diff options
author | Matt Caswell <matt@openssl.org> | 2017-04-04 11:40:02 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-04-07 13:41:04 +0100 |
commit | fe874d27d33faa527b5e945137787bf6b0f5c253 (patch) | |
tree | d4b83d5b142bc6120c2e5c850ff16dac70d5ba8b /include | |
parent | b443c845942289c831fe867ced1ef11574514385 (diff) |
Move the extensions context codes into the public API
This move prepares for the later addition of the new custom extensions
API. The context codes have an additional "SSL_" added to their name to
ensure we don't have name clashes with other applications.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 5ebd9979eb..8e2d934fde 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -250,6 +250,29 @@ typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg); +/* Extension context codes */ +/* This extension is only allowed in TLS */ +#define SSL_EXT_TLS_ONLY 0x0001 +/* This extension is only allowed in DTLS */ +#define SSL_EXT_DTLS_ONLY 0x0002 +/* Some extensions may be allowed in DTLS but we don't implement them for it */ +#define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 +/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ +#define SSL_EXT_SSL3_ALLOWED 0x0008 +/* Extension is only defined for TLS1.2 and above */ +#define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 +/* Extension is only defined for TLS1.3 and above */ +#define SSL_EXT_TLS1_3_ONLY 0x0020 +#define SSL_EXT_CLIENT_HELLO 0x0040 +/* Really means TLS1.2 or below */ +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0080 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0200 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0400 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x0800 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x1000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x2000 + /* Typedefs for handling custom extensions */ typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type, |