diff options
author | Matt Caswell <matt@openssl.org> | 2017-07-07 14:43:21 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-07-07 16:08:05 +0100 |
commit | dd05bd4cb46e9662fae6f0f8ca9590fef6c1c957 (patch) | |
tree | abd2b3b7ed63549fef862b143b12e7afac343e81 /include | |
parent | 4f11c7476b14225d5919924e433dbac0b4806081 (diff) |
Some SSL_OP_ values can't be used in 1.1.x
SSL_OP_ALL was set in 0x0BFF so reusing some of these bits would cause
ABI compatibility issues.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3833)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 156b50a16a..22e6dca66c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -282,10 +282,25 @@ typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, /* Typedef for verification callback */ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); +/* + * Some values are reserved until OpenSSL 1.2.0 because they were previously + * included in SSL_OP_ALL in a 1.1.x release. + * + * Reserved value (until OpenSSL 1.2.0) 0x00000001U + * Reserved value (until OpenSSL 1.2.0) 0x00000002U + */ /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U + +/* Reserved value (until OpenSSL 1.2.0) 0x00000008U */ # define SSL_OP_TLSEXT_PADDING 0x00000010U +/* Reserved value (until OpenSSL 1.2.0) 0x00000020U */ # define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +/* + * Reserved value (until OpenSSL 1.2.0) 0x00000080U + * Reserved value (until OpenSSL 1.2.0) 0x00000100U + * Reserved value (until OpenSSL 1.2.0) 0x00000200U + */ /* In TLSv1.3 allow a non-(ec)dhe based kex_mode */ # define SSL_OP_ALLOW_NO_DHE_KEX 0x00000400U |