Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssl / ee53ab1212ec75db6e1704a6909c45c93dd411c3^! / . / ssl / ssl.h
commitee53ab1212ec75db6e1704a6909c45c93dd411c3[log] [tgz]
authorKenny Root <kroot@google.com>Mon Jun 24 12:07:13 2013 -0700
committerKenny Root <kroot@google.com>Wed Jun 26 08:49:15 2013 -0700
treea56046f94a7cf3e0ba40fbf889038e287f4990c7
parent9296b4bb0e04a10b561da2996d3c9575872f1fa4 [diff] [blame]
Add ALPN support patch

This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.

[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00

Patch from Adam Langley <agl@chromium.org>

Change-Id: I556b1ee877f398ae8b7f1d4abbaddc44611e5f51

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 61b110f..dac9c3e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h

@@ -979,6 +979,31 @@
 				    void *arg);
 	void *next_proto_select_cb_arg;
 # endif
+
+	/* ALPN information
+	 * (we are in the process of transitioning from NPN to ALPN.) */
+
+	/* For a server, this contains a callback function that allows the
+	 * server to select the protocol for the connection.
+	 *   out: on successful return, this must point to the raw protocol
+	 *        name (without the length prefix).
+	 *   outlen: on successful return, this contains the length of |*out|.
+	 *   in: points to the client's list of supported protocols in
+	 *       wire-format.
+	 *   inlen: the length of |in|. */
+	int (*alpn_select_cb)(SSL *s,
+			      const unsigned char **out,
+			      unsigned char *outlen,
+			      const unsigned char* in,
+			      unsigned int inlen,
+			      void *arg);
+	void *alpn_select_cb_arg;
+
+	/* For a client, this contains the list of supported protocols in wire
+	 * format. */
+	unsigned char* alpn_client_proto_list;
+	unsigned alpn_client_proto_list_len;
+
         /* SRTP profiles we are willing to do from RFC 5764 */
         STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
 
@@ -1075,6 +1100,21 @@
 #define OPENSSL_NPN_NO_OVERLAP	2
 #endif
 
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
+			    unsigned protos_len);
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
+			unsigned protos_len);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
+				int (*cb) (SSL *ssl,
+					   const unsigned char **out,
+					   unsigned char *outlen,
+					   const unsigned char *in,
+					   unsigned int inlen,
+					   void *arg),
+				void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+			    unsigned *len);
+
 #ifndef OPENSSL_NO_PSK
 /* the maximum length of the buffer given to callbacks containing the
  * resulting identity/psk */
@@ -1365,6 +1405,11 @@
 	char tlsext_channel_id_enabled;
 	/* The client's Channel ID private key. */
 	EVP_PKEY *tlsext_channel_id_private;
+
+	/* For a client, this contains the list of supported protocols in wire
+	 * format. */
+	unsigned char* alpn_client_proto_list;
+	unsigned alpn_client_proto_list_len;
 #else
 #define session_ctx ctx
 #endif /* OPENSSL_NO_TLSEXT */