1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
/*
C K _ S S L . H -- OpenSSL Interface Header for C-Kermit
Copyright (C) 1985, 2020,
Trustees of Columbia University in the City of New York.
All rights reserved. See the C-Kermit COPYING.TXT file or the
copyright text in the ckcmai.c module for disclaimer and permissions.
Authors: Jeffrey E Altman (jaltman@secure-endpoints.com)
Secure Endpoints Inc., New York City
David Goodwin, New Zealand
SMS
Last update: Tue Nov 15 15:09:05 2022
*/
#ifdef CK_SSL
#ifndef CK_ANSIC
#define NOPROTO
#endif /* CK_ANSIC */
#ifdef COMMENT /* Not for C-Kermit 7.1 */
#ifdef KRB5
#ifndef NOSSLK5
#ifndef SSL_KRB5
#define SSL_KRB5
#endif /* SSL_KRB5 */
#endif /* NOSSLK5 */
#endif /* KRB5 */
#endif /* COMMENT */
#ifdef OS2
#ifndef ZLIB
#define ZLIB
#endif /* ZLIB */
#endif /* OS2 */
#ifdef ZLIB
#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
#endif /* OPENSSL_NO_COMP */
#endif /* ZLIB */
/* We place the following to avoid loading openssl/mdc2.h since it
* relies on the OpenSSL des.h. Since we do not need the MDC2
* definitions there is no reason to have it included by openssl/evp.h
*/
#define OPENSSL_NO_MDC2
#ifdef OPENSSL_300 /* sms 15 November 2022 */
#ifndef OPENSSL_100
#define OPENSSL_100
#endif /* OPENSSL_100 */
#endif /* def OPENSSL_300 */
#ifdef OPENSSL_100
#ifndef OPENSSL_098 /* sms 15 November 2022 */
#define OPENSSL_098
#endif /* OPENSSL_098 */
/* Different major/minor version or development version of OpenSSL
* means ABI may break compatibility.
* Modified by Adam Friedlander for OpenSSL >= 1.0.0
* (See <openssl/opensslv.h> for OpenSSL version encoding details.)
*/
#define COMPAT_VERSION_MASK 0xfff0000f /* MNNffppS, major+minor+status */
#else
/* Different major/minor/fix/development (not patch) version of OpenSSL
* means ABI may break compatibility. */
#define COMPAT_VERSION_MASK 0xfffff00f /* MNNFFppS, major+minor+fix+status */
#endif /* OPENSSL_100 */
#ifdef OPENSSL_098
#ifndef OPENSSL_097 /* sms 15 November 2022 */
#define OPENSSL_097
#endif /* OPENSSL_097 */
#endif /* OPENSSL_098 */
#ifdef CK_DES
#include <openssl/des.h>
#endif /* CK_DES */
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
#include <openssl/rand.h>
#include <openssl/x509_vfy.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/bn.h>
#include <openssl/blowfish.h>
#include <openssl/dh.h>
#include <openssl/rc4.h>
#include <openssl/cast.h>
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#ifdef SSL_KRB5
#include <openssl/kssl.h>
#endif /* SSL_KRB5 */
extern BIO *bio_err;
extern SSL *ssl_con;
extern SSL_CTX *ssl_ctx;
extern int ssl_debug_flag;
extern int ssl_only_flag;
extern int ssl_active_flag;
extern int ssl_verify_flag;
extern int ssl_verbose_flag;
extern int ssl_certsok_flag;
extern int ssl_dummy_flag;
extern int ssl_verify_depth;
extern char *ssl_rsa_cert_file;
extern char *ssl_rsa_cert_chain_file;
extern char *ssl_rsa_key_file;
extern char *ssl_dsa_cert_file;
extern char *ssl_dsa_cert_chain_file;
extern char *ssl_dh_key_file;
extern char *ssl_cipher_list;
extern char *ssl_crl_file;
extern char *ssl_crl_dir;
extern char *ssl_verify_file;
extern char *ssl_verify_dir;
extern char *ssl_dh_param_file;
extern char *ssl_rnd_file;
extern SSL_CTX *tls_ctx;
extern SSL *tls_con;
extern int tls_only_flag;
extern int tls_active_flag;
extern int x509_cert_valid;
extern X509_STORE *crl_store;
extern int ssl_raw_flag;
extern int tls_raw_flag;
#ifndef NOHTTP
extern SSL_CTX *tls_http_ctx;
extern SSL *tls_http_con;
extern int tls_http_active_flag;
#endif /* NOHTTP */
extern int ssl_initialized;
_PROTOTYP(VOID ssl_once_init,(void));
_PROTOTYP(int ssl_tn_init,(int));
_PROTOTYP(int ssl_http_init,(char *));
_PROTOTYP(int ck_ssl_http_client,(int,char *));
_PROTOTYP(int ssl_display_connect_details,(SSL *,int,int));
_PROTOTYP(int ssl_server_verify_callback,(int, X509_STORE_CTX *));
_PROTOTYP(int ssl_client_verify_callback,(int, X509_STORE_CTX *));
_PROTOTYP(int ssl_reply,(int, unsigned char *, int));
_PROTOTYP(int ssl_is,(unsigned char *, int));
_PROTOTYP(int ck_ssl_incoming,(int));
_PROTOTYP(int ck_ssl_outgoing,(int));
_PROTOTYP(int tls_is_user_valid,(SSL *, const char *));
_PROTOTYP(char * ssl_get_dnsName,(SSL *));
_PROTOTYP(char * ssl_get_commonName,(SSL *));
_PROTOTYP(char * ssl_get_issuer_name,(SSL *));
_PROTOTYP(char * ssl_get_subject_name,(SSL *));
_PROTOTYP(int ssl_get_client_finished,(char *, int));
_PROTOTYP(int ssl_get_server_finished,(char *, int));
_PROTOTYP(int ssl_passwd_callback,(char *, int, int, VOID *));
_PROTOTYP(VOID ssl_client_info_callback,(const SSL *,int, int));
_PROTOTYP(int ssl_anonymous_cipher,(SSL * ssl));
_PROTOTYP(int tls_load_certs,(SSL_CTX * ctx, SSL * con, int server));
_PROTOTYP(int ssl_verify_crl,(int, X509_STORE_CTX *));
_PROTOTYP(int tls_is_krb5,(int));
_PROTOTYP(int X509_userok,(X509 *,const char *));
_PROTOTYP(int ck_X509_save_cert_to_user_store,(X509 *));
/* SMS 2007/02/15 */
_PROTOTYP(int ssl_check_server_name,(SSL * ssl, char * hostname));
#ifdef COMMENT
/* [jt] 2013/11/21 - Kermit 95 is no longer a special case */
#ifdef OS2
#include "ckosslc.h"
#include "ckossl.h"
#endif /* OS2 */
#endif /* COMMENT */
#define SSL_CLIENT 0
#define SSL_SERVER 1
#define SSL_HTTP 2
#define SSL_ERR_BFSZ 4096
#ifdef SSL_KRB5
#define DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:+KRB5:+ADH:+EXP"
#else
#define DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:+ADH:+EXP"
#endif /* SSL_KRB5 */
#endif /* CK_SSL */
|
