1 files changed, 36 insertions, 9 deletions

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 8e2d934fde..8dbfe91f63 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -259,19 +259,21 @@ typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret,
 #define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
 #define SSL_EXT_SSL3_ALLOWED                    0x0008
-/* Extension is only defined for TLS1.2 and above */
+/* Extension is only defined for TLS1.2 and below */
 #define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
 /* Extension is only defined for TLS1.3 and above */
 #define SSL_EXT_TLS1_3_ONLY                     0x0020
-#define SSL_EXT_CLIENT_HELLO                    0x0040
+/* Ignore this extension during parsing if we are resuming */
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
+#define SSL_EXT_CLIENT_HELLO                    0x0080
 /* Really means TLS1.2 or below */
-#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0080
-#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0100
-#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0200
-#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0400
-#define SSL_EXT_TLS1_3_CERTIFICATE              0x0800
-#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x1000
-#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x2000
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
 
 /* Typedefs for handling custom extensions */
 
@@ -286,6 +288,23 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
                                     const unsigned char *in,
                                     size_t inlen, int *al, void *parse_arg);
 
+
+typedef int (*custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type,
+                                     unsigned int context,
+                                     const unsigned char **out,
+                                     size_t *outlen, X509 *x, size_t chainidx,
+                                     int *al, void *add_arg);
+
+typedef void (*custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type,
+                                       unsigned int context,
+                                       const unsigned char *out, void *add_arg);
+
+typedef int (*custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type,
+                                       unsigned int context,
+                                       const unsigned char *in,
+                                       size_t inlen, X509 *x, size_t chainidx,
+                                       int *al, void *parse_arg);
+
 /* Typedef for verification callback */
 typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
 
@@ -779,6 +798,14 @@ __owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
                                   custom_ext_parse_cb parse_cb,
                                   void *parse_arg);
 
+__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  unsigned int context,
+                                  custom_ext_add_cb_ex add_cb,
+                                  custom_ext_free_cb_ex free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb_ex parse_cb,
+                                  void *parse_arg);
+
 __owur int SSL_extension_supported(unsigned int ext_type);
 
 # define SSL_NOTHING            1