diff options
| author | Scott Deboy <sdeboy@secondstryke.com> | 2013-06-18 14:34:38 -0700 |
|---|---|---|
| committer | Scott Deboy <sdeboy@secondstryke.com> | 2014-02-08 16:12:15 -0800 |
| commit | 038bec784e528ce273169f178c35991fbc3bea92 (patch) | |
| tree | be8a71c2c534db29ea7ee31f1207be9b976b0698 /ssl/tls1.h | |
| parent | f407eec799f1f5d271b809875f016f680935567b (diff) | |
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
(cherry picked from commit 36086186a9b90cdad0d2cd0a598a10f03f8f4bcc)
Conflicts:
Configure
apps/s_client.c
apps/s_server.c
ssl/ssl.h
ssl/ssl3.h
ssl/ssltest.c
Diffstat (limited to 'ssl/tls1.h')
| -rw-r--r-- | ssl/tls1.h | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/ssl/tls1.h b/ssl/tls1.h index b1b85bf632..92092f4e01 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -299,9 +299,12 @@ extern "C" { /* From RFC 5878 */ #define TLSEXT_SUPPLEMENTALDATATYPE_authz_data 16386 + /* This is not IANA assigned. See - * https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#authorization-data-rules */ -#define TLSEXT_AUTHZDATAFORMAT_audit_proof 182 + * https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#authorization-data-rules + * http://tools.ietf.org/id/draft-dthakore-tls-authz-01.txt + */ +#define TLSEXT_AUTHZDATAFORMAT_dtcp 225 #define TLSEXT_MAXLEN_supplemental_data 1024*16 /* Let's limit to 16k */ @@ -390,13 +393,6 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) -/* Used by clients to process audit proofs. */ -#define SSL_CTX_set_tlsext_authz_server_audit_proof_cb(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB,(void (*)(void))cb) - -#define SSL_CTX_set_tlsext_authz_server_audit_proof_cb_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_AUTHZ_SERVER_AUDIT_PROOF_CB_ARG, 0, arg); - #ifndef OPENSSL_NO_HEARTBEATS #define SSL_TLSEXT_HB_ENABLED 0x01 #define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 |