Support ALPN.

This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. Cherry-picked from 6f017a8f9db3a79f3a3406cf8d493ccd346db691. [1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
author: Adam Langley <agl@chromium.org> 2013-04-15 18:07:47 -0400
committer: Adam Langley <agl@chromium.org> 2013-09-13 11:27:22 -0400
commit: b0d6f3c58fc86756574b410cb6a32589477d3954 (patch)
tree: 2a7d1dec7ff22974b355b4ffebfbf6fdaeea1a3b /ssl/ssl.h
parent: 033864842607895730d97baf4103da24f1207762 (diff)
1 files changed, 45 insertions, 0 deletions
diff --git a/ssl/ssl.h b/ssl/ssl.h
index bd2b576308..700e2c3e02 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1097,6 +1097,31 @@ struct ssl_ctx_st
 				    void *arg);
 	void *next_proto_select_cb_arg;
 # endif
+
+	/* ALPN information
+	 * (we are in the process of transitioning from NPN to ALPN.) */
+
+	/* For a server, this contains a callback function that allows the
+	 * server to select the protocol for the connection.
+	 *   out: on successful return, this must point to the raw protocol
+	 *        name (without the length prefix).
+	 *   outlen: on successful return, this contains the length of |*out|.
+	 *   in: points to the client's list of supported protocols in
+	 *       wire-format.
+	 *   inlen: the length of |in|. */
+	int (*alpn_select_cb)(SSL *s,
+			      const unsigned char **out,
+			      unsigned char *outlen,
+			      const unsigned char* in,
+			      unsigned int inlen,
+			      void *arg);
+	void *alpn_select_cb_arg;
+
+	/* For a client, this contains the list of supported protocols in wire
+	 * format. */
+	unsigned char* alpn_client_proto_list;
+	unsigned alpn_client_proto_list_len;
+
         /* SRTP profiles we are willing to do from RFC 5764 */
 	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
 # ifndef OPENSSL_NO_EC
@@ -1195,6 +1220,21 @@ void SSL_get0_next_proto_negotiated(const SSL *s,
 #define OPENSSL_NPN_NO_OVERLAP	2
 #endif
 
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
+			    unsigned protos_len);
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
+			unsigned protos_len);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
+				int (*cb) (SSL *ssl,
+					   const unsigned char **out,
+					   unsigned char *outlen,
+					   const unsigned char *in,
+					   unsigned int inlen,
+					   void *arg),
+				void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+			    unsigned *len);
+
 #ifndef OPENSSL_NO_PSK
 /* the maximum length of the buffer given to callbacks containing the
  * resulting identity/psk */
@@ -1501,6 +1541,11 @@ struct ssl_st
 	                                 */
 	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
 	unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
+
+	/* For a client, this contains the list of supported protocols in wire
+	 * format. */
+	unsigned char* alpn_client_proto_list;
+	unsigned alpn_client_proto_list_len;
 #else
 #define session_ctx ctx
 #endif /* OPENSSL_NO_TLSEXT */
author	Adam Langley <agl@chromium.org>	2013-04-15 18:07:47 -0400
committer	Adam Langley <agl@chromium.org>	2013-09-13 11:27:22 -0400
commit	b0d6f3c58fc86756574b410cb6a32589477d3954 (patch)
tree	2a7d1dec7ff22974b355b4ffebfbf6fdaeea1a3b /ssl/ssl.h
parent	033864842607895730d97baf4103da24f1207762 (diff)