diff options
Diffstat (limited to 'src/ssl/internal.h')
-rw-r--r-- | src/ssl/internal.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/ssl/internal.h b/src/ssl/internal.h index 931ac827..b9c3998f 100644 --- a/src/ssl/internal.h +++ b/src/ssl/internal.h @@ -1249,6 +1249,8 @@ struct SSL_HANDSHAKE { unsigned received_hello_retry_request:1; + unsigned received_custom_extension:1; + /* accept_psk_mode stores whether the client's PSK mode is compatible with our * preferences. */ unsigned accept_psk_mode:1; @@ -1334,6 +1336,11 @@ int tls13_handshake(SSL_HANDSHAKE *hs, int *out_early_return); enum ssl_hs_wait_t tls13_client_handshake(SSL_HANDSHAKE *hs); enum ssl_hs_wait_t tls13_server_handshake(SSL_HANDSHAKE *hs); +/* The following functions return human-readable representations of the TLS 1.3 + * handshake states for debugging. */ +const char *tls13_client_handshake_state(SSL_HANDSHAKE *hs); +const char *tls13_server_handshake_state(SSL_HANDSHAKE *hs); + /* tls13_post_handshake processes a post-handshake message. It returns one on * success and zero on failure. */ int tls13_post_handshake(SSL *ssl, const SSLMessage &msg); @@ -1824,6 +1831,11 @@ struct DTLS1_STATE { * |add_change_cipher_spec| will start a new flight. */ bool outgoing_messages_complete:1; + /* flight_has_reply is true if the current outgoing flight is complete and has + * processed at least one message. This is used to detect whether we or the + * peer sent the final flight. */ + bool flight_has_reply:1; + uint8_t cookie[DTLS1_COOKIE_LENGTH]; size_t cookie_len; @@ -2064,6 +2076,7 @@ int ssl_compare_public_and_private_key(const EVP_PKEY *pubkey, int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey); int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server); int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session); +int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx); /* ssl_session_new returns a newly-allocated blank |SSL_SESSION| or nullptr on * error. */ @@ -2326,6 +2339,8 @@ int ssl_can_write(const SSL *ssl); int ssl_can_read(const SSL *ssl); void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock); +void ssl_ctx_get_current_time(const SSL_CTX *ctx, + struct OPENSSL_timeval *out_clock); /* ssl_reset_error_state resets state for |SSL_get_error|. */ void ssl_reset_error_state(SSL *ssl); |