Move the extensions context codes into the public API

This move prepares for the later addition of the new custom extensions API. The context codes have an additional "SSL_" added to their name to ensure we don't have name clashes with other applications. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3139)
author: Matt Caswell <matt@openssl.org> 2017-04-04 11:40:02 +0100
committer: Matt Caswell <matt@openssl.org> 2017-04-07 13:41:04 +0100
commit: fe874d27d33faa527b5e945137787bf6b0f5c253 (patch)
tree: d4b83d5b142bc6120c2e5c850ff16dac70d5ba8b /include
parent: b443c845942289c831fe867ced1ef11574514385 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 5ebd9979eb..8e2d934fde 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -250,6 +250,29 @@ typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret,
                                          STACK_OF(SSL_CIPHER) *peer_ciphers,
                                          const SSL_CIPHER **cipher, void *arg);
 
+/* Extension context codes */
+/* This extension is only allowed in TLS */
+#define SSL_EXT_TLS_ONLY                        0x0001
+/* This extension is only allowed in DTLS */
+#define SSL_EXT_DTLS_ONLY                       0x0002
+/* Some extensions may be allowed in DTLS but we don't implement them for it */
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
+#define SSL_EXT_SSL3_ALLOWED                    0x0008
+/* Extension is only defined for TLS1.2 and above */
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+/* Extension is only defined for TLS1.3 and above */
+#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_CLIENT_HELLO                    0x0040
+/* Really means TLS1.2 or below */
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0080
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0100
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0200
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0400
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x0800
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x1000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x2000
+
 /* Typedefs for handling custom extensions */
 
 typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type,
author	Matt Caswell <matt@openssl.org>	2017-04-04 11:40:02 +0100
committer	Matt Caswell <matt@openssl.org>	2017-04-07 13:41:04 +0100
commit	fe874d27d33faa527b5e945137787bf6b0f5c253 (patch)
tree	d4b83d5b142bc6120c2e5c850ff16dac70d5ba8b /include
parent	b443c845942289c831fe867ced1ef11574514385 (diff)