diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 45 |
1 files changed, 36 insertions, 9 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 8e2d934fde..8dbfe91f63 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -259,19 +259,21 @@ typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, #define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ #define SSL_EXT_SSL3_ALLOWED 0x0008 -/* Extension is only defined for TLS1.2 and above */ +/* Extension is only defined for TLS1.2 and below */ #define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 /* Extension is only defined for TLS1.3 and above */ #define SSL_EXT_TLS1_3_ONLY 0x0020 -#define SSL_EXT_CLIENT_HELLO 0x0040 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 /* Really means TLS1.2 or below */ -#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0080 -#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0100 -#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0200 -#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0400 -#define SSL_EXT_TLS1_3_CERTIFICATE 0x0800 -#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x1000 -#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x2000 +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 /* Typedefs for handling custom extensions */ @@ -286,6 +288,23 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg); + +typedef int (*custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, size_t chainidx, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, size_t chainidx, + int *al, void *parse_arg); + /* Typedef for verification callback */ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); @@ -779,6 +798,14 @@ __owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, custom_ext_parse_cb parse_cb, void *parse_arg); +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + custom_ext_add_cb_ex add_cb, + custom_ext_free_cb_ex free_cb, + void *add_arg, + custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + __owur int SSL_extension_supported(unsigned int ext_type); # define SSL_NOTHING 1 |