From 83df44ae53c3c3bb1e79785af38ab52bb4f865cb Mon Sep 17 00:00:00 2001 From: Hugo Landau Date: Mon, 8 May 2023 19:52:45 +0100 Subject: QUIC MSST: Rename SSL_set_incoming_stream_reject_policy Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/20765) --- doc/build.info | 12 +-- doc/man3/SSL_accept_stream.pod | 4 +- doc/man3/SSL_attach_stream.pod | 6 +- doc/man3/SSL_set_incoming_stream_policy.pod | 108 +++++++++++++++++++++ doc/man3/SSL_set_incoming_stream_reject_policy.pod | 108 --------------------- include/internal/quic_ssl.h | 4 +- include/openssl/ssl.h.in | 8 +- ssl/quic/quic_impl.c | 43 ++++---- ssl/quic/quic_local.h | 6 +- ssl/ssl_lib.c | 4 +- test/quic_multistream_test.c | 18 ++-- util/libssl.num | 2 +- util/other.syms | 6 +- 13 files changed, 164 insertions(+), 165 deletions(-) create mode 100644 doc/man3/SSL_set_incoming_stream_policy.pod delete mode 100644 doc/man3/SSL_set_incoming_stream_reject_policy.pod diff --git a/doc/build.info b/doc/build.info index a82221a9fa..e501b455b9 100644 --- a/doc/build.info +++ b/doc/build.info @@ -2683,10 +2683,10 @@ DEPEND[html/man3/SSL_set_fd.html]=man3/SSL_set_fd.pod GENERATE[html/man3/SSL_set_fd.html]=man3/SSL_set_fd.pod DEPEND[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod GENERATE[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod -DEPEND[html/man3/SSL_set_incoming_stream_reject_policy.html]=man3/SSL_set_incoming_stream_reject_policy.pod -GENERATE[html/man3/SSL_set_incoming_stream_reject_policy.html]=man3/SSL_set_incoming_stream_reject_policy.pod -DEPEND[man/man3/SSL_set_incoming_stream_reject_policy.3]=man3/SSL_set_incoming_stream_reject_policy.pod -GENERATE[man/man3/SSL_set_incoming_stream_reject_policy.3]=man3/SSL_set_incoming_stream_reject_policy.pod +DEPEND[html/man3/SSL_set_incoming_stream_policy.html]=man3/SSL_set_incoming_stream_policy.pod +GENERATE[html/man3/SSL_set_incoming_stream_policy.html]=man3/SSL_set_incoming_stream_policy.pod +DEPEND[man/man3/SSL_set_incoming_stream_policy.3]=man3/SSL_set_incoming_stream_policy.pod +GENERATE[man/man3/SSL_set_incoming_stream_policy.3]=man3/SSL_set_incoming_stream_policy.pod DEPEND[html/man3/SSL_set_initial_peer_addr.html]=man3/SSL_set_initial_peer_addr.pod GENERATE[html/man3/SSL_set_initial_peer_addr.html]=man3/SSL_set_initial_peer_addr.pod DEPEND[man/man3/SSL_set_initial_peer_addr.3]=man3/SSL_set_initial_peer_addr.pod @@ -3562,7 +3562,7 @@ html/man3/SSL_set_bio.html \ html/man3/SSL_set_blocking_mode.html \ html/man3/SSL_set_connect_state.html \ html/man3/SSL_set_fd.html \ -html/man3/SSL_set_incoming_stream_reject_policy.html \ +html/man3/SSL_set_incoming_stream_policy.html \ html/man3/SSL_set_initial_peer_addr.html \ html/man3/SSL_set_retry_verify.html \ html/man3/SSL_set_session.html \ @@ -4197,7 +4197,7 @@ man/man3/SSL_set_bio.3 \ man/man3/SSL_set_blocking_mode.3 \ man/man3/SSL_set_connect_state.3 \ man/man3/SSL_set_fd.3 \ -man/man3/SSL_set_incoming_stream_reject_policy.3 \ +man/man3/SSL_set_incoming_stream_policy.3 \ man/man3/SSL_set_initial_peer_addr.3 \ man/man3/SSL_set_retry_verify.3 \ man/man3/SSL_set_session.3 \ diff --git a/doc/man3/SSL_accept_stream.pod b/doc/man3/SSL_accept_stream.pod index e72af899b3..d2a0644561 100644 --- a/doc/man3/SSL_accept_stream.pod +++ b/doc/man3/SSL_accept_stream.pod @@ -44,8 +44,8 @@ TODO(QUIC): Revise in MSMT PR to mention threading considerations. =end comment Depending on whether default stream functionality is being used, it may be -necessary to explicitly configure the incoming stream rejection policy before -streams can be accepted; see L. +necessary to explicitly configure the incoming stream policy before streams can +be accepted; see L. =begin comment diff --git a/doc/man3/SSL_attach_stream.pod b/doc/man3/SSL_attach_stream.pod index 298000ac2e..60f6315070 100644 --- a/doc/man3/SSL_attach_stream.pod +++ b/doc/man3/SSL_attach_stream.pod @@ -129,8 +129,8 @@ object if the default stream mode is set to B, or if the QUIC connection SSL object previously had a default stream which was detached using SSL_detach_stream(). -L interacts significantly with the -default stream functionality. +L interacts significantly with the default +stream functionality. =head1 RETURN VALUES @@ -153,7 +153,7 @@ object. =head1 SEE ALSO L, L, L, -L +L =head1 HISTORY diff --git a/doc/man3/SSL_set_incoming_stream_policy.pod b/doc/man3/SSL_set_incoming_stream_policy.pod new file mode 100644 index 0000000000..a89cbcfb94 --- /dev/null +++ b/doc/man3/SSL_set_incoming_stream_policy.pod @@ -0,0 +1,108 @@ +=pod + +=head1 NAME + +SSL_set_incoming_stream_policy, SSL_INCOMING_STREAM_POLICY_AUTO, +SSL_INCOMING_STREAM_POLICY_ACCEPT, +SSL_INCOMING_STREAM_POLICY_REJECT - manage the QUIC incoming stream +rejection policy + +=head1 SYNOPSIS + + #include + + #define SSL_INCOMING_STREAM_POLICY_AUTO + #define SSL_INCOMING_STREAM_POLICY_ACCEPT + #define SSL_INCOMING_STREAM_POLICY_REJECT + + int SSL_set_incoming_stream_policy(SSL *conn, int policy, + uint64_t app_error_code); + +=head1 DESCRIPTION + +SSL_set_incoming_stream_policy() policy changes the incoming stream +rejection policy for a QUIC connection. Depending on the policy configured, +OpenSSL QUIC may automatically reject incoming streams initiated by the peer. +This is intended to ensure that legacy applications using single-stream +operation with a default stream on a QUIC connection SSL object are not passed +remotely-initiated streams by a peer which those applications are not prepared +to handle. + +I is an application error code which will be used in any QUIC +B or B frames generated to implement the rejection +policy. The default application error code is 0. + +The valid values for I are: + +=over 4 + +=item SSL_INCOMING_STREAM_POLICY_AUTO + +This is the default setting. Incoming streams are accepted according to the +following rules: + +=over 4 + +=item * + +An incoming stream is accepted if L has ever been called +on a QUIC connection SSL object, as the application is assumed to be +stream-aware in this case. + +=item * + +Otherwise, if the default stream mode (configured using +L) is set to +B (the default) or +B, the incoming stream is rejected. + +=item * + +Otherwise (where the default stream mode is B), +the application is assumed to be stream aware, and the incoming stream is +accepted. + +=back + +=item SSL_INCOMING_STREAM_POLICY_ACCEPT + +Always accept incoming streams, allowing them to be dequeued using +L. + +=item SSL_INCOMING_STREAM_POLICY_REJECT + +Always reject incoming streams. + +=back + +Where an incoming stream is rejected, it is rejected immediately and it is not +possible to gain access to the stream using L. The stream +is rejected using QUIC B and B frames as +appropriate. + +=head1 RETURN VALUES + +Returns 1 on success and 0 on failure. + +This function fails if called on a QUIC stream SSL object, or on a non-QUIC SSL +object. + +=head1 SEE ALSO + +L, L, +L, L + +=head1 HISTORY + +SSL_set_incoming_stream_policy() was added in OpenSSL 3.2. + +=head1 COPYRIGHT + +Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/SSL_set_incoming_stream_reject_policy.pod b/doc/man3/SSL_set_incoming_stream_reject_policy.pod deleted file mode 100644 index dfc3dffb03..0000000000 --- a/doc/man3/SSL_set_incoming_stream_reject_policy.pod +++ /dev/null @@ -1,108 +0,0 @@ -=pod - -=head1 NAME - -SSL_set_incoming_stream_reject_policy, SSL_INCOMING_STREAM_REJECT_POLICY_AUTO, -SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT, -SSL_INCOMING_STREAM_REJECT_POLICY_REJECT - manage the QUIC incoming stream -rejection policy - -=head1 SYNOPSIS - - #include - - #define SSL_INCOMING_STREAM_REJECT_POLICY_AUTO - #define SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT - #define SSL_INCOMING_STREAM_REJECT_POLICY_REJECT - - int SSL_set_incoming_stream_reject_policy(SSL *conn, int policy, - uint64_t app_error_code); - -=head1 DESCRIPTION - -SSL_set_incoming_stream_reject_policy() policy changes the incoming stream -rejection policy for a QUIC connection. Depending on the policy configured, -OpenSSL QUIC may automatically reject incoming streams initiated by the peer. -This is intended to ensure that legacy applications using single-stream -operation with a default stream on a QUIC connection SSL object are not passed -remotely-initiated streams by a peer which those applications are not prepared -to handle. - -I is an application error code which will be used in any QUIC -B or B frames generated to implement the rejection -policy. The default application error code is 0. - -The valid values for I are: - -=over 4 - -=item SSL_INCOMING_STREAM_REJECT_POLICY_AUTO - -This is the default setting. Incoming streams are accepted according to the -following rules: - -=over 4 - -=item * - -An incoming stream is accepted if L has ever been called -on a QUIC connection SSL object, as the application is assumed to be -stream-aware in this case. - -=item * - -Otherwise, if the default stream mode (configured using -L) is set to -B (the default) or -B, the incoming stream is rejected. - -=item * - -Otherwise (where the default stream mode is B), -the application is assumed to be stream aware, and the incoming stream is -accepted. - -=back - -=item SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT - -Always accept incoming streams, allowing them to be dequeued using -L. - -=item SSL_INCOMING_STREAM_REJECT_POLICY_REJECT - -Always reject incoming streams. - -=back - -Where an incoming stream is rejected, it is rejected immediately and it is not -possible to gain access to the stream using L. The stream -is rejected using QUIC B and B frames as -appropriate. - -=head1 RETURN VALUES - -Returns 1 on success and 0 on failure. - -This function fails if called on a QUIC stream SSL object, or on a non-QUIC SSL -object. - -=head1 SEE ALSO - -L, L, -L, L - -=head1 HISTORY - -SSL_set_incoming_stream_reject_policy() was added in OpenSSL 3.2. - -=head1 COPYRIGHT - -Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/include/internal/quic_ssl.h b/include/internal/quic_ssl.h index 050bfe9d24..054ec30280 100644 --- a/include/internal/quic_ssl.h +++ b/include/internal/quic_ssl.h @@ -72,8 +72,8 @@ __owur uint64_t ossl_quic_get_stream_id(SSL *s); __owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode); __owur SSL *ossl_quic_detach_stream(SSL *s); __owur int ossl_quic_attach_stream(SSL *conn, SSL *stream); -__owur int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy, - uint64_t aec); +__owur int ossl_quic_set_incoming_stream_policy(SSL *s, int policy, + uint64_t aec); __owur SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags); __owur size_t ossl_quic_get_accept_stream_queue_len(SSL *s); diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 7e574f37b7..4d28522bf1 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -2288,10 +2288,10 @@ __owur int SSL_attach_stream(SSL *conn, SSL *stream); #define SSL_STREAM_FLAG_UNI (1U << 0) __owur SSL *SSL_new_stream(SSL *s, uint64_t flags); -#define SSL_INCOMING_STREAM_REJECT_POLICY_AUTO 0 -#define SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT 1 -#define SSL_INCOMING_STREAM_REJECT_POLICY_REJECT 2 -__owur int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec); +#define SSL_INCOMING_STREAM_POLICY_AUTO 0 +#define SSL_INCOMING_STREAM_POLICY_ACCEPT 1 +#define SSL_INCOMING_STREAM_POLICY_REJECT 2 +__owur int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec); #define SSL_ACCEPT_STREAM_NO_BLOCK (1U << 0) __owur SSL *SSL_accept_stream(SSL *s, uint64_t flags); diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 0826a170d4..4706756b26 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -303,8 +303,7 @@ SSL *ossl_quic_new(SSL_CTX *ctx) qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; qc->default_ssl_mode = qc->ssl.ctx->mode; qc->default_blocking = 1; - qc->incoming_stream_reject_policy - = SSL_INCOMING_STREAM_REJECT_POLICY_AUTO; + qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO; qc->last_error = SSL_ERROR_NONE; if (!create_channel(qc)) @@ -2238,39 +2237,39 @@ int ossl_quic_attach_stream(SSL *conn, SSL *stream) } /* - * SSL_set_incoming_stream_reject_policy - * ------------------------------------- + * SSL_set_incoming_stream_policy + * ------------------------------ */ QUIC_NEEDS_LOCK -static int qc_get_effective_incoming_stream_reject_policy(QUIC_CONNECTION *qc) +static int qc_get_effective_incoming_stream_policy(QUIC_CONNECTION *qc) { - switch (qc->incoming_stream_reject_policy) { - case SSL_INCOMING_STREAM_REJECT_POLICY_AUTO: + switch (qc->incoming_stream_policy) { + case SSL_INCOMING_STREAM_POLICY_AUTO: if ((qc->default_xso == NULL && !qc->default_xso_created) || qc->default_stream_mode == SSL_DEFAULT_STREAM_MODE_NONE) - return SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT; + return SSL_INCOMING_STREAM_POLICY_ACCEPT; else - return SSL_INCOMING_STREAM_REJECT_POLICY_REJECT; + return SSL_INCOMING_STREAM_POLICY_REJECT; default: - return qc->incoming_stream_reject_policy; + return qc->incoming_stream_policy; } } QUIC_NEEDS_LOCK static void qc_update_reject_policy(QUIC_CONNECTION *qc) { - int policy = qc_get_effective_incoming_stream_reject_policy(qc); - int enable_reject = (policy == SSL_INCOMING_STREAM_REJECT_POLICY_REJECT); + int policy = qc_get_effective_incoming_stream_policy(qc); + int enable_reject = (policy == SSL_INCOMING_STREAM_POLICY_REJECT); ossl_quic_channel_set_incoming_stream_auto_reject(qc->ch, enable_reject, - qc->incoming_stream_reject_aec); + qc->incoming_stream_aec); } QUIC_TAKES_LOCK -int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy, - uint64_t aec) +int ossl_quic_set_incoming_stream_policy(SSL *s, int policy, + uint64_t aec) { int ret = 1; QCTX ctx; @@ -2281,11 +2280,11 @@ int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy, quic_lock(ctx.qc); switch (policy) { - case SSL_INCOMING_STREAM_REJECT_POLICY_AUTO: - case SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT: - case SSL_INCOMING_STREAM_REJECT_POLICY_REJECT: - ctx.qc->incoming_stream_reject_policy = policy; - ctx.qc->incoming_stream_reject_aec = aec; + case SSL_INCOMING_STREAM_POLICY_AUTO: + case SSL_INCOMING_STREAM_POLICY_ACCEPT: + case SSL_INCOMING_STREAM_POLICY_REJECT: + ctx.qc->incoming_stream_policy = policy; + ctx.qc->incoming_stream_aec = aec; break; default: @@ -2342,8 +2341,8 @@ SSL *ossl_quic_accept_stream(SSL *s, uint64_t flags) quic_lock(ctx.qc); - if (qc_get_effective_incoming_stream_reject_policy(ctx.qc) - == SSL_INCOMING_STREAM_REJECT_POLICY_REJECT) + if (qc_get_effective_incoming_stream_policy(ctx.qc) + == SSL_INCOMING_STREAM_POLICY_REJECT) goto out; qsm = ossl_quic_channel_get_qsm(ctx.qc->ch); diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h index 6e062089f0..a23d039e9c 100644 --- a/ssl/quic/quic_local.h +++ b/ssl/quic/quic_local.h @@ -178,9 +178,9 @@ struct quic_conn_st { /* SSL_set_mode. This is not used directly but inherited by new XSOs. */ uint32_t default_ssl_mode; - /* SSL_set_incoming_stream_reject_policy. */ - int incoming_stream_reject_policy; - uint64_t incoming_stream_reject_aec; + /* SSL_set_incoming_stream_policy. */ + int incoming_stream_policy; + uint64_t incoming_stream_aec; /* * Last 'normal' error during an app-level I/O operation, used by diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f7e3f497b8..4be70ce60f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -7385,13 +7385,13 @@ int SSL_attach_stream(SSL *conn, SSL *stream) #endif } -int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec) +int SSL_set_incoming_stream_policy(SSL *s, int policy, uint64_t aec) { #ifndef OPENSSL_NO_QUIC if (!IS_QUIC(s)) return 0; - return ossl_quic_set_incoming_stream_reject_policy(s, policy, aec); + return ossl_quic_set_incoming_stream_policy(s, policy, aec); #else return 0; #endif diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c index 8cfc56e253..dbfdde0f4c 100644 --- a/test/quic_multistream_test.c +++ b/test/quic_multistream_test.c @@ -70,7 +70,7 @@ struct script_op { #define OPK_C_ACCEPT_STREAM_NONE 17 #define OPK_C_FREE_STREAM 18 #define OPK_C_SET_DEFAULT_STREAM_MODE 19 -#define OPK_C_SET_INCOMING_STREAM_REJECT_POLICY 20 +#define OPK_C_SET_INCOMING_STREAM_POLICY 20 #define OPK_C_SHUTDOWN 21 #define OPK_C_EXPECT_CONN_CLOSE_INFO 22 #define OPK_S_EXPECT_CONN_CLOSE_INFO 23 @@ -137,8 +137,8 @@ struct script_op { {OPK_C_FREE_STREAM, NULL, 0, NULL, #stream_name}, #define OP_C_SET_DEFAULT_STREAM_MODE(mode) \ {OPK_C_SET_DEFAULT_STREAM_MODE, NULL, (mode), NULL, NULL}, -#define OP_C_SET_INCOMING_STREAM_REJECT_POLICY(policy) \ - {OPK_C_SET_INCOMING_STREAM_REJECT_POLICY, NULL, (policy), NULL, NULL}, +#define OP_C_SET_INCOMING_STREAM_POLICY(policy) \ + {OPK_C_SET_INCOMING_STREAM_POLICY, NULL, (policy), NULL, NULL}, #define OP_C_SHUTDOWN() \ {OPK_C_SHUTDOWN, NULL, 0, NULL, NULL}, #define OP_C_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \ @@ -833,13 +833,13 @@ static int run_script(const struct script_op *script, int free_order) } break; - case OPK_C_SET_INCOMING_STREAM_REJECT_POLICY: + case OPK_C_SET_INCOMING_STREAM_POLICY: { if (!TEST_ptr(c_tgt)) goto out; - if (!TEST_true(SSL_set_incoming_stream_reject_policy(c_tgt, - op->arg1, 0))) + if (!TEST_true(SSL_set_incoming_stream_policy(c_tgt, + op->arg1, 0))) goto out; } break; @@ -996,7 +996,7 @@ static const struct script_op script_1[] = { static const struct script_op script_2[] = { OP_C_SET_ALPN ("ossltest") OP_C_CONNECT_WAIT () - OP_C_SET_INCOMING_STREAM_REJECT_POLICY(SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT) + OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT) OP_C_WRITE (DEFAULT, "apple", 5) OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) OP_S_READ_EXPECT (a, "apple", 5) @@ -1055,14 +1055,14 @@ static const struct script_op script_2[] = { OP_C_EXPECT_FIN (f) OP_C_WRITE_FAIL (f) - OP_C_SET_INCOMING_STREAM_REJECT_POLICY(SSL_INCOMING_STREAM_REJECT_POLICY_REJECT) + OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_REJECT) OP_S_NEW_STREAM_BIDI (g, S_BIDI_ID(2)) OP_S_WRITE (g, "unseen", 6) OP_S_CONCLUDE (g) OP_C_ACCEPT_STREAM_NONE () - OP_C_SET_INCOMING_STREAM_REJECT_POLICY(SSL_INCOMING_STREAM_REJECT_POLICY_AUTO) + OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_AUTO) OP_S_NEW_STREAM_BIDI (h, S_BIDI_ID(3)) OP_S_WRITE (h, "UNSEEN", 6) OP_S_CONCLUDE (h) diff --git a/util/libssl.num b/util/libssl.num index 457e75f801..b850045694 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -568,7 +568,6 @@ SSL_get_stream_id ? 3_2_0 EXIST::FUNCTION: SSL_set_default_stream_mode ? 3_2_0 EXIST::FUNCTION: SSL_detach_stream ? 3_2_0 EXIST::FUNCTION: SSL_attach_stream ? 3_2_0 EXIST::FUNCTION: -SSL_set_incoming_stream_reject_policy ? 3_2_0 EXIST::FUNCTION: SSL_accept_stream ? 3_2_0 EXIST::FUNCTION: SSL_get_accept_stream_queue_len ? 3_2_0 EXIST::FUNCTION: SSL_stream_reset ? 3_2_0 EXIST::FUNCTION: @@ -577,3 +576,4 @@ SSL_get_stream_write_state ? 3_2_0 EXIST::FUNCTION: SSL_get_stream_read_error_code ? 3_2_0 EXIST::FUNCTION: SSL_get_stream_write_error_code ? 3_2_0 EXIST::FUNCTION: SSL_get_conn_close_info ? 3_2_0 EXIST::FUNCTION: +SSL_set_incoming_stream_policy ? 3_2_0 EXIST::FUNCTION: diff --git a/util/other.syms b/util/other.syms index cecfe4d742..11393fe7ec 100644 --- a/util/other.syms +++ b/util/other.syms @@ -662,9 +662,9 @@ SSL_ACCEPT_STREAM_NO_BLOCK define SSL_DEFAULT_STREAM_MODE_AUTO_BIDI define SSL_DEFAULT_STREAM_MODE_AUTO_UNI define SSL_DEFAULT_STREAM_MODE_NONE define -SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT define -SSL_INCOMING_STREAM_REJECT_POLICY_AUTO define -SSL_INCOMING_STREAM_REJECT_POLICY_REJECT define +SSL_INCOMING_STREAM_POLICY_ACCEPT define +SSL_INCOMING_STREAM_POLICY_AUTO define +SSL_INCOMING_STREAM_POLICY_REJECT define TLS_DEFAULT_CIPHERSUITES define deprecated 3.0.0 X509_CRL_http_nbio define deprecated 3.0.0 X509_http_nbio define deprecated 3.0.0 -- cgit v1.2.1