509_V_ERR_CA_KEY_TOO_SMALL
+ return X509_V_ERR_CA_KEY_TOO_SMALL;
#else
goto not_there;
#endif
}
- break;
- case '_':
- if (!memcmp(name, "OP_SSLEAY_080_CLIENT_DH_BUG", 27)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_ERR_EE_KEY_TOO_SMALL", 27)) {
+ /* ^ */
-#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
- return SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
+#ifdef X509_V_ERR_EE_KEY_TOO_SMALL
+ return X509_V_ERR_EE_KEY_TOO_SMALL;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_ERR_CA_KEY_TOO_SMALL", 27)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_FLAG_CB_ISSUER_CHECK", 27)) {
+ /* ^ */
-#ifdef X509_V_ERR_CA_KEY_TOO_SMALL
- return X509_V_ERR_CA_KEY_TOO_SMALL;
+#ifdef X509_V_FLAG_CB_ISSUER_CHECK
+ return X509_V_FLAG_CB_ISSUER_CHECK;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_ERR_EE_KEY_TOO_SMALL", 27)) {
- /* ^ */
+ break;
+ case 'a':
+ if (!memcmp(name, "TLSEXT_TYPE_trusted_ca_keys", 27)) {
+ /* ^ */
-#ifdef X509_V_ERR_EE_KEY_TOO_SMALL
- return X509_V_ERR_EE_KEY_TOO_SMALL;
+#ifdef TLSEXT_TYPE_trusted_ca_keys
+ return TLSEXT_TYPE_trusted_ca_keys;
#else
goto not_there;
#endif
@@ -6197,8 +6802,20 @@ constant (const char *name, size_t len) {
}
break;
case 'c':
+ if (!memcmp(name, "TLSEXT_TYPE_elliptic_curves", 27)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_elliptic_curves
+ return TLSEXT_TYPE_elliptic_curves;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'e':
if (!memcmp(name, "NID_netscape_cert_extension", 27)) {
- /* ^ */
+ /* ^ */
#ifdef NID_netscape_cert_extension
return NID_netscape_cert_extension;
@@ -6209,35 +6826,47 @@ constant (const char *name, size_t len) {
}
break;
case 'i':
- if (!memcmp(name, "NID_crl_distribution_points", 27)) {
- /* ^ */
+ if (!memcmp(name, "NID_pkcs9_extCertAttributes", 27)) {
+ /* ^ */
-#ifdef NID_crl_distribution_points
- return NID_crl_distribution_points;
+#ifdef NID_pkcs9_extCertAttributes
+ return NID_pkcs9_extCertAttributes;
#else
goto not_there;
#endif
}
break;
- case 'l':
- if (!memcmp(name, "NID_pkcs9_challengePassword", 27)) {
- /* ^ */
+ case 'o':
+ if (!memcmp(name, "NID_netscape_revocation_url", 27)) {
+ /* ^ */
-#ifdef NID_pkcs9_challengePassword
- return NID_pkcs9_challengePassword;
+#ifdef NID_netscape_revocation_url
+ return NID_netscape_revocation_url;
#else
goto not_there;
#endif
}
break;
- case 'r':
- if (!memcmp(name, "NID_netscape_revocation_url", 27)) {
- /* ^ */
+ case 'p':
+ if (!memcmp(name, "NID_crl_distribution_points", 27)) {
+ /* ^ */
-#ifdef NID_netscape_revocation_url
- return NID_netscape_revocation_url;
+#ifdef NID_crl_distribution_points
+ return NID_crl_distribution_points;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 's':
+ if (!memcmp(name, "NID_pkcs9_challengePassword", 27)) {
+ /* ^ */
+
+#ifdef NID_pkcs9_challengePassword
+ return NID_pkcs9_challengePassword;
#else
goto not_there;
#endif
@@ -6253,85 +6882,76 @@ constant (const char *name, size_t len) {
NID_pbe_WithSHA1And128BitRC4 NID_pkcs7_signedAndEnveloped
NID_private_key_usage_period OP_NO_EXTENDED_MASTER_SECRET
SESS_CACHE_NO_INTERNAL_STORE SSL3_MT_ENCRYPTED_EXTENSIONS
- X509_CHECK_FLAG_NO_WILDCARDS X509_V_ERR_CRL_NOT_YET_VALID
- X509_V_ERR_HOSTNAME_MISMATCH X509_V_ERR_INVALID_EXTENSION
- X509_V_ERR_ISSUER_NAME_EMPTY X509_V_ERR_OCSP_CERT_UNKNOWN
- X509_V_ERR_UNABLE_TO_GET_CRL X509_V_ERR_UNNESTED_RESOURCE */
- /* Offset 11 gives the best switch position. */
- switch (name[11]) {
- case 'C':
- if (!memcmp(name, "X509_V_ERR_CRL_NOT_YET_VALID", 28)) {
- /* ^ */
+ TLSEXT_TYPE_client_cert_type TLSEXT_TYPE_ec_point_formats
+ TLSEXT_TYPE_encrypt_then_mac TLSEXT_TYPE_server_cert_type
+ TLSEXT_TYPE_supported_groups X509_CHECK_FLAG_NO_WILDCARDS
+ X509_V_ERR_CRL_NOT_YET_VALID X509_V_ERR_HOSTNAME_MISMATCH
+ X509_V_ERR_INVALID_EXTENSION X509_V_ERR_ISSUER_NAME_EMPTY
+ X509_V_ERR_OCSP_CERT_UNKNOWN X509_V_ERR_UNABLE_TO_GET_CRL
+ X509_V_ERR_UNNESTED_RESOURCE */
+ /* Offset 14 gives the best switch position. */
+ switch (name[14]) {
+ case 'A':
+ if (!memcmp(name, "NID_pbe_WithSHA1And128BitRC4", 28)) {
+ /* ^ */
-#ifdef X509_V_ERR_CRL_NOT_YET_VALID
- return X509_V_ERR_CRL_NOT_YET_VALID;
+#ifdef NID_pbe_WithSHA1And128BitRC4
+ return NID_pbe_WithSHA1And128BitRC4;
#else
goto not_there;
#endif
}
- break;
- case 'D':
- if (!memcmp(name, "OP_NO_EXTENDED_MASTER_SECRET", 28)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_ERR_INVALID_EXTENSION", 28)) {
+ /* ^ */
-#ifdef SSL_OP_NO_EXTENDED_MASTER_SECRET
- return SSL_OP_NO_EXTENDED_MASTER_SECRET;
+#ifdef X509_V_ERR_INVALID_EXTENSION
+ return X509_V_ERR_INVALID_EXTENSION;
#else
goto not_there;
#endif
}
break;
- case 'F':
- if (!memcmp(name, "X509_CHECK_FLAG_NO_WILDCARDS", 28)) {
- /* ^ */
+ case 'B':
+ if (!memcmp(name, "X509_V_ERR_UNABLE_TO_GET_CRL", 28)) {
+ /* ^ */
-#ifdef X509_CHECK_FLAG_NO_WILDCARDS
- return X509_CHECK_FLAG_NO_WILDCARDS;
+#ifdef X509_V_ERR_UNABLE_TO_GET_CRL
+ return X509_V_ERR_UNABLE_TO_GET_CRL;
#else
goto not_there;
#endif
}
break;
- case 'H':
- if (!memcmp(name, "X509_V_ERR_HOSTNAME_MISMATCH", 28)) {
- /* ^ */
+ case 'E':
+ if (!memcmp(name, "X509_V_ERR_UNNESTED_RESOURCE", 28)) {
+ /* ^ */
-#ifdef X509_V_ERR_HOSTNAME_MISMATCH
- return X509_V_ERR_HOSTNAME_MISMATCH;
+#ifdef X509_V_ERR_UNNESTED_RESOURCE
+ return X509_V_ERR_UNNESTED_RESOURCE;
#else
goto not_there;
#endif
}
break;
- case 'I':
- if (!memcmp(name, "X509_V_ERR_INVALID_EXTENSION", 28)) {
- /* ^ */
-
-#ifdef X509_V_ERR_INVALID_EXTENSION
- return X509_V_ERR_INVALID_EXTENSION;
-#else
- goto not_there;
-#endif
-
- }
- if (!memcmp(name, "X509_V_ERR_ISSUER_NAME_EMPTY", 28)) {
- /* ^ */
+ case 'G':
+ if (!memcmp(name, "X509_CHECK_FLAG_NO_WILDCARDS", 28)) {
+ /* ^ */
-#ifdef X509_V_ERR_ISSUER_NAME_EMPTY
- return X509_V_ERR_ISSUER_NAME_EMPTY;
+#ifdef X509_CHECK_FLAG_NO_WILDCARDS
+ return X509_CHECK_FLAG_NO_WILDCARDS;
#else
goto not_there;
#endif
}
break;
- case 'N':
+ case 'I':
if (!memcmp(name, "SESS_CACHE_NO_INTERNAL_STORE", 28)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_SESS_CACHE_NO_INTERNAL_STORE
return SSL_SESS_CACHE_NO_INTERNAL_STORE;
@@ -6341,9 +6961,9 @@ constant (const char *name, size_t len) {
}
break;
- case 'O':
+ case 'P':
if (!memcmp(name, "X509_V_ERR_OCSP_CERT_UNKNOWN", 28)) {
- /* ^ */
+ /* ^ */
#ifdef X509_V_ERR_OCSP_CERT_UNKNOWN
return X509_V_ERR_OCSP_CERT_UNKNOWN;
@@ -6354,20 +6974,8 @@ constant (const char *name, size_t len) {
}
break;
case 'R':
- if (!memcmp(name, "SSL3_MT_ENCRYPTED_EXTENSIONS", 28)) {
- /* ^ */
-
-#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS
- return SSL3_MT_ENCRYPTED_EXTENSIONS;
-#else
- goto not_there;
-#endif
-
- }
- break;
- case 'S':
if (!memcmp(name, "F_SSL_USE_RSAPRIVATEKEY_ASN1", 28)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1
return SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1;
@@ -6377,7 +6985,7 @@ constant (const char *name, size_t len) {
}
if (!memcmp(name, "F_SSL_USE_RSAPRIVATEKEY_FILE", 28)) {
- /* ^ */
+ /* ^ */
#ifdef SSL_F_SSL_USE_RSAPRIVATEKEY_FILE
return SSL_F_SSL_USE_RSAPRIVATEKEY_FILE;
@@ -6387,67 +6995,87 @@ constant (const char *name, size_t len) {
}
break;
- case 'U':
- if (!memcmp(name, "X509_V_ERR_UNABLE_TO_GET_CRL", 28)) {
- /* ^ */
+ case 'T':
+ if (!memcmp(name, "SSL3_MT_ENCRYPTED_EXTENSIONS", 28)) {
+ /* ^ */
-#ifdef X509_V_ERR_UNABLE_TO_GET_CRL
- return X509_V_ERR_UNABLE_TO_GET_CRL;
+#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS
+ return SSL3_MT_ENCRYPTED_EXTENSIONS;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_ERR_UNNESTED_RESOURCE", 28)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_ERR_HOSTNAME_MISMATCH", 28)) {
+ /* ^ */
-#ifdef X509_V_ERR_UNNESTED_RESOURCE
- return X509_V_ERR_UNNESTED_RESOURCE;
+#ifdef X509_V_ERR_HOSTNAME_MISMATCH
+ return X509_V_ERR_HOSTNAME_MISMATCH;
#else
goto not_there;
#endif
}
break;
- case '_':
- if (!memcmp(name, "NID_private_key_usage_period", 28)) {
- /* ^ */
+ case 'U':
+ if (!memcmp(name, "X509_V_ERR_ISSUER_NAME_EMPTY", 28)) {
+ /* ^ */
-#ifdef NID_private_key_usage_period
- return NID_private_key_usage_period;
+#ifdef X509_V_ERR_ISSUER_NAME_EMPTY
+ return X509_V_ERR_ISSUER_NAME_EMPTY;
#else
goto not_there;
#endif
}
break;
- case 'e':
- if (!memcmp(name, "NID_netscape_ssl_server_name", 28)) {
- /* ^ */
+ case '_':
+ if (!memcmp(name, "OP_NO_EXTENDED_MASTER_SECRET", 28)) {
+ /* ^ */
-#ifdef NID_netscape_ssl_server_name
- return NID_netscape_ssl_server_name;
+#ifdef SSL_OP_NO_EXTENDED_MASTER_SECRET
+ return SSL_OP_NO_EXTENDED_MASTER_SECRET;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "TLSEXT_TYPE_ec_point_formats", 28)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_ec_point_formats
+ return TLSEXT_TYPE_ec_point_formats;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "X509_V_ERR_CRL_NOT_YET_VALID", 28)) {
+ /* ^ */
+
+#ifdef X509_V_ERR_CRL_NOT_YET_VALID
+ return X509_V_ERR_CRL_NOT_YET_VALID;
#else
goto not_there;
#endif
}
break;
- case 'h':
- if (!memcmp(name, "NID_pbe_WithSHA1And128BitRC4", 28)) {
- /* ^ */
+ case 'c':
+ if (!memcmp(name, "TLSEXT_TYPE_encrypt_then_mac", 28)) {
+ /* ^ */
-#ifdef NID_pbe_WithSHA1And128BitRC4
- return NID_pbe_WithSHA1And128BitRC4;
+#ifdef TLSEXT_TYPE_encrypt_then_mac
+ return TLSEXT_TYPE_encrypt_then_mac;
#else
goto not_there;
#endif
}
break;
- case 'i':
+ case 'e':
if (!memcmp(name, "NID_pkcs7_signedAndEnveloped", 28)) {
- /* ^ */
+ /* ^ */
#ifdef NID_pkcs7_signedAndEnveloped
return NID_pkcs7_signedAndEnveloped;
@@ -6457,9 +7085,21 @@ constant (const char *name, size_t len) {
}
break;
- case 't':
+ case 'i':
+ if (!memcmp(name, "TLSEXT_TYPE_client_cert_type", 28)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_client_cert_type
+ return TLSEXT_TYPE_client_cert_type;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'k':
if (!memcmp(name, "NID_authority_key_identifier", 28)) {
- /* ^ */
+ /* ^ */
#ifdef NID_authority_key_identifier
return NID_authority_key_identifier;
@@ -6469,17 +7109,66 @@ constant (const char *name, size_t len) {
}
break;
+ case 'p':
+ if (!memcmp(name, "TLSEXT_TYPE_supported_groups", 28)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_supported_groups
+ return TLSEXT_TYPE_supported_groups;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'r':
+ if (!memcmp(name, "TLSEXT_TYPE_server_cert_type", 28)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_server_cert_type
+ return TLSEXT_TYPE_server_cert_type;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 's':
+ if (!memcmp(name, "NID_netscape_ssl_server_name", 28)) {
+ /* ^ */
+
+#ifdef NID_netscape_ssl_server_name
+ return NID_netscape_ssl_server_name;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'y':
+ if (!memcmp(name, "NID_private_key_usage_period", 28)) {
+ /* ^ */
+
+#ifdef NID_private_key_usage_period
+ return NID_private_key_usage_period;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
}
break;
case 29:
/* Names all of length 29. */
- /* NID_pkcs9_unstructuredAddress OCSP_RESPONSE_STATUS_TRYLATER
- OP_ALLOW_CLIENT_RENEGOTIATION OP_MICROSOFT_BIG_SSLV3_BUFFER
- R_SSL_SESSION_ID_IS_DIFFERENT SESS_CACHE_NO_INTERNAL_LOOKUP
- X509_V_ERR_AKID_SKID_MISMATCH X509_V_ERR_CERT_NOT_YET_VALID
- X509_V_ERR_EXCLUDED_VIOLATION X509_V_ERR_NO_EXPLICIT_POLICY
- X509_V_ERR_OCSP_VERIFY_FAILED X509_V_ERR_OCSP_VERIFY_NEEDED
- X509_V_ERR_SUBJECT_NAME_EMPTY X509_V_FLAG_ALLOW_PROXY_CERTS */
+ /* AD_BAD_CERTIFICATE_HASH_VALUE NID_pkcs9_unstructuredAddress
+ OCSP_RESPONSE_STATUS_TRYLATER OP_ALLOW_CLIENT_RENEGOTIATION
+ OP_MICROSOFT_BIG_SSLV3_BUFFER R_SSL_SESSION_ID_IS_DIFFERENT
+ SESS_CACHE_NO_INTERNAL_LOOKUP X509_V_ERR_AKID_SKID_MISMATCH
+ X509_V_ERR_CERT_NOT_YET_VALID X509_V_ERR_EXCLUDED_VIOLATION
+ X509_V_ERR_NO_EXPLICIT_POLICY X509_V_ERR_OCSP_VERIFY_FAILED
+ X509_V_ERR_OCSP_VERIFY_NEEDED X509_V_ERR_SUBJECT_NAME_EMPTY
+ X509_V_FLAG_ALLOW_PROXY_CERTS */
/* Offset 16 gives the best switch position. */
switch (name[16]) {
case 'A':
@@ -6567,6 +7256,16 @@ constant (const char *name, size_t len) {
}
break;
case 'T':
+ if (!memcmp(name, "AD_BAD_CERTIFICATE_HASH_VALUE", 29)) {
+ /* ^ */
+
+#ifdef SSL_AD_BAD_CERTIFICATE_HASH_VALUE
+ return SSL_AD_BAD_CERTIFICATE_HASH_VALUE;
+#else
+ goto not_there;
+#endif
+
+ }
if (!memcmp(name, "SESS_CACHE_NO_INTERNAL_LOOKUP", 29)) {
/* ^ */
@@ -6652,9 +7351,9 @@ constant (const char *name, size_t len) {
/* Names all of length 30. */
/* NID_netscape_ca_revocation_url OP_DONT_INSERT_EMPTY_FRAGMENTS
OP_SSLREF2_REUSE_CERT_TYPE_BUG R_UNABLE_TO_EXTRACT_PUBLIC_KEY
- X509_V_ERR_CERT_CHAIN_TOO_LONG X509_V_ERR_DIFFERENT_CRL_SCOPE
- X509_V_ERR_IP_ADDRESS_MISMATCH X509_V_ERR_PERMITTED_VIOLATION
- X509_V_FLAG_CHECK_SS_SIGNATURE */
+ TLSEXT_TYPE_supported_versions X509_V_ERR_CERT_CHAIN_TOO_LONG
+ X509_V_ERR_DIFFERENT_CRL_SCOPE X509_V_ERR_IP_ADDRESS_MISMATCH
+ X509_V_ERR_PERMITTED_VIOLATION X509_V_FLAG_CHECK_SS_SIGNATURE */
/* Offset 24 gives the best switch position. */
switch (name[24]) {
case 'G':
@@ -6765,23 +7464,58 @@ constant (const char *name, size_t len) {
}
break;
+ case 'r':
+ if (!memcmp(name, "TLSEXT_TYPE_supported_versions", 30)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_supported_versions
+ return TLSEXT_TYPE_supported_versions;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
}
break;
case 31:
/* Names all of length 31. */
/* MIN_RSA_MODULUS_LENGTH_IN_BYTES MODE_ACCEPT_MOVING_WRITE_BUFFER
NID_pbe_WithSHA1And40BitRC2_CBC OCSP_RESPONSE_STATUS_SUCCESSFUL
+ TLSEXT_TYPE_max_fragment_length TLSEXT_TYPE_post_handshake_auth
X509_V_ERR_KEYUSAGE_NO_CERTSIGN X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
X509_V_ERR_NO_ISSUER_PUBLIC_KEY X509_V_ERR_PATH_LENGTH_EXCEEDED
X509_V_FLAG_SUITEB_128_LOS_ONLY */
- /* Offset 24 gives the best switch position. */
- switch (name[24]) {
+ /* Offset 25 gives the best switch position. */
+ switch (name[25]) {
+ case 'B':
+ if (!memcmp(name, "MODE_ACCEPT_MOVING_WRITE_BUFFER", 31)) {
+ /* ^ */
+
+#ifdef SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+ return SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
case 'C':
- if (!memcmp(name, "OCSP_RESPONSE_STATUS_SUCCESSFUL", 31)) {
- /* ^ */
+ if (!memcmp(name, "NID_pbe_WithSHA1And40BitRC2_CBC", 31)) {
+ /* ^ */
-#ifdef OCSP_RESPONSE_STATUS_SUCCESSFUL
- return OCSP_RESPONSE_STATUS_SUCCESSFUL;
+#ifdef NID_pbe_WithSHA1And40BitRC2_CBC
+ return NID_pbe_WithSHA1And40BitRC2_CBC;
+#else
+ goto not_there;
+#endif
+
+ }
+ if (!memcmp(name, "X509_V_ERR_PATH_LENGTH_EXCEEDED", 31)) {
+ /* ^ */
+
+#ifdef X509_V_ERR_PATH_LENGTH_EXCEEDED
+ return X509_V_ERR_PATH_LENGTH_EXCEEDED;
#else
goto not_there;
#endif
@@ -6789,20 +7523,20 @@ constant (const char *name, size_t len) {
}
break;
case 'E':
- if (!memcmp(name, "X509_V_ERR_KEYUSAGE_NO_CERTSIGN", 31)) {
- /* ^ */
+ if (!memcmp(name, "OCSP_RESPONSE_STATUS_SUCCESSFUL", 31)) {
+ /* ^ */
-#ifdef X509_V_ERR_KEYUSAGE_NO_CERTSIGN
- return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+#ifdef OCSP_RESPONSE_STATUS_SUCCESSFUL
+ return OCSP_RESPONSE_STATUS_SUCCESSFUL;
#else
goto not_there;
#endif
}
break;
- case 'L':
+ case 'I':
if (!memcmp(name, "X509_V_ERR_NO_ISSUER_PUBLIC_KEY", 31)) {
- /* ^ */
+ /* ^ */
#ifdef X509_V_ERR_NO_ISSUER_PUBLIC_KEY
return X509_V_ERR_NO_ISSUER_PUBLIC_KEY;
@@ -6812,70 +7546,72 @@ constant (const char *name, size_t len) {
}
break;
- case 'N':
- if (!memcmp(name, "MIN_RSA_MODULUS_LENGTH_IN_BYTES", 31)) {
- /* ^ */
+ case 'L':
+ if (!memcmp(name, "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN", 31)) {
+ /* ^ */
-#ifdef SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES
- return SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES;
+#ifdef X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
+ return X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
#else
goto not_there;
#endif
}
break;
- case 'O':
- if (!memcmp(name, "X509_V_FLAG_SUITEB_128_LOS_ONLY", 31)) {
- /* ^ */
+ case 'R':
+ if (!memcmp(name, "X509_V_ERR_KEYUSAGE_NO_CERTSIGN", 31)) {
+ /* ^ */
-#ifdef X509_V_FLAG_SUITEB_128_LOS_ONLY
- return X509_V_FLAG_SUITEB_128_LOS_ONLY;
+#ifdef X509_V_ERR_KEYUSAGE_NO_CERTSIGN
+ return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
#else
goto not_there;
#endif
}
break;
- case 'R':
- if (!memcmp(name, "NID_pbe_WithSHA1And40BitRC2_CBC", 31)) {
- /* ^ */
+ case 'S':
+ if (!memcmp(name, "X509_V_FLAG_SUITEB_128_LOS_ONLY", 31)) {
+ /* ^ */
-#ifdef NID_pbe_WithSHA1And40BitRC2_CBC
- return NID_pbe_WithSHA1And40BitRC2_CBC;
+#ifdef X509_V_FLAG_SUITEB_128_LOS_ONLY
+ return X509_V_FLAG_SUITEB_128_LOS_ONLY;
#else
goto not_there;
#endif
}
- if (!memcmp(name, "X509_V_ERR_KEYUSAGE_NO_CRL_SIGN", 31)) {
- /* ^ */
+ break;
+ case '_':
+ if (!memcmp(name, "MIN_RSA_MODULUS_LENGTH_IN_BYTES", 31)) {
+ /* ^ */
-#ifdef X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
- return X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+#ifdef SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES
+ return SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES;
#else
goto not_there;
#endif
}
break;
- case 'X':
- if (!memcmp(name, "X509_V_ERR_PATH_LENGTH_EXCEEDED", 31)) {
- /* ^ */
+ case 'e':
+ if (!memcmp(name, "TLSEXT_TYPE_post_handshake_auth", 31)) {
+ /* ^ */
-#ifdef X509_V_ERR_PATH_LENGTH_EXCEEDED
- return X509_V_ERR_PATH_LENGTH_EXCEEDED;
+#ifdef TLSEXT_TYPE_post_handshake_auth
+ return TLSEXT_TYPE_post_handshake_auth;
#else
goto not_there;
#endif
}
break;
- case '_':
- if (!memcmp(name, "MODE_ACCEPT_MOVING_WRITE_BUFFER", 31)) {
- /* ^ */
+ case 'l':
+ if (!memcmp(name, "TLSEXT_TYPE_max_fragment_length", 31)) {
+ /* ^ */
-#ifdef SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
- return SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
+#ifdef TLSEXT_TYPE_max_fragment_length
+ return TLSEXT_TYPE_max_fragment_length;
#else
goto not_there;
#endif
@@ -6887,6 +7623,7 @@ constant (const char *name, size_t len) {
case 32:
/* Names all of length 32. */
/* NID_pbe_WithSHA1And128BitRC2_CBC OCSP_RESPONSE_STATUS_SIGREQUIRED
+ TLSEXT_TYPE_compress_certificate TLSEXT_TYPE_signature_algorithms
X509_V_ERR_CA_BCONS_NOT_CRITICAL X509_V_ERR_CRL_SIGNATURE_FAILURE
X509_V_ERR_SUITE_B_INVALID_CURVE X509_V_FLAG_EXTENDED_CRL_SUPPORT */
/* Offset 21 gives the best switch position. */
@@ -6963,6 +7700,30 @@ constant (const char *name, size_t len) {
}
break;
+ case '_':
+ if (!memcmp(name, "TLSEXT_TYPE_signature_algorithms", 32)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_signature_algorithms
+ return TLSEXT_TYPE_signature_algorithms;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'c':
+ if (!memcmp(name, "TLSEXT_TYPE_compress_certificate", 32)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_compress_certificate
+ return TLSEXT_TYPE_compress_certificate;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
}
break;
case 33:
@@ -7023,26 +7784,40 @@ constant (const char *name, size_t len) {
break;
case 34:
/* Names all of length 34. */
- /* OCSP_RESPONSE_STATUS_INTERNALERROR OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
- X509_V_ERR_SUBJECT_ISSUER_MISMATCH X509_V_ERR_SUITE_B_INVALID_VERSION
- X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED X509_V_ERR_UNSUPPORTED_NAME_SYNTAX */
- /* Offset 24 gives the best switch position. */
- switch (name[24]) {
- case 'A':
- if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_NAME_SYNTAX", 34)) {
- /* ^ */
+ /* AD_BAD_CERTIFICATE_STATUS_RESPONSE OCSP_RESPONSE_STATUS_INTERNALERROR
+ OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG TLSEXT_TYPE_client_certificate_url
+ TLSEXT_TYPE_extended_master_secret X509_V_ERR_SUBJECT_ISSUER_MISMATCH
+ X509_V_ERR_SUITE_B_INVALID_VERSION X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
+ X509_V_ERR_UNSUPPORTED_NAME_SYNTAX */
+ /* Offset 33 gives the best switch position. */
+ switch (name[33]) {
+ case 'D':
+ if (!memcmp(name, "X509_V_ERR_SUITE_B_LOS_NOT_ALLOWE", 33)) {
+ /* D */
-#ifdef X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
- return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+#ifdef X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
+ return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
#else
goto not_there;
#endif
}
break;
- case 'C':
- if (!memcmp(name, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", 34)) {
- /* ^ */
+ case 'E':
+ if (!memcmp(name, "AD_BAD_CERTIFICATE_STATUS_RESPONS", 33)) {
+ /* E */
+
+#ifdef SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+ return SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'G':
+ if (!memcmp(name, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BU", 33)) {
+ /* G */
#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
return SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG;
@@ -7052,21 +7827,21 @@ constant (const char *name, size_t len) {
}
break;
- case 'E':
- if (!memcmp(name, "OCSP_RESPONSE_STATUS_INTERNALERROR", 34)) {
- /* ^ */
+ case 'H':
+ if (!memcmp(name, "X509_V_ERR_SUBJECT_ISSUER_MISMATC", 33)) {
+ /* H */
-#ifdef OCSP_RESPONSE_STATUS_INTERNALERROR
- return OCSP_RESPONSE_STATUS_INTERNALERROR;
+#ifdef X509_V_ERR_SUBJECT_ISSUER_MISMATCH
+ return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
#else
goto not_there;
#endif
}
break;
- case 'I':
- if (!memcmp(name, "X509_V_ERR_SUITE_B_INVALID_VERSION", 34)) {
- /* ^ */
+ case 'N':
+ if (!memcmp(name, "X509_V_ERR_SUITE_B_INVALID_VERSIO", 33)) {
+ /* N */
#ifdef X509_V_ERR_SUITE_B_INVALID_VERSION
return X509_V_ERR_SUITE_B_INVALID_VERSION;
@@ -7076,24 +7851,48 @@ constant (const char *name, size_t len) {
}
break;
- case 'O':
- if (!memcmp(name, "X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED", 34)) {
- /* ^ */
+ case 'R':
+ if (!memcmp(name, "OCSP_RESPONSE_STATUS_INTERNALERRO", 33)) {
+ /* R */
-#ifdef X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED
- return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
+#ifdef OCSP_RESPONSE_STATUS_INTERNALERROR
+ return OCSP_RESPONSE_STATUS_INTERNALERROR;
#else
goto not_there;
#endif
}
break;
- case 'R':
- if (!memcmp(name, "X509_V_ERR_SUBJECT_ISSUER_MISMATCH", 34)) {
- /* ^ */
+ case 'X':
+ if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_NAME_SYNTA", 33)) {
+ /* X */
-#ifdef X509_V_ERR_SUBJECT_ISSUER_MISMATCH
- return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+#ifdef X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+ return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'l':
+ if (!memcmp(name, "TLSEXT_TYPE_client_certificate_ur", 33)) {
+ /* l */
+
+#ifdef TLSEXT_TYPE_client_certificate_url
+ return TLSEXT_TYPE_client_certificate_url;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 't':
+ if (!memcmp(name, "TLSEXT_TYPE_extended_master_secre", 33)) {
+ /* t */
+
+#ifdef TLSEXT_TYPE_extended_master_secret
+ return TLSEXT_TYPE_extended_master_secret;
#else
goto not_there;
#endif
@@ -7105,18 +7904,18 @@ constant (const char *name, size_t len) {
case 35:
/* Names all of length 35. */
/* OPENSSL_INFO_DIR_FILENAME_SEPARATOR OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
- R_PEER_DID_NOT_RETURN_A_CERTIFICATE X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
- X509_V_ERR_APPLICATION_VERIFICATION X509_V_ERR_INVALID_POLICY_EXTENSION
- X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER _NET_SSLEAY_TEST_UNDEFINED_CONSTANT
- */
- /* Offset 29 gives the best switch position. */
- switch (name[29]) {
+ R_PEER_DID_NOT_RETURN_A_CERTIFICATE TLSEXT_TYPE_certificate_authorities
+ X509_CHECK_FLAG_NEVER_CHECK_SUBJECT X509_V_ERR_APPLICATION_VERIFICATION
+ X509_V_ERR_INVALID_POLICY_EXTENSION X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+ _NET_SSLEAY_TEST_UNDEFINED_CONSTANT */
+ /* Offset 27 gives the best switch position. */
+ switch (name[27]) {
case 'A':
- if (!memcmp(name, "OPENSSL_INFO_DIR_FILENAME_SEPARATOR", 35)) {
- /* ^ */
+ if (!memcmp(name, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", 35)) {
+ /* ^ */
-#ifdef OPENSSL_INFO_DIR_FILENAME_SEPARATOR
- return OPENSSL_INFO_DIR_FILENAME_SEPARATOR;
+#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+ return SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
#else
goto not_there;
#endif
@@ -7124,11 +7923,11 @@ constant (const char *name, size_t len) {
}
break;
case 'C':
- if (!memcmp(name, "X509_V_ERR_APPLICATION_VERIFICATION", 35)) {
- /* ^ */
+ if (!memcmp(name, "_NET_SSLEAY_TEST_UNDEFINED_CONSTANT", 35)) {
+ /* ^ */
-#ifdef X509_V_ERR_APPLICATION_VERIFICATION
- return X509_V_ERR_APPLICATION_VERIFICATION;
+#ifdef _NET_SSLEAY_TEST_UNDEFINED_CONSTANT
+ return _NET_SSLEAY_TEST_UNDEFINED_CONSTANT;
#else
goto not_there;
#endif
@@ -7136,11 +7935,11 @@ constant (const char *name, size_t len) {
}
break;
case 'E':
- if (!memcmp(name, "X509_V_ERR_INVALID_POLICY_EXTENSION", 35)) {
- /* ^ */
+ if (!memcmp(name, "OPENSSL_INFO_DIR_FILENAME_SEPARATOR", 35)) {
+ /* ^ */
-#ifdef X509_V_ERR_INVALID_POLICY_EXTENSION
- return X509_V_ERR_INVALID_POLICY_EXTENSION;
+#ifdef OPENSSL_INFO_DIR_FILENAME_SEPARATOR
+ return OPENSSL_INFO_DIR_FILENAME_SEPARATOR;
#else
goto not_there;
#endif
@@ -7148,56 +7947,56 @@ constant (const char *name, size_t len) {
}
break;
case 'F':
- if (!memcmp(name, "R_PEER_DID_NOT_RETURN_A_CERTIFICATE", 35)) {
- /* ^ */
+ if (!memcmp(name, "X509_V_ERR_APPLICATION_VERIFICATION", 35)) {
+ /* ^ */
-#ifdef SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE
- return SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE;
+#ifdef X509_V_ERR_APPLICATION_VERIFICATION
+ return X509_V_ERR_APPLICATION_VERIFICATION;
#else
goto not_there;
#endif
}
break;
- case 'G':
- if (!memcmp(name, "OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG", 35)) {
- /* ^ */
+ case 'L':
+ if (!memcmp(name, "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", 35)) {
+ /* ^ */
-#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
- return SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
+#ifdef X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+ return X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
#else
goto not_there;
#endif
}
break;
- case 'I':
- if (!memcmp(name, "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER", 35)) {
- /* ^ */
+ case 'T':
+ if (!memcmp(name, "R_PEER_DID_NOT_RETURN_A_CERTIFICATE", 35)) {
+ /* ^ */
-#ifdef X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
- return X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
+#ifdef SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE
+ return SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE;
#else
goto not_there;
#endif
}
break;
- case 'N':
- if (!memcmp(name, "_NET_SSLEAY_TEST_UNDEFINED_CONSTANT", 35)) {
- /* ^ */
+ case 'X':
+ if (!memcmp(name, "X509_V_ERR_INVALID_POLICY_EXTENSION", 35)) {
+ /* ^ */
-#ifdef _NET_SSLEAY_TEST_UNDEFINED_CONSTANT
- return _NET_SSLEAY_TEST_UNDEFINED_CONSTANT;
+#ifdef X509_V_ERR_INVALID_POLICY_EXTENSION
+ return X509_V_ERR_INVALID_POLICY_EXTENSION;
#else
goto not_there;
#endif
}
break;
- case 'U':
+ case '_':
if (!memcmp(name, "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT", 35)) {
- /* ^ */
+ /* ^ */
#ifdef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT
return X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
@@ -7207,6 +8006,18 @@ constant (const char *name, size_t len) {
}
break;
+ case 'h':
+ if (!memcmp(name, "TLSEXT_TYPE_certificate_authorities", 35)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_certificate_authorities
+ return TLSEXT_TYPE_certificate_authorities;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
}
break;
case 36:
@@ -7322,26 +8133,40 @@ constant (const char *name, size_t len) {
case 37:
/* Names all of length 37. */
/* OCSP_RESPONSE_STATUS_MALFORMEDREQUEST
+ TLSEXT_TYPE_quic_transport_parameters
+ TLSEXT_TYPE_signature_algorithms_cert
X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED */
- /* Offset 17 gives the best switch position. */
- switch (name[17]) {
- case 'N':
- if (!memcmp(name, "X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA", 37)) {
- /* ^ */
+ /* Offset 30 gives the best switch position. */
+ switch (name[30]) {
+ case 'L':
+ if (!memcmp(name, "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS", 37)) {
+ /* ^ */
-#ifdef X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA
- return X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA;
+#ifdef X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
+ return X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
#else
goto not_there;
#endif
}
break;
- case 'P':
+ case 'R':
+ if (!memcmp(name, "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST", 37)) {
+ /* ^ */
+
+#ifdef OCSP_RESPONSE_STATUS_MALFORMEDREQUEST
+ return OCSP_RESPONSE_STATUS_MALFORMEDREQUEST;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'X':
if (!memcmp(name, "X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED", 37)) {
- /* ^ */
+ /* ^ */
#ifdef X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
return X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
@@ -7351,24 +8176,36 @@ constant (const char *name, size_t len) {
}
break;
- case 'T':
- if (!memcmp(name, "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST", 37)) {
- /* ^ */
+ case '_':
+ if (!memcmp(name, "X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA", 37)) {
+ /* ^ */
-#ifdef OCSP_RESPONSE_STATUS_MALFORMEDREQUEST
- return OCSP_RESPONSE_STATUS_MALFORMEDREQUEST;
+#ifdef X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA
+ return X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA;
#else
goto not_there;
#endif
}
break;
- case 'U':
- if (!memcmp(name, "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS", 37)) {
- /* ^ */
+ case 'a':
+ if (!memcmp(name, "TLSEXT_TYPE_quic_transport_parameters", 37)) {
+ /* ^ */
-#ifdef X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS
- return X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS;
+#ifdef TLSEXT_TYPE_quic_transport_parameters
+ return TLSEXT_TYPE_quic_transport_parameters;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case 'm':
+ if (!memcmp(name, "TLSEXT_TYPE_signature_algorithms_cert", 37)) {
+ /* ^ */
+
+#ifdef TLSEXT_TYPE_signature_algorithms_cert
+ return TLSEXT_TYPE_signature_algorithms_cert;
#else
goto not_there;
#endif
@@ -7521,39 +8358,52 @@ constant (const char *name, size_t len) {
break;
case 40:
/* Names all of length 40. */
- /* X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
+ /* TLSEXT_TYPE_signed_certificate_timestamp
+ X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE */
- /* Offset 26 gives the best switch position. */
- switch (name[26]) {
- case 'E':
- if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", 40)) {
- /* ^ */
+ /* Offset 24 gives the best switch position. */
+ switch (name[24]) {
+ case 'I':
+ if (!memcmp(name, "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", 40)) {
+ /* ^ */
-#ifdef X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
- return X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE;
+#ifdef X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
+ return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
#else
goto not_there;
#endif
}
break;
- case 'I':
- if (!memcmp(name, "X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE", 40)) {
- /* ^ */
+ case 'O':
+ if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", 40)) {
+ /* ^ */
-#ifdef X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
- return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
+#ifdef X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
+ return X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX;
#else
goto not_there;
#endif
}
break;
- case 'O':
+ case 'X':
+ if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE", 40)) {
+ /* ^ */
+
+#ifdef X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
+ return X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
+ case '_':
if (!memcmp(name, "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD", 40)) {
- /* ^ */
+ /* ^ */
#ifdef X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
return X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
@@ -7563,12 +8413,12 @@ constant (const char *name, size_t len) {
}
break;
- case 'S':
- if (!memcmp(name, "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX", 40)) {
- /* ^ */
+ case 'f':
+ if (!memcmp(name, "TLSEXT_TYPE_signed_certificate_timestamp", 40)) {
+ /* ^ */
-#ifdef X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
- return X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX;
+#ifdef TLSEXT_TYPE_signed_certificate_timestamp
+ return TLSEXT_TYPE_signed_certificate_timestamp;
#else
goto not_there;
#endif
@@ -7902,6 +8752,17 @@ constant (const char *name, size_t len) {
}
break;
+ case 50:
+ if (!memcmp(name, "TLSEXT_TYPE_application_layer_protocol_negotiation", 50)) {
+
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ return TLSEXT_TYPE_application_layer_protocol_negotiation;
+#else
+ goto not_there;
+#endif
+
+ }
+ break;
}
errno = EINVAL;
diff --git a/helper_script/constants.txt b/helper_script/constants.txt
index ea2b2b6..fc4d627 100644
--- a/helper_script/constants.txt
+++ b/helper_script/constants.txt
@@ -295,6 +295,40 @@ SSLEAY_CFLAGS
SSLEAY_DIR
SSLEAY_PLATFORM
SSLEAY_VERSION
+SSL_AD_ACCESS_DENIED
+SSL_AD_BAD_CERTIFICATE
+SSL_AD_BAD_CERTIFICATE_HASH_VALUE
+SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+SSL_AD_BAD_RECORD_MAC
+SSL_AD_CERTIFICATE_EXPIRED
+SSL_AD_CERTIFICATE_REQUIRED
+SSL_AD_CERTIFICATE_REVOKED
+SSL_AD_CERTIFICATE_UNKNOWN
+SSL_AD_CERTIFICATE_UNOBTAINABLE
+SSL_AD_CLOSE_NOTIFY
+SSL_AD_DECODE_ERROR
+SSL_AD_DECOMPRESSION_FAILURE
+SSL_AD_DECRYPTION_FAILED
+SSL_AD_DECRYPT_ERROR
+SSL_AD_EXPORT_RESTRICTION
+SSL_AD_HANDSHAKE_FAILURE
+SSL_AD_ILLEGAL_PARAMETER
+SSL_AD_INAPPROPRIATE_FALLBACK
+SSL_AD_INSUFFICIENT_SECURITY
+SSL_AD_INTERNAL_ERROR
+SSL_AD_MISSING_EXTENSION
+SSL_AD_NO_APPLICATION_PROTOCOL
+SSL_AD_NO_CERTIFICATE
+SSL_AD_NO_RENEGOTIATION
+SSL_AD_PROTOCOL_VERSION
+SSL_AD_RECORD_OVERFLOW
+SSL_AD_UNEXPECTED_MESSAGE
+SSL_AD_UNKNOWN_CA
+SSL_AD_UNKNOWN_PSK_IDENTITY
+SSL_AD_UNRECOGNIZED_NAME
+SSL_AD_UNSUPPORTED_CERTIFICATE
+SSL_AD_UNSUPPORTED_EXTENSION
+SSL_AD_USER_CANCELLED
SSL_ASYNC_PAUSED
SSL_ASYNC_NO_JOBS
SSL_CB_ACCEPT_EXIT
@@ -311,6 +345,9 @@ SSL_CB_READ_ALERT
SSL_CB_WRITE
SSL_CB_WRITE_ALERT
SSL_CLIENT_HELLO_CB
+SSL_CLIENT_HELLO_ERROR
+SSL_CLIENT_HELLO_RETRY
+SSL_CLIENT_HELLO_SUCCESS
SSL_ERROR_NONE
SSL_ERROR_SSL
SSL_ERROR_SYSCALL
@@ -486,6 +523,43 @@ TLS1_2_VERSION
TLS1_3_VERSION
TLS1_VERSION
TLSEXT_STATUSTYPE_ocsp
+TLSEXT_TYPE_application_layer_protocol_negotiation
+TLSEXT_TYPE_cert_type
+TLSEXT_TYPE_certificate_authorities
+TLSEXT_TYPE_client_authz
+TLSEXT_TYPE_client_cert_type
+TLSEXT_TYPE_client_certificate_url
+TLSEXT_TYPE_compress_certificate
+TLSEXT_TYPE_cookie
+TLSEXT_TYPE_early_data
+TLSEXT_TYPE_ec_point_formats
+TLSEXT_TYPE_elliptic_curves
+TLSEXT_TYPE_encrypt_then_mac
+TLSEXT_TYPE_extended_master_secret
+TLSEXT_TYPE_key_share
+TLSEXT_TYPE_max_fragment_length
+TLSEXT_TYPE_next_proto_neg
+TLSEXT_TYPE_padding
+TLSEXT_TYPE_post_handshake_auth
+TLSEXT_TYPE_psk
+TLSEXT_TYPE_psk_kex_modes
+TLSEXT_TYPE_quic_transport_parameters
+TLSEXT_TYPE_renegotiate
+TLSEXT_TYPE_server_authz
+TLSEXT_TYPE_server_cert_type
+TLSEXT_TYPE_server_name
+TLSEXT_TYPE_session_ticket
+TLSEXT_TYPE_signature_algorithms
+TLSEXT_TYPE_signature_algorithms_cert
+TLSEXT_TYPE_signed_certificate_timestamp
+TLSEXT_TYPE_srp
+TLSEXT_TYPE_status_request
+TLSEXT_TYPE_supported_groups
+TLSEXT_TYPE_supported_versions
+TLSEXT_TYPE_truncated_hmac
+TLSEXT_TYPE_trusted_ca_keys
+TLSEXT_TYPE_use_srtp
+TLSEXT_TYPE_user_mapping
V_OCSP_CERTSTATUS_GOOD
V_OCSP_CERTSTATUS_REVOKED
V_OCSP_CERTSTATUS_UNKNOWN
diff --git a/lib/Net/SSLeay.pm b/lib/Net/SSLeay.pm
index be818d1..94a2ecf 100644
--- a/lib/Net/SSLeay.pm
+++ b/lib/Net/SSLeay.pm
@@ -78,6 +78,40 @@ $VERSION = '1.93_02';
# To add or remove a constant, edit helper_script/constants.txt, then run
# helper_script/update-exported-constants.
my @constants = qw(
+ AD_ACCESS_DENIED
+ AD_BAD_CERTIFICATE
+ AD_BAD_CERTIFICATE_HASH_VALUE
+ AD_BAD_CERTIFICATE_STATUS_RESPONSE
+ AD_BAD_RECORD_MAC
+ AD_CERTIFICATE_EXPIRED
+ AD_CERTIFICATE_REQUIRED
+ AD_CERTIFICATE_REVOKED
+ AD_CERTIFICATE_UNKNOWN
+ AD_CERTIFICATE_UNOBTAINABLE
+ AD_CLOSE_NOTIFY
+ AD_DECODE_ERROR
+ AD_DECOMPRESSION_FAILURE
+ AD_DECRYPTION_FAILED
+ AD_DECRYPT_ERROR
+ AD_EXPORT_RESTRICTION
+ AD_HANDSHAKE_FAILURE
+ AD_ILLEGAL_PARAMETER
+ AD_INAPPROPRIATE_FALLBACK
+ AD_INSUFFICIENT_SECURITY
+ AD_INTERNAL_ERROR
+ AD_MISSING_EXTENSION
+ AD_NO_APPLICATION_PROTOCOL
+ AD_NO_CERTIFICATE
+ AD_NO_RENEGOTIATION
+ AD_PROTOCOL_VERSION
+ AD_RECORD_OVERFLOW
+ AD_UNEXPECTED_MESSAGE
+ AD_UNKNOWN_CA
+ AD_UNKNOWN_PSK_IDENTITY
+ AD_UNRECOGNIZED_NAME
+ AD_UNSUPPORTED_CERTIFICATE
+ AD_UNSUPPORTED_EXTENSION
+ AD_USER_CANCELLED
ASN1_STRFLGS_ESC_CTRL
ASN1_STRFLGS_ESC_MSB
ASN1_STRFLGS_ESC_QUOTE
@@ -98,6 +132,9 @@ my @constants = qw(
CB_WRITE
CB_WRITE_ALERT
CLIENT_HELLO_CB
+ CLIENT_HELLO_ERROR
+ CLIENT_HELLO_RETRY
+ CLIENT_HELLO_SUCCESS
ERROR_NONE
ERROR_SSL
ERROR_SYSCALL
@@ -546,6 +583,43 @@ my @constants = qw(
TLS1_3_VERSION
TLS1_VERSION
TLSEXT_STATUSTYPE_ocsp
+ TLSEXT_TYPE_application_layer_protocol_negotiation
+ TLSEXT_TYPE_cert_type
+ TLSEXT_TYPE_certificate_authorities
+ TLSEXT_TYPE_client_authz
+ TLSEXT_TYPE_client_cert_type
+ TLSEXT_TYPE_client_certificate_url
+ TLSEXT_TYPE_compress_certificate
+ TLSEXT_TYPE_cookie
+ TLSEXT_TYPE_early_data
+ TLSEXT_TYPE_ec_point_formats
+ TLSEXT_TYPE_elliptic_curves
+ TLSEXT_TYPE_encrypt_then_mac
+ TLSEXT_TYPE_extended_master_secret
+ TLSEXT_TYPE_key_share
+ TLSEXT_TYPE_max_fragment_length
+ TLSEXT_TYPE_next_proto_neg
+ TLSEXT_TYPE_padding
+ TLSEXT_TYPE_post_handshake_auth
+ TLSEXT_TYPE_psk
+ TLSEXT_TYPE_psk_kex_modes
+ TLSEXT_TYPE_quic_transport_parameters
+ TLSEXT_TYPE_renegotiate
+ TLSEXT_TYPE_server_authz
+ TLSEXT_TYPE_server_cert_type
+ TLSEXT_TYPE_server_name
+ TLSEXT_TYPE_session_ticket
+ TLSEXT_TYPE_signature_algorithms
+ TLSEXT_TYPE_signature_algorithms_cert
+ TLSEXT_TYPE_signed_certificate_timestamp
+ TLSEXT_TYPE_srp
+ TLSEXT_TYPE_status_request
+ TLSEXT_TYPE_supported_groups
+ TLSEXT_TYPE_supported_versions
+ TLSEXT_TYPE_truncated_hmac
+ TLSEXT_TYPE_trusted_ca_keys
+ TLSEXT_TYPE_use_srtp
+ TLSEXT_TYPE_user_mapping
VERIFY_CLIENT_ONCE
VERIFY_FAIL_IF_NO_PEER_CERT
VERIFY_NONE
diff --git a/lib/Net/SSLeay.pod b/lib/Net/SSLeay.pod
index 4fc1f74..f50b03a 100644
--- a/lib/Net/SSLeay.pod
+++ b/lib/Net/SSLeay.pod
@@ -3584,6 +3584,34 @@ Retrieve the previously set TLS key logging callback.
Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_keylog_callback.html>
+=item * CTX_set_client_hello_cb
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.92 and before; requires at least OpenSSL 1.1.1pre1, not in LibreSSL
+
+Set a callback function called during the early stages of ClientHello processing on the server.
+When callback is undef, the existing callback is disabled.
+
+ Net::SSLeay::CTX_set_client_hello_cb($ctx, $f, [$arg]);
+ # $ctx - value corresponding to openssl's SSL_CTX structure
+ # $f - sub { my ($ssl, $arg) = @_; ...; return ($ret, $al); }
+ # $arg - optional data passed to the callback function when invoked
+ #
+ # returns: no return value
+
+The callback function will be called like this:
+
+ client_hello_cb_func($ssl, $arg);
+ # $ssl - value corresponding to OpenSSL's SSL object associated with the connection
+ # $arg - data to callback
+ #
+ # An alert code must be returned with SSL_CLIENT_HELLO_FAILURE.
+ # Return value examples:
+ # ok: return Net::SSLeay::CLIENT_HELLO_SUCCESS();
+ # suspend: return Net::SSLeay::CLIENT_HELLO_RETRY();
+ # error: return (Net::SSLeay::CLIENT_HELLO_FAILURE(), Net::SSLeay::AD_NO_APPLICATION_PROTOCOL());
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_client_hello_cb.html>
+
=back
=head3 Low level API: SSL_* related functions
@@ -5467,6 +5495,106 @@ Sets TLS servername extension on SLL object $ssl to value $name.
#
# returns: 1 on success, 0 on failure
+=item * client_hello_isv2
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.92 and before; requires at least OpenSSL 1.1.1pre1, not in LibreSSL
+
+B<NOTE:> to be used only from a callback set with L<CTX_set_client_hello_cb>.
+
+Indicate if the ClientHello was carried in a SSLv2 record and is in the SSLv2 format.
+
+ my $rv = client_hello_isv2($s);
+ # $s - value corresponding to openssl's SSL structure
+ #
+ # returns: 1 for SSLv2-format ClientHellos and 0 otherwise
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/SSL_client_hello_isv2.html>
+
+=item * client_hello_get0_legacy_version
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.92 and before; requires at least OpenSSL 1.1.1pre1, not in LibreSSL
+
+B<NOTE:> to be used only from a callback set with L<CTX_set_client_hello_cb>.
+
+Returns legacy_version, also known as client_version, field from the ClientHello.
+
+ my $rv = client_hello_get0_legacy_version($s);
+ # $s - value corresponding to openssl's SSL structure
+ #
+ # returns: unsigned integer, for example 0x0303 (TLS v1.2) with TLS 1.3
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/SSL_client_hello_get0_legacy_version.html>
+
+=item * client_hello_get0_random, client_hello_get0_session_id, client_hello_get0_ciphers and client_hello_get0_compression_methods
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.92 and before; requires at least OpenSSL 1.1.1pre1, not in LibreSSL
+
+B<NOTE:> to be used only from a callback set with L<CTX_set_client_hello_cb>.
+
+These functions return random, session_id, cipher_suites and compression_methods fields from the ClientHello, respectively.
+
+ my $random = client_hello_get0_random($s);
+ my $session_id = client_hello_get0_session_id($s);
+ my $ciphers = client_hello_get0_ciphers($s);
+ my $compression_methods = client_hello_get0_compression_methods($s);
+ # $s - value corresponding to openssl's SSL structure
+ #
+ # returns: raw octet data where data length, zero or more, depends on the field definition
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/SSL_client_hello_get0_random.html>
+
+=item * client_hello_get1_extensions_present and client_hello_get_extension_order
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.92 and before; requires at least OpenSSL 1.1.1pre1, not in LibreSSL
+
+B<NOTE:> to be used only from a callback set with L<CTX_set_client_hello_cb>.
+
+Returns a reference to an array holding the numerical value of the TLS extension types in the order they appear in the ClientHello. client_hello_get_extension_order is similar and requires at least OpenSSL 3.2.0, not in LibreSSL.
+
+ my $ref = client_hello_get1_extensions_present($s);
+ # $s - value corresponding to openssl's SSL structure
+ #
+ # returns: an array reference of zero or more extension types or undef on failure
+
+Example from a TLS 1.3 ClientHello:
+
+ sub client_hello_cb {
+ my ($ssl, $arg) = @_;
+ my $ref = client_hello_get1_extensions_present($ssl);
+ print join(' ', @$ref), "\n" if $ref;
+ }
+
+Prints: C<11 10 35 22 23 13 43 45 51>
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/SSL_client_hello_get1_extensions_present.html>
+
+
+=item * client_hello_get0_ext
+
+B<COMPATIBILITY:> not available in Net-SSLeay-1.92 and before; requires at least OpenSSL 1.1.1pre1, not in LibreSSL
+
+B<NOTE:> to be used only from a callback set with L<CTX_set_client_hello_cb>.
+
+Returns an extension by type number from the ClientHello.
+
+ my $ref = client_hello_get1_extensions_present($s, $type);
+ # $s - value corresponding to openssl's SSL structure
+ # $type - (integer) extension type number
+ #
+ # returns: zero or more octets of extension contents including extension length, undef if the extension is not present
+
+Example: Get the value of TLS extension C<supported_versions>. You can use constant C<TLSEXT_TYPE_supported_versions> or 43 directly.
+
+ sub client_hello_cb {
+ my ($ssl, $arg) = @_;
+ my $ext_ver = Net::SSLeay::client_hello_get0_ext($ssl, Net::SSLeay::TLSEXT_TYPE_supported_versions());
+ print unpack('H*', $ext_ver), "\n" if defined $ext_ver;
+ }
+
+Prints: C<080304030303020301> where the first octet 0x08 is the extension length and the following four 16bit values correspond to TLS versions 1.3, 1.2, 1.1 and 1.0.
+
+Check openssl doc L<https://www.openssl.org/docs/manmaster/man3/SSL_client_hello_get0_ext.html>
+
=back
=head3 Low level API: RAND_* related functions
@@ -9739,153 +9867,190 @@ helper_script/update-exported-constants.
=for start_constants
- ASN1_STRFLGS_ESC_CTRL OP_CRYPTOPRO_TLSEXT_BUG
- ASN1_STRFLGS_ESC_MSB OP_DISABLE_TLSEXT_CA_NAMES
- ASN1_STRFLGS_ESC_QUOTE OP_DONT_INSERT_EMPTY_FRAGMENTS
- ASN1_STRFLGS_RFC2253 OP_ENABLE_KTLS
- ASYNC_NO_JOBS OP_ENABLE_MIDDLEBOX_COMPAT
- ASYNC_PAUSED OP_EPHEMERAL_RSA
- CB_ACCEPT_EXIT OP_IGNORE_UNEXPECTED_EOF
- CB_ACCEPT_LOOP OP_LEGACY_SERVER_CONNECT
- CB_ALERT OP_MICROSOFT_BIG_SSLV3_BUFFER
- CB_CONNECT_EXIT OP_MICROSOFT_SESS_ID_BUG
- CB_CONNECT_LOOP OP_MSIE_SSLV2_RSA_PADDING
- CB_EXIT OP_NETSCAPE_CA_DN_BUG
- CB_HANDSHAKE_DONE OP_NETSCAPE_CHALLENGE_BUG
- CB_HANDSHAKE_START OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
- CB_LOOP OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
- CB_READ OP_NON_EXPORT_FIRST
- CB_READ_ALERT OP_NO_ANTI_REPLAY
- CB_WRITE OP_NO_CLIENT_RENEGOTIATION
- CB_WRITE_ALERT OP_NO_COMPRESSION
- CLIENT_HELLO_CB OP_NO_ENCRYPT_THEN_MAC
- ERROR_NONE OP_NO_EXTENDED_MASTER_SECRET
- ERROR_SSL OP_NO_QUERY_MTU
- ERROR_SYSCALL OP_NO_RENEGOTIATION
- ERROR_WANT_ACCEPT OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- ERROR_WANT_ASYNC OP_NO_SSL_MASK
- ERROR_WANT_ASYNC_JOB OP_NO_SSLv2
- ERROR_WANT_CLIENT_HELLO_CB OP_NO_SSLv3
- ERROR_WANT_CONNECT OP_NO_TICKET
- ERROR_WANT_READ OP_NO_TLSv1
- ERROR_WANT_RETRY_VERIFY OP_NO_TLSv1_1
- ERROR_WANT_WRITE OP_NO_TLSv1_2
- ERROR_WANT_X509_LOOKUP OP_NO_TLSv1_3
- ERROR_ZERO_RETURN OP_PKCS1_CHECK_1
- EVP_PKS_DSA OP_PKCS1_CHECK_2
- EVP_PKS_EC OP_PRIORITIZE_CHACHA
- EVP_PKS_RSA OP_SAFARI_ECDHE_ECDSA_BUG
- EVP_PKT_ENC OP_SINGLE_DH_USE
- EVP_PKT_EXCH OP_SINGLE_ECDH_USE
- EVP_PKT_EXP OP_SSLEAY_080_CLIENT_DH_BUG
- EVP_PKT_SIGN OP_SSLREF2_REUSE_CERT_TYPE_BUG
- EVP_PK_DH OP_TLSEXT_PADDING
- EVP_PK_DSA OP_TLS_BLOCK_PADDING_BUG
- EVP_PK_EC OP_TLS_D5_BUG
- EVP_PK_RSA OP_TLS_ROLLBACK_BUG
- FILETYPE_ASN1 READING
- FILETYPE_PEM RECEIVED_SHUTDOWN
- F_CLIENT_CERTIFICATE RETRY_VERIFY
- F_CLIENT_HELLO RSA_3
- F_CLIENT_MASTER_KEY RSA_F4
- F_D2I_SSL_SESSION R_BAD_AUTHENTICATION_TYPE
- F_GET_CLIENT_FINISHED R_BAD_CHECKSUM
- F_GET_CLIENT_HELLO R_BAD_MAC_DECODE
- F_GET_CLIENT_MASTER_KEY R_BAD_RESPONSE_ARGUMENT
- F_GET_SERVER_FINISHED R_BAD_SSL_FILETYPE
- F_GET_SERVER_HELLO R_BAD_SSL_SESSION_ID_LENGTH
- F_GET_SERVER_VERIFY R_BAD_STATE
- F_I2D_SSL_SESSION R_BAD_WRITE_RETRY
- F_READ_N R_CHALLENGE_IS_DIFFERENT
- F_REQUEST_CERTIFICATE R_CIPHER_TABLE_SRC_ERROR
- F_SERVER_HELLO R_INVALID_CHALLENGE_LENGTH
- F_SSL_CERT_NEW R_NO_CERTIFICATE_SET
- F_SSL_GET_NEW_SESSION R_NO_CERTIFICATE_SPECIFIED
- F_SSL_NEW R_NO_CIPHER_LIST
- F_SSL_READ R_NO_CIPHER_MATCH
- F_SSL_RSA_PRIVATE_DECRYPT R_NO_PRIVATEKEY
- F_SSL_RSA_PUBLIC_ENCRYPT R_NO_PUBLICKEY
- F_SSL_SESSION_NEW R_NULL_SSL_CTX
- F_SSL_SESSION_PRINT_FP R_PEER_DID_NOT_RETURN_A_CERTIFICATE
- F_SSL_SET_FD R_PEER_ERROR
- F_SSL_SET_RFD R_PEER_ERROR_CERTIFICATE
- F_SSL_SET_WFD R_PEER_ERROR_NO_CIPHER
- F_SSL_USE_CERTIFICATE R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
- F_SSL_USE_CERTIFICATE_ASN1 R_PUBLIC_KEY_ENCRYPT_ERROR
- F_SSL_USE_CERTIFICATE_FILE R_PUBLIC_KEY_IS_NOT_RSA
- F_SSL_USE_PRIVATEKEY R_READ_WRONG_PACKET_TYPE
- F_SSL_USE_PRIVATEKEY_ASN1 R_SHORT_READ
- F_SSL_USE_PRIVATEKEY_FILE R_SSL_SESSION_ID_IS_DIFFERENT
- F_SSL_USE_RSAPRIVATEKEY R_UNABLE_TO_EXTRACT_PUBLIC_KEY
- F_SSL_USE_RSAPRIVATEKEY_ASN1 R_UNKNOWN_REMOTE_ERROR_TYPE
- F_SSL_USE_RSAPRIVATEKEY_FILE R_UNKNOWN_STATE
- F_WRITE_PENDING R_X509_LIB
- GEN_DIRNAME SENT_SHUTDOWN
- GEN_DNS SESSION_ASN1_VERSION
- GEN_EDIPARTY SESS_CACHE_BOTH
- GEN_EMAIL SESS_CACHE_CLIENT
- GEN_IPADD SESS_CACHE_NO_AUTO_CLEAR
- GEN_OTHERNAME SESS_CACHE_NO_INTERNAL
- GEN_RID SESS_CACHE_NO_INTERNAL_LOOKUP
- GEN_URI SESS_CACHE_NO_INTERNAL_STORE
- GEN_X400 SESS_CACHE_OFF
- LIBRESSL_VERSION_NUMBER SESS_CACHE_SERVER
- MBSTRING_ASC SESS_CACHE_UPDATE_TIME
- MBSTRING_BMP SSL2_MT_CLIENT_CERTIFICATE
- MBSTRING_FLAG SSL2_MT_CLIENT_FINISHED
- MBSTRING_UNIV SSL2_MT_CLIENT_HELLO
- MBSTRING_UTF8 SSL2_MT_CLIENT_MASTER_KEY
- MIN_RSA_MODULUS_LENGTH_IN_BYTES SSL2_MT_ERROR
- MODE_ACCEPT_MOVING_WRITE_BUFFER SSL2_MT_REQUEST_CERTIFICATE
- MODE_ASYNC SSL2_MT_SERVER_FINISHED
- MODE_AUTO_RETRY SSL2_MT_SERVER_HELLO
- MODE_ENABLE_PARTIAL_WRITE SSL2_MT_SERVER_VERIFY
- MODE_NO_AUTO_CHAIN SSL2_VERSION
- MODE_RELEASE_BUFFERS SSL3_MT_CCS
- NID_OCSP_sign SSL3_MT_CERTIFICATE
- NID_SMIMECapabilities SSL3_MT_CERTIFICATE_REQUEST
- NID_X500 SSL3_MT_CERTIFICATE_STATUS
- NID_X509 SSL3_MT_CERTIFICATE_URL
- NID_ad_OCSP SSL3_MT_CERTIFICATE_VERIFY
- NID_ad_ca_issuers SSL3_MT_CHANGE_CIPHER_SPEC
- NID_algorithm SSL3_MT_CLIENT_HELLO
- NID_authority_key_identifier SSL3_MT_CLIENT_KEY_EXCHANGE
- NID_basic_constraints SSL3_MT_ENCRYPTED_EXTENSIONS
- NID_bf_cbc SSL3_MT_END_OF_EARLY_DATA
- NID_bf_cfb64 SSL3_MT_FINISHED
- NID_bf_ecb SSL3_MT_HELLO_REQUEST
- NID_bf_ofb64 SSL3_MT_KEY_UPDATE
- NID_cast5_cbc SSL3_MT_MESSAGE_HASH
- NID_cast5_cfb64 SSL3_MT_NEWSESSION_TICKET
- NID_cast5_ecb SSL3_MT_NEXT_PROTO
- NID_cast5_ofb64 SSL3_MT_SERVER_DONE
- NID_certBag SSL3_MT_SERVER_HELLO
- NID_certificate_policies SSL3_MT_SERVER_KEY_EXCHANGE
- NID_client_auth SSL3_MT_SUPPLEMENTAL_DATA
- NID_code_sign SSL3_RT_ALERT
- NID_commonName SSL3_RT_APPLICATION_DATA
- NID_countryName SSL3_RT_CHANGE_CIPHER_SPEC
- NID_crlBag SSL3_RT_HANDSHAKE
- NID_crl_distribution_points SSL3_RT_HEADER
- NID_crl_number SSL3_RT_INNER_CONTENT_TYPE
- NID_crl_reason SSL3_VERSION
- NID_delta_crl SSLEAY_BUILT_ON
- NID_des_cbc SSLEAY_CFLAGS
- NID_des_cfb64 SSLEAY_DIR
- NID_des_ecb SSLEAY_PLATFORM
- NID_des_ede SSLEAY_VERSION
- NID_des_ede3 ST_ACCEPT
- NID_des_ede3_cbc ST_BEFORE
- NID_des_ede3_cfb64 ST_CONNECT
- NID_des_ede3_ofb64 ST_INIT
- NID_des_ede_cbc ST_OK
- NID_des_ede_cfb64 ST_READ_BODY
- NID_des_ede_ofb64 ST_READ_HEADER
- NID_des_ofb64 TLS1_1_VERSION
- NID_description TLS1_2_VERSION
- NID_desx_cbc TLS1_3_VERSION
- NID_dhKeyAgreement TLS1_VERSION
- NID_dnQualifier TLSEXT_STATUSTYPE_ocsp
+ AD_ACCESS_DENIED OP_CRYPTOPRO_TLSEXT_BUG
+ AD_BAD_CERTIFICATE OP_DISABLE_TLSEXT_CA_NAMES
+ AD_BAD_CERTIFICATE_HASH_VALUE OP_DONT_INSERT_EMPTY_FRAGMENTS
+ AD_BAD_CERTIFICATE_STATUS_RESPONSE OP_ENABLE_KTLS
+ AD_BAD_RECORD_MAC OP_ENABLE_MIDDLEBOX_COMPAT
+ AD_CERTIFICATE_EXPIRED OP_EPHEMERAL_RSA
+ AD_CERTIFICATE_REQUIRED OP_IGNORE_UNEXPECTED_EOF
+ AD_CERTIFICATE_REVOKED OP_LEGACY_SERVER_CONNECT
+ AD_CERTIFICATE_UNKNOWN OP_MICROSOFT_BIG_SSLV3_BUFFER
+ AD_CERTIFICATE_UNOBTAINABLE OP_MICROSOFT_SESS_ID_BUG
+ AD_CLOSE_NOTIFY OP_MSIE_SSLV2_RSA_PADDING
+ AD_DECODE_ERROR OP_NETSCAPE_CA_DN_BUG
+ AD_DECOMPRESSION_FAILURE OP_NETSCAPE_CHALLENGE_BUG
+ AD_DECRYPTION_FAILED OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+ AD_DECRYPT_ERROR OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+ AD_EXPORT_RESTRICTION OP_NON_EXPORT_FIRST
+ AD_HANDSHAKE_FAILURE OP_NO_ANTI_REPLAY
+ AD_ILLEGAL_PARAMETER OP_NO_CLIENT_RENEGOTIATION
+ AD_INAPPROPRIATE_FALLBACK OP_NO_COMPRESSION
+ AD_INSUFFICIENT_SECURITY OP_NO_ENCRYPT_THEN_MAC
+ AD_INTERNAL_ERROR OP_NO_EXTENDED_MASTER_SECRET
+ AD_MISSING_EXTENSION OP_NO_QUERY_MTU
+ AD_NO_APPLICATION_PROTOCOL OP_NO_RENEGOTIATION
+ AD_NO_CERTIFICATE OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ AD_NO_RENEGOTIATION OP_NO_SSL_MASK
+ AD_PROTOCOL_VERSION OP_NO_SSLv2
+ AD_RECORD_OVERFLOW OP_NO_SSLv3
+ AD_UNEXPECTED_MESSAGE OP_NO_TICKET
+ AD_UNKNOWN_CA OP_NO_TLSv1
+ AD_UNKNOWN_PSK_IDENTITY OP_NO_TLSv1_1
+ AD_UNRECOGNIZED_NAME OP_NO_TLSv1_2
+ AD_UNSUPPORTED_CERTIFICATE OP_NO_TLSv1_3
+ AD_UNSUPPORTED_EXTENSION OP_PKCS1_CHECK_1
+ AD_USER_CANCELLED OP_PKCS1_CHECK_2
+ ASN1_STRFLGS_ESC_CTRL OP_PRIORITIZE_CHACHA
+ ASN1_STRFLGS_ESC_MSB OP_SAFARI_ECDHE_ECDSA_BUG
+ ASN1_STRFLGS_ESC_QUOTE OP_SINGLE_DH_USE
+ ASN1_STRFLGS_RFC2253 OP_SINGLE_ECDH_USE
+ ASYNC_NO_JOBS OP_SSLEAY_080_CLIENT_DH_BUG
+ ASYNC_PAUSED OP_SSLREF2_REUSE_CERT_TYPE_BUG
+ CB_ACCEPT_EXIT OP_TLSEXT_PADDING
+ CB_ACCEPT_LOOP OP_TLS_BLOCK_PADDING_BUG
+ CB_ALERT OP_TLS_D5_BUG
+ CB_CONNECT_EXIT OP_TLS_ROLLBACK_BUG
+ CB_CONNECT_LOOP READING
+ CB_EXIT RECEIVED_SHUTDOWN
+ CB_HANDSHAKE_DONE RETRY_VERIFY
+ CB_HANDSHAKE_START RSA_3
+ CB_LOOP RSA_F4
+ CB_READ R_BAD_AUTHENTICATION_TYPE
+ CB_READ_ALERT R_BAD_CHECKSUM
+ CB_WRITE R_BAD_MAC_DECODE
+ CB_WRITE_ALERT R_BAD_RESPONSE_ARGUMENT
+ CLIENT_HELLO_CB R_BAD_SSL_FILETYPE
+ CLIENT_HELLO_ERROR R_BAD_SSL_SESSION_ID_LENGTH
+ CLIENT_HELLO_RETRY R_BAD_STATE
+ CLIENT_HELLO_SUCCESS R_BAD_WRITE_RETRY
+ ERROR_NONE R_CHALLENGE_IS_DIFFERENT
+ ERROR_SSL R_CIPHER_TABLE_SRC_ERROR
+ ERROR_SYSCALL R_INVALID_CHALLENGE_LENGTH
+ ERROR_WANT_ACCEPT R_NO_CERTIFICATE_SET
+ ERROR_WANT_ASYNC R_NO_CERTIFICATE_SPECIFIED
+ ERROR_WANT_ASYNC_JOB R_NO_CIPHER_LIST
+ ERROR_WANT_CLIENT_HELLO_CB R_NO_CIPHER_MATCH
+ ERROR_WANT_CONNECT R_NO_PRIVATEKEY
+ ERROR_WANT_READ R_NO_PUBLICKEY
+ ERROR_WANT_RETRY_VERIFY R_NULL_SSL_CTX
+ ERROR_WANT_WRITE R_PEER_DID_NOT_RETURN_A_CERTIFICATE
+ ERROR_WANT_X509_LOOKUP R_PEER_ERROR
+ ERROR_ZERO_RETURN R_PEER_ERROR_CERTIFICATE
+ EVP_PKS_DSA R_PEER_ERROR_NO_CIPHER
+ EVP_PKS_EC R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
+ EVP_PKS_RSA R_PUBLIC_KEY_ENCRYPT_ERROR
+ EVP_PKT_ENC R_PUBLIC_KEY_IS_NOT_RSA
+ EVP_PKT_EXCH R_READ_WRONG_PACKET_TYPE
+ EVP_PKT_EXP R_SHORT_READ
+ EVP_PKT_SIGN R_SSL_SESSION_ID_IS_DIFFERENT
+ EVP_PK_DH R_UNABLE_TO_EXTRACT_PUBLIC_KEY
+ EVP_PK_DSA R_UNKNOWN_REMOTE_ERROR_TYPE
+ EVP_PK_EC R_UNKNOWN_STATE
+ EVP_PK_RSA R_X509_LIB
+ FILETYPE_ASN1 SENT_SHUTDOWN
+ FILETYPE_PEM SESSION_ASN1_VERSION
+ F_CLIENT_CERTIFICATE SESS_CACHE_BOTH
+ F_CLIENT_HELLO SESS_CACHE_CLIENT
+ F_CLIENT_MASTER_KEY SESS_CACHE_NO_AUTO_CLEAR
+ F_D2I_SSL_SESSION SESS_CACHE_NO_INTERNAL
+ F_GET_CLIENT_FINISHED SESS_CACHE_NO_INTERNAL_LOOKUP
+ F_GET_CLIENT_HELLO SESS_CACHE_NO_INTERNAL_STORE
+ F_GET_CLIENT_MASTER_KEY SESS_CACHE_OFF
+ F_GET_SERVER_FINISHED SESS_CACHE_SERVER
+ F_GET_SERVER_HELLO SESS_CACHE_UPDATE_TIME
+ F_GET_SERVER_VERIFY SSL2_MT_CLIENT_CERTIFICATE
+ F_I2D_SSL_SESSION SSL2_MT_CLIENT_FINISHED
+ F_READ_N SSL2_MT_CLIENT_HELLO
+ F_REQUEST_CERTIFICATE SSL2_MT_CLIENT_MASTER_KEY
+ F_SERVER_HELLO SSL2_MT_ERROR
+ F_SSL_CERT_NEW SSL2_MT_REQUEST_CERTIFICATE
+ F_SSL_GET_NEW_SESSION SSL2_MT_SERVER_FINISHED
+ F_SSL_NEW SSL2_MT_SERVER_HELLO
+ F_SSL_READ SSL2_MT_SERVER_VERIFY
+ F_SSL_RSA_PRIVATE_DECRYPT SSL2_VERSION
+ F_SSL_RSA_PUBLIC_ENCRYPT SSL3_MT_CCS
+ F_SSL_SESSION_NEW SSL3_MT_CERTIFICATE
+ F_SSL_SESSION_PRINT_FP SSL3_MT_CERTIFICATE_REQUEST
+ F_SSL_SET_FD SSL3_MT_CERTIFICATE_STATUS
+ F_SSL_SET_RFD SSL3_MT_CERTIFICATE_URL
+ F_SSL_SET_WFD SSL3_MT_CERTIFICATE_VERIFY
+ F_SSL_USE_CERTIFICATE SSL3_MT_CHANGE_CIPHER_SPEC
+ F_SSL_USE_CERTIFICATE_ASN1 SSL3_MT_CLIENT_HELLO
+ F_SSL_USE_CERTIFICATE_FILE SSL3_MT_CLIENT_KEY_EXCHANGE
+ F_SSL_USE_PRIVATEKEY SSL3_MT_ENCRYPTED_EXTENSIONS
+ F_SSL_USE_PRIVATEKEY_ASN1 SSL3_MT_END_OF_EARLY_DATA
+ F_SSL_USE_PRIVATEKEY_FILE SSL3_MT_FINISHED
+ F_SSL_USE_RSAPRIVATEKEY SSL3_MT_HELLO_REQUEST
+ F_SSL_USE_RSAPRIVATEKEY_ASN1 SSL3_MT_KEY_UPDATE
+ F_SSL_USE_RSAPRIVATEKEY_FILE SSL3_MT_MESSAGE_HASH
+ F_WRITE_PENDING SSL3_MT_NEWSESSION_TICKET
+ GEN_DIRNAME SSL3_MT_NEXT_PROTO
+ GEN_DNS SSL3_MT_SERVER_DONE
+ GEN_EDIPARTY SSL3_MT_SERVER_HELLO
+ GEN_EMAIL SSL3_MT_SERVER_KEY_EXCHANGE
+ GEN_IPADD SSL3_MT_SUPPLEMENTAL_DATA
+ GEN_OTHERNAME SSL3_RT_ALERT
+ GEN_RID SSL3_RT_APPLICATION_DATA
+ GEN_URI SSL3_RT_CHANGE_CIPHER_SPEC
+ GEN_X400 SSL3_RT_HANDSHAKE
+ LIBRESSL_VERSION_NUMBER SSL3_RT_HEADER
+ MBSTRING_ASC SSL3_RT_INNER_CONTENT_TYPE
+ MBSTRING_BMP SSL3_VERSION
+ MBSTRING_FLAG SSLEAY_BUILT_ON
+ MBSTRING_UNIV SSLEAY_CFLAGS
+ MBSTRING_UTF8 SSLEAY_DIR
+ MIN_RSA_MODULUS_LENGTH_IN_BYTES SSLEAY_PLATFORM
+ MODE_ACCEPT_MOVING_WRITE_BUFFER SSLEAY_VERSION
+ MODE_ASYNC ST_ACCEPT
+ MODE_AUTO_RETRY ST_BEFORE
+ MODE_ENABLE_PARTIAL_WRITE ST_CONNECT
+ MODE_NO_AUTO_CHAIN ST_INIT
+ MODE_RELEASE_BUFFERS ST_OK
+ NID_OCSP_sign ST_READ_BODY
+ NID_SMIMECapabilities ST_READ_HEADER
+ NID_X500 TLS1_1_VERSION
+ NID_X509 TLS1_2_VERSION
+ NID_ad_OCSP TLS1_3_VERSION
+ NID_ad_ca_issuers TLS1_VERSION
+ NID_algorithm TLSEXT_STATUSTYPE_ocsp
+ NID_authority_key_identifier TLSEXT_TYPE_application_layer_protocol_negotiation
+ NID_basic_constraints TLSEXT_TYPE_cert_type
+ NID_bf_cbc TLSEXT_TYPE_certificate_authorities
+ NID_bf_cfb64 TLSEXT_TYPE_client_authz
+ NID_bf_ecb TLSEXT_TYPE_client_cert_type
+ NID_bf_ofb64 TLSEXT_TYPE_client_certificate_url
+ NID_cast5_cbc TLSEXT_TYPE_compress_certificate
+ NID_cast5_cfb64 TLSEXT_TYPE_cookie
+ NID_cast5_ecb TLSEXT_TYPE_early_data
+ NID_cast5_ofb64 TLSEXT_TYPE_ec_point_formats
+ NID_certBag TLSEXT_TYPE_elliptic_curves
+ NID_certificate_policies TLSEXT_TYPE_encrypt_then_mac
+ NID_client_auth TLSEXT_TYPE_extended_master_secret
+ NID_code_sign TLSEXT_TYPE_key_share
+ NID_commonName TLSEXT_TYPE_max_fragment_length
+ NID_countryName TLSEXT_TYPE_next_proto_neg
+ NID_crlBag TLSEXT_TYPE_padding
+ NID_crl_distribution_points TLSEXT_TYPE_post_handshake_auth
+ NID_crl_number TLSEXT_TYPE_psk
+ NID_crl_reason TLSEXT_TYPE_psk_kex_modes
+ NID_delta_crl TLSEXT_TYPE_quic_transport_parameters
+ NID_des_cbc TLSEXT_TYPE_renegotiate
+ NID_des_cfb64 TLSEXT_TYPE_server_authz
+ NID_des_ecb TLSEXT_TYPE_server_cert_type
+ NID_des_ede TLSEXT_TYPE_server_name
+ NID_des_ede3 TLSEXT_TYPE_session_ticket
+ NID_des_ede3_cbc TLSEXT_TYPE_signature_algorithms
+ NID_des_ede3_cfb64 TLSEXT_TYPE_signature_algorithms_cert
+ NID_des_ede3_ofb64 TLSEXT_TYPE_signed_certificate_timestamp
+ NID_des_ede_cbc TLSEXT_TYPE_srp
+ NID_des_ede_cfb64 TLSEXT_TYPE_status_request
+ NID_des_ede_ofb64 TLSEXT_TYPE_supported_groups
+ NID_des_ofb64 TLSEXT_TYPE_supported_versions
+ NID_description TLSEXT_TYPE_truncated_hmac
+ NID_desx_cbc TLSEXT_TYPE_trusted_ca_keys
+ NID_dhKeyAgreement TLSEXT_TYPE_use_srtp
+ NID_dnQualifier TLSEXT_TYPE_user_mapping
NID_dsa VERIFY_CLIENT_ONCE
NID_dsaWithSHA VERIFY_FAIL_IF_NO_PEER_CERT
NID_dsaWithSHA1 VERIFY_NONE
diff --git a/t/local/21_constants.t b/t/local/21_constants.t
index c930d2b..31762a4 100644
--- a/t/local/21_constants.t
+++ b/t/local/21_constants.t
@@ -11,9 +11,43 @@ use Test::Net::SSLeay qw(dies_like);
# We rely on symbolic references in the dies_like() tests:
no strict 'refs';
-plan tests => 644;
+plan tests => 718;
my @constants = qw(
+ AD_ACCESS_DENIED
+ AD_BAD_CERTIFICATE
+ AD_BAD_CERTIFICATE_HASH_VALUE
+ AD_BAD_CERTIFICATE_STATUS_RESPONSE
+ AD_BAD_RECORD_MAC
+ AD_CERTIFICATE_EXPIRED
+ AD_CERTIFICATE_REQUIRED
+ AD_CERTIFICATE_REVOKED
+ AD_CERTIFICATE_UNKNOWN
+ AD_CERTIFICATE_UNOBTAINABLE
+ AD_CLOSE_NOTIFY
+ AD_DECODE_ERROR
+ AD_DECOMPRESSION_FAILURE
+ AD_DECRYPTION_FAILED
+ AD_DECRYPT_ERROR
+ AD_EXPORT_RESTRICTION
+ AD_HANDSHAKE_FAILURE
+ AD_ILLEGAL_PARAMETER
+ AD_INAPPROPRIATE_FALLBACK
+ AD_INSUFFICIENT_SECURITY
+ AD_INTERNAL_ERROR
+ AD_MISSING_EXTENSION
+ AD_NO_APPLICATION_PROTOCOL
+ AD_NO_CERTIFICATE
+ AD_NO_RENEGOTIATION
+ AD_PROTOCOL_VERSION
+ AD_RECORD_OVERFLOW
+ AD_UNEXPECTED_MESSAGE
+ AD_UNKNOWN_CA
+ AD_UNKNOWN_PSK_IDENTITY
+ AD_UNRECOGNIZED_NAME
+ AD_UNSUPPORTED_CERTIFICATE
+ AD_UNSUPPORTED_EXTENSION
+ AD_USER_CANCELLED
ASN1_STRFLGS_ESC_CTRL
ASN1_STRFLGS_ESC_MSB
ASN1_STRFLGS_ESC_QUOTE
@@ -34,6 +68,9 @@ my @constants = qw(
CB_WRITE
CB_WRITE_ALERT
CLIENT_HELLO_CB
+ CLIENT_HELLO_ERROR
+ CLIENT_HELLO_RETRY
+ CLIENT_HELLO_SUCCESS
ERROR_NONE
ERROR_SSL
ERROR_SYSCALL
@@ -482,6 +519,43 @@ my @constants = qw(
TLS1_3_VERSION
TLS1_VERSION
TLSEXT_STATUSTYPE_ocsp
+ TLSEXT_TYPE_application_layer_protocol_negotiation
+ TLSEXT_TYPE_cert_type
+ TLSEXT_TYPE_certificate_authorities
+ TLSEXT_TYPE_client_authz
+ TLSEXT_TYPE_client_cert_type
+ TLSEXT_TYPE_client_certificate_url
+ TLSEXT_TYPE_compress_certificate
+ TLSEXT_TYPE_cookie
+ TLSEXT_TYPE_early_data
+ TLSEXT_TYPE_ec_point_formats
+ TLSEXT_TYPE_elliptic_curves
+ TLSEXT_TYPE_encrypt_then_mac
+ TLSEXT_TYPE_extended_master_secret
+ TLSEXT_TYPE_key_share
+ TLSEXT_TYPE_max_fragment_length
+ TLSEXT_TYPE_next_proto_neg
+ TLSEXT_TYPE_padding
+ TLSEXT_TYPE_post_handshake_auth
+ TLSEXT_TYPE_psk
+ TLSEXT_TYPE_psk_kex_modes
+ TLSEXT_TYPE_quic_transport_parameters
+ TLSEXT_TYPE_renegotiate
+ TLSEXT_TYPE_server_authz
+ TLSEXT_TYPE_server_cert_type
+ TLSEXT_TYPE_server_name
+ TLSEXT_TYPE_session_ticket
+ TLSEXT_TYPE_signature_algorithms
+ TLSEXT_TYPE_signature_algorithms_cert
+ TLSEXT_TYPE_signed_certificate_timestamp
+ TLSEXT_TYPE_srp
+ TLSEXT_TYPE_status_request
+ TLSEXT_TYPE_supported_groups
+ TLSEXT_TYPE_supported_versions
+ TLSEXT_TYPE_truncated_hmac
+ TLSEXT_TYPE_trusted_ca_keys
+ TLSEXT_TYPE_use_srtp
+ TLSEXT_TYPE_user_mapping
VERIFY_CLIENT_ONCE
VERIFY_FAIL_IF_NO_PEER_CERT
VERIFY_NONE
diff --git a/t/local/48_client_hello_callback.t b/t/local/48_client_hello_callback.t
new file mode 100644
index 0000000..d99122c
--- /dev/null
+++ b/t/local/48_client_hello_callback.t
@@ -0,0 +1,346 @@
+use lib 'inc';
+
+use Net::SSLeay;
+use Test::Net::SSLeay qw(
+ can_fork data_file_path initialise_libssl new_ctx tcp_socket
+);
+
+BEGIN {
+ if (not defined &Net::SSLeay::CTX_set_client_hello_cb) {
+ plan skip_all => "No SSL_CTX_set_client_hello_cb()";
+ } elsif (not can_fork()) {
+ plan skip_all => "fork() not supported on this system";
+ } else {
+ plan tests => 41;
+ }
+}
+
+initialise_libssl();
+
+my $server = tcp_socket();
+my $pid;
+
+my $cert_pem = data_file_path('simple-cert.cert.pem');
+my $key_pem = data_file_path('simple-cert.key.pem');
+
+my $cb_test_arg = [1, 'string for hello cb test arg'];
+
+# As of 2023-08, even the latest in-development OpenSSL allows
+# connections with SSLv2 ClientHello. Tested with OpenSSL 0.9.8f as
+# client and OpenSSL 3.2.0-dev from git master branch as
+# server. Trigger alert 42 as a marker.
+sub client_hello_cb_v2hello_detection
+{
+ my ($ssl, $arg) = @_;
+
+ pass('client_hello_cb_v2hello_detection called for SSLv2 hello');
+ is(Net::SSLeay::client_hello_isv2($ssl), 1, 'SSLv2 ClientHello');
+ is(Net::SSLeay::client_hello_get0_legacy_version($ssl), 0x0301, 'SSLv2 get0_legacy_version');
+
+ my $random = Net::SSLeay::client_hello_get0_random($ssl);
+ my $sess_id = Net::SSLeay::client_hello_get0_session_id($ssl);
+ my $ciphers = Net::SSLeay::client_hello_get0_ciphers($ssl);
+ my $compres = Net::SSLeay::client_hello_get0_compression_methods($ssl);
+ is($random, pack('H*', '1f90dda05ec4a857523dcc0ae06c461a99c36ce647a84aa64061c054333376b9'), 'SSLv2 get0_random / Challenge');
+ is($sess_id, '', 'SSLv2 get0_session_id');
+ is($ciphers, pack('H*', '00003900003800003500001600001300000a00003300003200002f0000070000050000040000150000120000090000ff'), 'SSLv2 get0_ciphers');
+ is($compres, pack('H*', '00'), 'SSLv2 get0_compression_methods');
+
+ # See bug https://github.com/openssl/openssl/pull/8756
+ # With 1.1.1b and earlier, MALLOC_FAILURE is raised when there are
+ # no extensions. This is fixed in 1.1.1c.
+ my $extensions = Net::SSLeay::client_hello_get1_extensions_present($ssl);
+ Net::SSLeay::SSLeay > 0x1010102f ? # 1.1.1c or later
+ is_deeply($extensions, [], 'SSLv2 get1_extensions_present') : # No extensions: empty array
+ is($extensions, undef, 'SSLv2 get1_extensions_present buggy'); # No extensions: buggy undef
+
+ if (defined &Net::SSLeay::client_hello_get_extension_order) {
+ $extensions = Net::SSLeay::client_hello_get_extension_order($ssl);
+ is_deeply($extensions, [], 'SSLv2 get_extension_order');
+ } else {
+ SKIP: { skip('Do not have Net::SSLeay::client_hello_get_extension_order', 1); }
+ }
+
+ my $al = Net::SSLeay::AD_BAD_CERTIFICATE();
+ return (Net::SSLeay::CLIENT_HELLO_ERROR(), $al);
+}
+
+# See that the exact same reference with unchanged contents are made
+# available for the callback. Allow handshake to proceed.
+sub client_hello_cb_getters
+{
+ my ($ssl, $arg) = @_;
+
+ pass('client_hello_cb_getters called for TLS hello');
+ is(Net::SSLeay::client_hello_isv2($ssl), 0, 'Not SSLv2 ClientHello');
+ is(Net::SSLeay::client_hello_get0_legacy_version($ssl), 0x0303, 'TLS get0_legacy_version');
+
+ my $random = Net::SSLeay::client_hello_get0_random($ssl);
+ my $sess_id = Net::SSLeay::client_hello_get0_session_id($ssl);
+ my $ciphers = Net::SSLeay::client_hello_get0_ciphers($ssl);
+ my $compres = Net::SSLeay::client_hello_get0_compression_methods($ssl);
+ is($random, pack('H*', '8bbef485edd728d6c02c421b5a9a3a137d6dfda43c5796ef825d8ac7dcbbbc53'), 'TLS get0_random');
+ is($sess_id, pack('H*', '0d687c7511cb0b65eb3cde414c2385bc0ecb56d8c81403c571184c4acbd1ee31'), 'TLS get0_session_id');
+ is($ciphers, pack('H*', '130213031301c02cc03000a3009fcca9cca8ccaac0afc0adc0a3c09fc05dc061c057c05300a7c02bc02f00a2009ec0aec0acc0a2c09ec05cc060c056c05200a6c024c028006b006ac073c07700c400c3006d00c5c023c02700670040c072c07600be00bd006c00bfc00ac0140039003800880087c019003a0089c009c0130033003200450044c01800340046009dc0a1c09dc051009cc0a0c09cc050003d00c0003c00ba00350084002f004100ff'), 'TLS get0_ciphers');
+ is($compres, pack('H*', '00'), 'TLS get0_compression_methods');
+
+ # OpenSSL extensions_presents does not guarantee that extensions
+ # are returned in the order the appear ClientHello. Therefore we
+ # compare sorted arrays. Note: that the both functions also do not
+ # return extensions OpenSSL does not recognise. For more, see:
+ # https://github.com/openssl/openssl/issues/18286#issuecomment-1123436664
+ my @ordered_ext = (11, 10, 35, 22, 23, 13, 43, 45, 51);
+ my $extensions = Net::SSLeay::client_hello_get1_extensions_present($ssl);
+ is_deeply($extensions, \@ordered_ext, 'TLS get1_extensions_present');
+
+ if (defined &Net::SSLeay::client_hello_get_extension_order) {
+ $extensions = Net::SSLeay::client_hello_get_extension_order($ssl);
+ is_deeply($extensions, \@ordered_ext, 'TLS get_extension_order');
+ } else {
+ SKIP: { skip('Do not have Net::SSLeay::client_hello_get_extension_order', 1); }
+ }
+
+ my $ext_ems = Net::SSLeay::client_hello_get0_ext($ssl, Net::SSLeay::TLSEXT_TYPE_extended_master_secret());
+ my $ext_ver = Net::SSLeay::client_hello_get0_ext($ssl, Net::SSLeay::TLSEXT_TYPE_supported_versions());
+ my $ext_n_a = Net::SSLeay::client_hello_get0_ext($ssl, 101);
+ is($ext_ems, '', 'TLS get0_ext extended master secret'); # Present with empty value
+ is($ext_ver, pack('H*', '080304030303020301'), 'TLS get0_ext supported versions');
+ is($ext_n_a, undef, 'TLS get0_ext extension not present'); # Not present
+
+ my $al = Net::SSLeay::AD_HANDSHAKE_FAILURE();
+ return (Net::SSLeay::CLIENT_HELLO_ERROR(), $al);
+}
+
+# See that the exact same reference with unchanged contents are made
+# available for the callback. Allow handshake to proceed.
+sub client_hello_cb_value_passing
+{
+ my ($ssl, $arg) = @_;
+
+ pass('client_hello_cb_value_passing called');
+ is($cb_test_arg, $$arg, 'callback arg passed correctly');
+ is_deeply($cb_test_arg, $$arg, 'callback arg contents passed correctly');
+ return Net::SSLeay::CLIENT_HELLO_SUCCESS();
+}
+
+# Abort handshake with an ALPN alert. Test this on the client side.
+sub client_hello_cb_alert_alpn
+{
+ my ($ssl, $arg) = @_;
+
+ pass('client_hello_cb_alert_alpn called');
+ my $al = Net::SSLeay::AD_NO_APPLICATION_PROTOCOL();
+ return (Net::SSLeay::CLIENT_HELLO_ERROR(), $al);
+}
+
+# Check that alert is ignored with success return. Allow handshake to
+# proceed.
+sub client_hello_cb_conflicting_return_value
+{
+ my ($ssl, $arg) = @_;
+
+ pass('client_hello_cb_conflicting_return_value called');
+ my $al = Net::SSLeay::AD_NO_APPLICATION_PROTOCOL();
+ return (Net::SSLeay::CLIENT_HELLO_SUCCESS(), $al);
+}
+
+# Catch incorrectly implemented callbacks. A callback can not return
+# too few values
+sub client_hello_cb_no_return_value
+{
+ my ($ssl, $arg) = @_;
+
+ pass('client_hello_cb_no_return_value called');
+ return;
+}
+
+# Catch incorrectly implemented callbacks. A callback can not return
+# too many values
+sub client_hello_cb_too_many_return_values
+{
+ my ($ssl, $arg) = @_;
+
+ pass('client_hello_cb_too_many_return_values called');
+ my $al = Net::SSLeay::AD_NO_APPLICATION_PROTOCOL();
+ return (Net::SSLeay::CLIENT_HELLO_SUCCESS(), $al, 'surprise');
+}
+
+# Definitions for tests. Each array entry defines a test round with
+# instructions for both TLS client and server.
+my @cb_tests = (
+ # SSL_client_hello_cb_fn - callback function
+ # argument passed to the callback
+ # true if the callback function triggers croak()
+ # true if the client needs to test that ALPN alert (120) is received
+ [ \&client_hello_cb_v2hello_detection, undef, 0 ],
+ [ \&client_hello_cb_getters, undef, 0 ],
+ [ \&client_hello_cb_value_passing, \$cb_test_arg, 0 ],
+ [ \&client_hello_cb_alert_alpn, undef, 0, 'alerts'],
+ [ \&client_hello_cb_alert_alpn, undef, 0, 'alerts'], # Call again to increase alert counter
+ [ \&client_hello_cb_conflicting_return_value, undef, 0 ],
+ [ \&client_hello_cb_no_return_value, undef, 'croaks' ],
+ [ \&client_hello_cb_too_many_return_values, undef, 'croaks' ],
+ );
+
+# Array that collects tests the client does. These are evaluated after
+# the server has done all its tests. This is to keep the server and
+# client test output from being incorrectly interleaved.
+my @results;
+
+{
+ # SSL server
+ $pid = fork();
+ BAIL_OUT("failed to fork: $!") unless defined $pid;
+ if ($pid == 0) {
+ foreach my $cb_test (@cb_tests) {
+ my $ns = $server->accept();
+
+ my ($ctx, $proto) = new_ctx('TLSv1.2', 'TLSv1.3');
+ Net::SSLeay::set_cert_and_key($ctx, $cert_pem, $key_pem);
+
+ # TLSv1.3 servers send session tickets after the handshake; if a client
+ # closes the connection before the server sends the tickets, accept()
+ # fails with SSL_ERROR_SYSCALL and errno=EPIPE, which will cause this
+ # process to receive a SIGPIPE signal and exit unsuccessfully
+ Net::SSLeay::CTX_set_num_tickets($ctx, 0);
+
+ Net::SSLeay::CTX_set_client_hello_cb($ctx, $cb_test->[0], $cb_test->[1]);
+
+ my $ssl = Net::SSLeay::new($ctx);
+ Net::SSLeay::set_fd($ssl, fileno($ns));
+
+ # Some of test info_cbs attempt to trigger croak() which
+ # needs to be caught and tested here.
+ my $lives = eval { Net::SSLeay::accept($ssl); return 1; };
+ chomp(my $reason = $@);
+ if ($cb_test->[2])
+ {
+ $lives ?
+ fail('ssl_client_hello_cb_fn did not die') :
+ like($@, qr/ssl_client_hello_cb_fn perl function returned/, "Died because of ssl_client_hello_cb_fn: $reason");
+ } else
+ {
+ $lives ?
+ pass('ssl_client_hello_cb_fn did not die') :
+ fail("Died with reason: $reason");
+ }
+
+ Net::SSLeay::free($ssl);
+ Net::SSLeay::CTX_free($ctx);
+ close($ns) || die("server close: $!");
+ }
+ $server->close() || die("server listen socket close: $!");
+ exit(0);
+ }
+}
+
+{
+ # SSL client
+ my $alpn_alert_count = 0;
+
+ # Use info callback to count TLS alert 120 occurences (ALPN alert).
+ my $infocb = sub {
+ my ($ssl, $where, $ret) = @_;
+
+ if ($where & Net::SSLeay::CB_ALERT()) {
+ $alpn_alert_count++ if Net::SSLeay::alert_desc_string_long($ret) =~ m/no application protocol/s;
+ }
+ };
+
+ # Start with SSLv2 ClientHello detection test. Send a canned SSLv2
+ # ClientHello.
+ {
+ my $s_clientv2 = $server->connect();
+ my $clientv2_hello = get_sslv2_hello();
+ syswrite($s_clientv2, $clientv2_hello, length $clientv2_hello);
+ sysread($s_clientv2, my $buf, 16384);
+
+ # Alert (15), version (0303|4), length (0002), level fatal (02), bad cert(2a)
+ my $alert_matches = unpack('H*', $buf) =~ m/^15030.0002022a\z/s;
+ push @results, [$alert_matches, 'Client: Alert from canned SSLv2 ClientHello'];
+ close($s_clientv2) || die("s_clientv2 close");
+ shift @cb_tests;
+ }
+
+ # Start with TLSv1.3 ClientHello detection test. Send a canned TLSv1.3
+ # ClientHello.
+ {
+ my $s_clientv2 = $server->connect();
+ my $clientv2_hello = get_tlsv13_hello();
+ syswrite($s_clientv2, $clientv2_hello, length $clientv2_hello);
+ sysread($s_clientv2, my $buf, 16384);
+
+ # Alert (15), version (0303|4), length (0002), level fatal (02), handshake failure(28)
+ my $alert_matches = unpack('H*', $buf) =~ m/^15030.00020228\z/s;
+ push @results, [$alert_matches, 'Client: Alert from canned TLS ClientHello'];
+ close($s_clientv2) || die("s_clientv2 close");
+ shift @cb_tests;
+ }
+
+ # The rest of tests use client's TLS stack
+ foreach my $cb_test (@cb_tests) {
+ my $s_c = $server->connect();
+
+ my ($ctx_c, $proto_c) = new_ctx('TLSv1.2', 'TLSv1.3');
+ Net::SSLeay::CTX_set_info_callback($ctx_c, $infocb)
+ if $cb_test->[3];
+
+ # Add ALPN extension to ClientHello. We can then test that our
+ # code finds it on the server side. We don't otherwise use
+ # ALPN.
+ my $rv = Net::SSLeay::CTX_set_alpn_protos($ctx_c, ['foo/1','bar/2']);
+
+ Net::SSLeay::CTX_set_options($ctx_c, Net::SSLeay::OP_ALL());
+ my $ssl_c = Net::SSLeay::new($ctx_c);
+ Net::SSLeay::set_fd($ssl_c, $s_c);
+ Net::SSLeay::connect($ssl_c);
+
+ Net::SSLeay::free($ssl_c);
+ Net::SSLeay::CTX_free($ctx_c);
+ close($s_c) || die("client close: $!");
+ }
+ $server->close() || die("client listen socket close: $!");
+ push @results, [$alpn_alert_count == 2, "Client: ALPN alert count is correct: got $alpn_alert_count"];
+}
+
+waitpid $pid, 0;
+push @results, [$? == 0, 'Client: server exited with 0'];
+END {
+ Test::More->builder->current_test(37);
+ ok( $_->[0], $_->[1] ) for (@results);
+}
+
+# Use a canned SSLv2 ClientHello for testing OpenSSL's
+# SSL_client_hello_isv2()
+sub get_sslv2_hello
+{
+ # Captures with OpenSSL 0.9.8f. The second capture uses TLSv1.0 as
+ # Version but still includes a number of SSLv2 ciphersuites.
+ #
+ # openssl s_client -connect 127.0.0.1:443 -ssl2
+ # openssl s_client -connect 127.0.0.1:443
+ my $sslv2_sslv2_hex_f = '802e0100020015000000100700c00500800300800100800600400400800200808f11701ccdc4eab421b6d03e4942ea98';
+ my $sslv2_tlsv1_hex_f = '807a01030100510000002000003900003800003500001600001300000a0700c000003300003200002f0000070500800300800000050000040100800000150000120000090600400000140000110000080000060400800000030200807f0913623fe5e84de01bc7733ae8fcdcefda1ef60a4c960ac7251f6560841566';
+
+ # Captures with OpenSSL 0.9.8zh.
+ #
+ # The first capture is similar to 0.9.8f but the ciphersuites are
+ # now ordered with the strongest first.The second capture uses
+ # TLSv1.0 as Version but compared to 0.9.8f has a more modern set
+ # of ciphers including TLS_EMPTY_RENEGOTIATION_INFO_SCSV.
+ my $sslv2_sslv2_hex_zh = '802e0100020015000000100700c006004005008004008003008002008001008015c9eb78cbf9702542ac2d4c46b6101a';
+ my $sslv2_tlsv1_hex_zh = '805901030100300000002000003900003800003500001600001300000a00003300003200002f0000070000050000040000150000120000090000ff1f90dda05ec4a857523dcc0ae06c461a99c36ce647a84aa64061c054333376b9';
+
+ return pack('H*', $sslv2_tlsv1_hex_zh);
+}
+
+# Use a canned TLS ClientHello for testing the different get functions
+sub get_tlsv13_hello
+{
+ # Capture with locally confgured OpenSSL 3.1.2
+ #
+ # openssl s_client -connect 127.0.0.1:443 -cipher ALL:@SECLEVEL=0
+ my $tlsv13_hex = '160301019a0100019603038bbef485edd728d6c02c421b5a9a3a137d6dfda43c5796ef825d8ac7dcbbbc53200d687c7511cb0b65eb3cde414c2385bc0ecb56d8c81403c571184c4acbd1ee3100ae130213031301c02cc03000a3009fcca9cca8ccaac0afc0adc0a3c09fc05dc061c057c05300a7c02bc02f00a2009ec0aec0acc0a2c09ec05cc060c056c05200a6c024c028006b006ac073c07700c400c3006d00c5c023c02700670040c072c07600be00bd006c00bfc00ac0140039003800880087c019003a0089c009c0130033003200450044c01800340046009dc0a1c09dc051009cc0a0c09cc050003d00c0003c00ba00350084002f004100ff0100009f000b000403000102000a00160014001d0017001e0019001801000101010201030104002300000016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602002b0009080304030303020301002d00020101003300260024001d0020330c4636c46839dcd22288191791649290b432ed8748a8d7935799dc6e37f246';
+
+ return pack('H*', $tlsv13_hex);
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 09:49:36 +0000