Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssl / 45bcfbcc39acc2213abd00ebcc794dcc40be39f7^! / . / ssl / ssl3.h
commit45bcfbcc39acc2213abd00ebcc794dcc40be39f7[log] [tgz]
authorAdam Langley <agl@chromium.org>Wed Jan 16 13:43:53 2013 -0800
committerAlex Klyubin <klyubin@google.com>Wed Jan 16 13:43:53 2013 -0800
treec4973f34eb60dd31920faf903d8b1bad77a2db73
parentd37ef7804404d42f9a09c283726adde5c8ba0d27 [diff] [blame]
Add support for the TLS Channel ID extension.

See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.

Change-Id: Id5b9799f96c0f7a1ef5ed8db9e40111a700d091f

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index fb08e72..3f2103e 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h

@@ -549,6 +549,17 @@
 	/* Set if we saw the Next Protocol Negotiation extension from our peer. */
 	int next_proto_neg_seen;
 #endif
+
+	/* In a client, this means that the server supported Channel ID and that
+	 * a Channel ID was sent. In a server it means that we echoed support
+	 * for Channel IDs and that tlsext_channel_id will be valid after the
+	 * handshake. */
+	char tlsext_channel_id_valid;
+	/* For a server:
+	 *     If |tlsext_channel_id_valid| is true, then this contains the
+	 *     verified Channel ID from the client: a P256 point, (x,y), where
+	 *     each are big-endian values. */
+	unsigned char tlsext_channel_id[64];
 	} SSL3_STATE;
 
 #endif
@@ -591,6 +602,8 @@
 #define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_A		(0x200|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_B		(0x201|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANNEL_ID_A		(0x210|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANNEL_ID_B		(0x211|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
 /* read from server */
@@ -640,8 +653,11 @@
 #define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_POST_CLIENT_CERT	(0x1BF|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_NEXT_PROTO_A		(0x210|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_NEXT_PROTO_B		(0x211|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANNEL_ID_A		(0x220|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANNEL_ID_B		(0x221|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
 /* write to client */
@@ -667,6 +683,7 @@
 #define SSL3_MT_FINISHED			20
 #define SSL3_MT_CERTIFICATE_STATUS		22
 #define SSL3_MT_NEXT_PROTO			67
+#define SSL3_MT_ENCRYPTED_EXTENSIONS		203
 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3