From 919ba009429b3617e975933f37a23be996a33b8d Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Tue, 29 Dec 2015 13:28:28 -0500 Subject: DANE support structures, constructructors and accessors Also tweak some of the code in demos/bio, to enable interactive testing of BIO_s_accept's use of SSL_dup. Changed the sconnect client to authenticate the server, which now exercises the new SSL_set1_host() function. Reviewed-by: Richard Levitte --- ssl/ssl_locl.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'ssl/ssl_locl.h') diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 7e07297f2f..fee7fa6f15 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -169,6 +169,7 @@ #include "record/record.h" #include "statem/statem.h" #include "packet_locl.h" +#include "internal/dane.h" # ifdef OPENSSL_BUILD_SHLIBSSL # undef OPENSSL_EXTERN @@ -925,6 +926,9 @@ struct ssl_ctx_st { unsigned char *alpn_client_proto_list; unsigned alpn_client_proto_list_len; + /* Shared DANE context */ + struct dane_ctx_st dane; + /* SRTP profiles we are willing to do from RFC 5764 */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* @@ -1007,6 +1011,10 @@ struct ssl_st { void *msg_callback_arg; int hit; /* reusing a previous session */ X509_VERIFY_PARAM *param; + + /* Per connection DANE state */ + struct dane_st dane; + /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; -- cgit v1.2.3