OpenSSL 结构体

X509_STORE

头文件：x509_vfy.h

定义

typedef struct x509_store_st X509_STORE;
struct x509_store_st
{/* The following is a cache of trusted certs */int cache;     /* if true, stash any hits */STACK_OF(X509_OBJECT) *objs;    /* Cache of all objects *//* These are external lookup methods */STACK_OF(X509_LOOKUP) *get_cert_methods;X509_VERIFY_PARAM *param;/* Callbacks for various operations */int (*verify)(X509_STORE_CTX *ctx);    /* called to verify a certificate */int (*verify_cb)(int ok,X509_STORE_CTX *ctx);    /* error callback */int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);    /* get issuers cert from ctx */int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);int (*cleanup)(X509_STORE_CTX *ctx);CRYPTO_EX_DATA ex_data;int references;
} /* X509_STORE */;

SSL_METHOD

头文件：ssl.h

定义

typedef struct ssl_method_st SSL_METHOD;
struct ssl_method_st
{int version;int (*ssl_new)(SSL *s);void (*ssl_clear)(SSL *s);void (*ssl_free)(SSL *s);int (*ssl_accept)(SSL *s);int (*ssl_connect)(SSL *s);int (*ssl_read)(SSL *s,void *buf,int len);int (*ssl_peek)(SSL *s,void *buf,int len);int (*ssl_write)(SSL *s,const void *buf,int len);int (*ssl_shutdown)(SSL *s);int (*ssl_renegotiate)(SSL *s);int (*ssl_renegotiate_check)(SSL *s);long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, longmax, int *ok);int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,int peek);int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);int (*ssl_dispatch_alert)(SSL *s);long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);int (*ssl_pending)(const SSL *s);int (*num_ciphers)(void);const SSL_CIPHER *(*get_cipher)(unsigned ncipher);const struct ssl_method_st *(*get_ssl_method)(int version);long (*get_timeout)(void);struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */int (*ssl_version)(void);long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
};

SSL_METHOD

头文件：ssl.h

定义

typedef struct ssl_method_st SSL_METHOD;
struct ssl_method_st
{int version;int (*ssl_new)(SSL *s);void (*ssl_clear)(SSL *s);void (*ssl_free)(SSL *s);int (*ssl_accept)(SSL *s);int (*ssl_connect)(SSL *s);int (*ssl_read)(SSL *s,void *buf,int len);int (*ssl_peek)(SSL *s,void *buf,int len);int (*ssl_write)(SSL *s,const void *buf,int len);int (*ssl_shutdown)(SSL *s);int (*ssl_renegotiate)(SSL *s);int (*ssl_renegotiate_check)(SSL *s);long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, longmax, int *ok);int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,int peek);int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);int (*ssl_dispatch_alert)(SSL *s);long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);int (*ssl_pending)(const SSL *s);int (*num_ciphers)(void);const SSL_CIPHER *(*get_cipher)(unsigned ncipher);const struct ssl_method_st *(*get_ssl_method)(int version);long (*get_timeout)(void);struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */int (*ssl_version)(void);long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
};

SSL_CTX

头文件：ssl.h

定义

typedef struct ssl_ctx_st SSL_CTX;
struct ssl_ctx_st
{const SSL_METHOD *method;STACK_OF(SSL_CIPHER) *cipher_list;/* same as above but sorted for lookup */STACK_OF(SSL_CIPHER) *cipher_list_by_id;struct x509_store_st /* X509_STORE */ *cert_store;LHASH_OF(SSL_SESSION) *sessions;/* Most session-ids that will be cached, default is* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */unsigned long session_cache_size;struct ssl_session_st *session_cache_head;struct ssl_session_st *session_cache_tail;/* This can have one of 2 values, ored together,* SSL_SESS_CACHE_CLIENT,* SSL_SESS_CACHE_SERVER,* Default is SSL_SESSION_CACHE_SERVER, which means only* SSL_accept which cache SSL_SESSIONS. */int session_cache_mode;/* If timeout is not 0, it is the default timeout value set* when SSL_new() is called.  This has been put in to make* life easier to set things up */long session_timeout;/* If this callback is not null, it will be called each* time a session id is added to the cache.  If this function* returns 1, it means that the callback will do a* SSL_SESSION_free() when it has finished using it.  Otherwise,* on 0, it means the callback has finished with it.* If remove_session_cb is not null, it will be called when* a session-id is removed from the cache.  After the call,* OpenSSL will SSL_SESSION_free() it. */int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,unsigned char *data,int len,int *copy);struct{int sess_connect;    /* SSL new conn - started */int sess_connect_renegotiate;/* SSL reneg - requested */int sess_connect_good;    /* SSL new conne/reneg - finished */int sess_accept;    /* SSL new accept - started */int sess_accept_renegotiate;/* SSL reneg - requested */int sess_accept_good;    /* SSL accept/reneg - finished */int sess_miss;        /* session lookup misses  */int sess_timeout;    /* reuse attempt on timeouted session */int sess_cache_full;    /* session removed due to full cache */int sess_hit;        /* session reuse actually done */int sess_cb_hit;    /* session-id that was not* in the cache was* passed back via the callback.  This* indicates that the application is* supplying session-id's from other* processes - spooky :-) */} stats;int references;/* if defined, these override the X509_verify_cert() calls */int (*app_verify_callback)(X509_STORE_CTX *, void *);void *app_verify_arg;/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored* ('app_verify_callback' was called with just one argument) *//* Default password callback. */pem_password_cb *default_passwd_callback;/* Default password callback user data. */void *default_passwd_callback_userdata;/* get client cert callback */int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);/* cookie generate callback */int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,unsigned int *cookie_len);/* verify cookie callback */int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,unsigned int cookie_len);CRYPTO_EX_DATA ex_data;const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */const EVP_MD *md5;    /* For SSLv3/TLSv1 'ssl3-md5' */const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */STACK_OF(X509) *extra_certs;STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 *//* Default values used when no per-SSL value is defined follow */void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL *//* what we put in client cert requests */STACK_OF(X509_NAME) *client_CA;/* Default values to use in SSL structures follow (these are copied by SSL_new) */unsigned long options;unsigned long mode;long max_cert_list;struct cert_st /* CERT */ *cert;int read_ahead;/* callback that allows applications to peek at protocol messages */void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);void *msg_callback_arg;int verify_mode;unsigned int sid_ctx_length;unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL *//* Default generate session ID callback. */GEN_SESSION_CB generate_session_id;X509_VERIFY_PARAM *param;#if 0int purpose;        /* Purpose setting */int trust;        /* Trust setting */
#endifint quiet_shutdown;/* Maximum amount of data to send in one fragment.* actual record size can be more than this due to* padding and MAC overheads.*/unsigned int max_send_fragment;#ifndef OPENSSL_ENGINE/* Engine to pass requests for client certs to*/ENGINE *client_cert_engine;
#endif#ifndef OPENSSL_NO_TLSEXT/* TLS extensions servername callback */int (*tlsext_servername_callback)(SSL*, int *, void *);void *tlsext_servername_arg;/* RFC 4507 session ticket keys */unsigned char tlsext_tick_key_name[16];unsigned char tlsext_tick_hmac_key[16];unsigned char tlsext_tick_aes_key[16];/* Callback to support customisation of ticket key setting */int (*tlsext_ticket_key_cb)(SSL *ssl,unsigned char *name, unsigned char *iv,EVP_CIPHER_CTX *ectx,HMAC_CTX *hctx, int enc);/* certificate status request info *//* Callback for status request */int (*tlsext_status_cb)(SSL *ssl, void *arg);void *tlsext_status_arg;/* draft-rescorla-tls-opaque-prf-input-00.txt information */int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);void *tlsext_opaque_prf_input_callback_arg;
#endif#ifndef OPENSSL_NO_PSKchar *psk_identity_hint;unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,unsigned int max_identity_len, unsigned char *psk,unsigned int max_psk_len);unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,unsigned char *psk, unsigned int max_psk_len);
#endif#ifndef OPENSSL_NO_BUF_FREELISTS
#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32unsigned int freelist_max_len;struct ssl3_buf_freelist_st *wbuf_freelist;struct ssl3_buf_freelist_st *rbuf_freelist;
#endif#ifndef OPENSSL_NO_TLSEXT# ifndef OPENSSL_NO_NEXTPROTONEG/* Next protocol negotiation information *//* (for experimental NPN extension). *//* For a server, this contains a callback function by which the set of* advertised protocols can be provided. */int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,unsigned int *len, void *arg);void *next_protos_advertised_cb_arg;/* For a client, this contains a callback function that selects the* next protocol from the list provided by the server. */int (*next_proto_select_cb)(SSL *s, unsigned char **out,unsigned char *outlen,const unsigned char *in,unsigned int inlen,void *arg);void *next_proto_select_cb_arg;
# endif/* SRTP profiles we are willing to do from RFC 5764 */STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
#endif
};

X509_VERIFY_PARAM

头文件：x509_vfy.h

定义

/* This structure hold all parameters associated with a verify operation* by including an X509_VERIFY_PARAM structure in related structures the* parameters used can be customized*/typedef struct X509_VERIFY_PARAM_st
{char *name;time_t check_time;    /* Time to use */unsigned long inh_flags; /* Inheritance flags */unsigned long flags;    /* Various verify flags */int purpose;        /* purpose to check untrusted certificates */int trust;        /* trust setting to check */int depth;        /* Verify depth */STACK_OF(ASN1_OBJECT) *policies;    /* Permissible policies */
} X509_VERIFY_PARAM;

_STACK

头文件：stack.h

定义

typedef struct stack_st
{int num;char **data;int sorted;int num_alloc;int (*comp)(const void *, const void *);
} _STACK;  /* Use STACK_OF(...) instead */

X509_LOOKUP

头文件：x509_vfy.h

定义

typedef struct x509_lookup_st X509_LOOKUP;/* This is the functions plus an instance of the local variables. */
struct x509_lookup_st
{int init;            /* have we been started */int skip;            /* don't use us. */X509_LOOKUP_METHOD *method;    /* the functions */char *method_data;        /* method data */X509_STORE *store_ctx;    /* who owns us */
} /* X509_LOOKUP */;

X509_LOOKUP_METHOD

头文件：x509_vfy.h

定义

/* This is a static that defines the function interface */
typedef struct x509_lookup_method_st
{const char *name;int (*new_item)(X509_LOOKUP *ctx);void (*free)(X509_LOOKUP *ctx);int (*init)(X509_LOOKUP *ctx);int (*shutdown)(X509_LOOKUP *ctx);int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,char **ret);int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,X509_OBJECT *ret);int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,ASN1_INTEGER *serial,X509_OBJECT *ret);int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,unsigned char *bytes,int len,X509_OBJECT *ret);int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,X509_OBJECT *ret);
} X509_LOOKUP_METHOD;

X509

头文件：x509.h

定义

typedef struct x509_st X509;
struct x509_st
{X509_CINF *cert_info;X509_ALGOR *sig_alg;ASN1_BIT_STRING *signature;int valid;int references;char *name;CRYPTO_EX_DATA ex_data;/* These contain copies of various extension values */long ex_pathlen;long ex_pcpathlen;unsigned long ex_flags;unsigned long ex_kusage;unsigned long ex_xkusage;unsigned long ex_nscert;ASN1_OCTET_STRING *skid;AUTHORITY_KEYID *akid;X509_POLICY_CACHE *policy_cache;STACK_OF(DIST_POINT) *crldp;STACK_OF(GENERAL_NAME) *altname;NAME_CONSTRAINTS *nc;
#ifndef OPENSSL_NO_RFC3779STACK_OF(IPAddressFamily) *rfc3779_addr;struct ASIdentifiers_st *rfc3779_asid;
#endif
#ifndef OPENSSL_NO_SHAunsigned char sha1_hash[SHA_DIGEST_LENGTH];
#endifX509_CERT_AUX *aux;
} /* X509 */;

X509_NAME

头文件：x509.h

定义

typedef struct X509_name_st X509_NAME;
struct X509_name_st
{STACK_OF(X509_NAME_ENTRY) *entries;int modified;    /* true if 'bytes' needs to be built */
#ifndef OPENSSL_NO_BUFFERBUF_MEM *bytes;
#elsechar *bytes;
#endif/*    unsigned long hash; Keep the hash around for lookups */unsigned char *canon_enc;int canon_enclen;
} /* X509_NAME */;

X509_CINF

头文件：x509.h

定义

typedef struct x509_cinf_st
{ASN1_INTEGER *version;        /* [ 0 ] default of v1 */ASN1_INTEGER *serialNumber;X509_ALGOR *signature;X509_NAME *issuer;X509_VAL *validity;X509_NAME *subject;X509_PUBKEY *key;ASN1_BIT_STRING *issuerUID;        /* [ 1 ] optional in v2 */ASN1_BIT_STRING *subjectUID;        /* [ 2 ] optional in v2 */STACK_OF(X509_EXTENSION) *extensions;    /* [ 3 ] optional in v3 */ASN1_ENCODING enc;
} X509_CINF;

SSL

头文件：ssl.h

定义

typedef struct ssl_st SSL;
struct ssl_st
{/* protocol version* (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)*/int version;int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */const SSL_METHOD *method; /* SSLv3 *//* There are 2 BIO's even though they are normally both the* same.  This is so data can be read and written to different* handlers */#ifndef OPENSSL_NO_BIOBIO *rbio; /* used by SSL_read */BIO *wbio; /* used by SSL_write */BIO *bbio; /* used during session-id reuse to concatenate* messages */
#elsechar *rbio; /* used by SSL_read */char *wbio; /* used by SSL_write */char *bbio;
#endif/* This holds a variable that indicates what we were doing* when a 0 or -1 is returned.  This is needed for* non-blocking IO so we know what request needs re-doing when* in SSL_accept or SSL_connect */int rwstate;/* true when we are actually in SSL_accept() or SSL_connect() */int in_handshake;int (*handshake_func)(SSL *);/* Imagine that here's a boolean member "init" that is* switched as soon as SSL_set_{accept/connect}_state* is called for the first time, so that "state" and* "handshake_func" are properly initialized.  But as* handshake_func is == 0 until then, we use this* test instead of an "init" member.*/int server;    /* are we the server side? - mostly used by SSL_clear*/int new_session;/* Generate a new session or reuse an old one.* NB: For servers, the 'new' session may actually be a previously* cached session or even the previous session unless* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */int quiet_shutdown;/* don't send shutdown packets */int shutdown;    /* we have shut things down, 0x01 sent, 0x02* for received */int state;    /* where we are */int rstate;    /* where we are when reading */BUF_MEM *init_buf;    /* buffer used during init */void *init_msg;       /* pointer to handshake message body, set by ssl3_get_message() */int init_num;        /* amount read/written */int init_off;        /* amount read/written *//* used internally to point at a raw packet */unsigned char *packet;unsigned int packet_length;struct ssl2_state_st *s2; /* SSLv2 variables */struct ssl3_state_st *s3; /* SSLv3 variables */struct dtls1_state_st *d1; /* DTLSv1 variables */int read_ahead;        /* Read as many input bytes as possible* (for non-blocking reads) *//* callback that allows applications to peek at protocol messages */void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);void *msg_callback_arg;int hit;        /* reusing a previous session */X509_VERIFY_PARAM *param;#if 0int purpose;        /* Purpose setting */int trust;        /* Trust setting */
#endif/* crypto */STACK_OF(SSL_CIPHER) *cipher_list;STACK_OF(SSL_CIPHER) *cipher_list_by_id;/* These are the ones being used, the ones in SSL_SESSION are* the ones to be 'copied' into these ones */int mac_flags;EVP_CIPHER_CTX *enc_read_ctx;        /* cryptographic state */EVP_MD_CTX *read_hash;        /* used for mac generation */
#ifndef OPENSSL_NO_COMPCOMP_CTX *expand;            /* uncompress */
#elsechar *expand;
#endifEVP_CIPHER_CTX *enc_write_ctx;        /* cryptographic state */EVP_MD_CTX *write_hash;        /* used for mac generation */
#ifndef OPENSSL_NO_COMPCOMP_CTX *compress;            /* compression */
#elsechar *compress;
#endif/* session info *//* client cert? *//* This is used to hold the server certificate used */struct cert_st /* CERT */ *cert;/* the session_id_context is used to ensure sessions are only reused* in the appropriate context */unsigned int sid_ctx_length;unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];/* This can also be in the session once a session is established */SSL_SESSION *session;/* Default generate session ID callback. */GEN_SESSION_CB generate_session_id;/* Used in SSL2 and SSL3 */int verify_mode;    /* 0 don't care about verify failure.* 1 fail if verify fails */int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */int error;        /* error bytes to be written */int error_code;        /* actual code */#ifndef OPENSSL_NO_KRB5KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
#endif    /* OPENSSL_NO_KRB5 */#ifndef OPENSSL_NO_PSKunsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,unsigned int max_identity_len, unsigned char *psk,unsigned int max_psk_len);unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,unsigned char *psk, unsigned int max_psk_len);
#endifSSL_CTX *ctx;/* set this flag to 1 and a sleep(1) is put into all SSL_read()* and SSL_write() calls, good for nbio debuging :-) */int debug;/* extra application data */long verify_result;CRYPTO_EX_DATA ex_data;/* for server side, keep the list of CA_dn we can use */STACK_OF(X509_NAME) *client_CA;int references;unsigned long options; /* protocol behaviour */unsigned long mode; /* API behaviour */long max_cert_list;int first_packet;int client_version;    /* what was passed, used for* SSLv3/TLS rollback check */unsigned int max_send_fragment;
#ifndef OPENSSL_NO_TLSEXT/* TLS extension debug callback */void (*tlsext_debug_cb)(SSL *s, int client_server, int type,unsigned char *data, int len,void *arg);void *tlsext_debug_arg;char *tlsext_hostname;int servername_done;   /* no further mod of servername0 : call the servername extension callback.1 : prepare 2, allow last ack just after in server callback.2 : don't call servername callback, no ack in server hello*//* certificate status request info *//* Status type or -1 if no status type */int tlsext_status_type;/* Expect OCSP CertificateStatus message */int tlsext_status_expected;/* OCSP status request only */STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;X509_EXTENSIONS *tlsext_ocsp_exts;/* OCSP response received or to be sent */unsigned char *tlsext_ocsp_resp;int tlsext_ocsp_resplen;/* RFC4507 session ticket expected to be received or sent */int tlsext_ticket_expected;
#ifndef OPENSSL_NO_ECsize_t tlsext_ecpointformatlist_length;unsigned char *tlsext_ecpointformatlist; /* our list */size_t tlsext_ellipticcurvelist_length;unsigned char *tlsext_ellipticcurvelist; /* our list */
#endif /* OPENSSL_NO_EC *//* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */void *tlsext_opaque_prf_input;size_t tlsext_opaque_prf_input_len;/* TLS Session Ticket extension override */TLS_SESSION_TICKET_EXT *tlsext_session_ticket;/* TLS Session Ticket extension callback */tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;void *tls_session_ticket_ext_cb_arg;/* TLS pre-shared secret session resumption */tls_session_secret_cb_fn tls_session_secret_cb;void *tls_session_secret_cb_arg;SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */#ifndef OPENSSL_NO_NEXTPROTONEG/* Next protocol negotiation. For the client, this is the protocol that* we sent in NextProtocol and is set when handling ServerHello* extensions.** For a server, this is the client's selected_protocol from* NextProtocol and is set when handling the NextProtocol message,* before the Finished message. */unsigned char *next_proto_negotiated;unsigned char next_proto_negotiated_len;
#endif#define session_ctx initial_ctxSTACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?0: disabled1: enabled2: enabled, but not allowed to send Requests*/unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
#else
#define session_ctx ctx
#endif /* OPENSSL_NO_TLSEXT */int renegotiate;/* 1 if we are renegotiating.* 2 if we are a server and are inside a handshake* (i.e. not just sending a HelloRequest) */};

转载于:https://www.cnblogs.com/274914765qq/p/4513236.html

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！