diff options
| author | qsr@chromium.org <qsr@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2013-10-22 15:11:50 +0000 |
|---|---|---|
| committer | qsr@chromium.org <qsr@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2013-10-22 15:11:50 +0000 |
| commit | 2e79cadd8265d77aba5a4fbb4a9af1d6a9a2c3af (patch) | |
| tree | ef2cf0826a29737beffca85b8e0e679b9d85f364 /openssl/include | |
| parent | 3b8fc78015d550f737c3da2ee6cc7f32913dfdf8 (diff) | |
| download | openssl-2e79cadd8265d77aba5a4fbb4a9af1d6a9a2c3af.tar.gz | |
Updating Channel ID to allow computing the key when the server supports it.
The previous API of openssl for channel ID forces the client to set the
private key before knowing if the server supports channel ID. This
updates the API so that the client can set the private key after the
handshake started and the server confirmed it supports the protocol.
R=agl@chromium.org, digit@chromium.org
Review URL: https://codereview.chromium.org/28983003
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@230132 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
Diffstat (limited to 'openssl/include')
| -rw-r--r-- | openssl/include/openssl/bio.h | 3 | ||||
| -rw-r--r-- | openssl/include/openssl/ssl.h | 12 |
2 files changed, 11 insertions, 4 deletions
diff --git a/openssl/include/openssl/bio.h b/openssl/include/openssl/bio.h index 05699ab..d05fa22 100644 --- a/openssl/include/openssl/bio.h +++ b/openssl/include/openssl/bio.h @@ -266,6 +266,9 @@ void BIO_clear_flags(BIO *b, int flags); #define BIO_RR_CONNECT 0x02 /* Returned from the accept BIO when an accept would have blocked */ #define BIO_RR_ACCEPT 0x03 +/* Returned from the SSL bio when the channel id retrieval code cannot find the + * private key. */ +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 /* These are passed by the BIO callback */ #define BIO_CB_FREE 0x01 diff --git a/openssl/include/openssl/ssl.h b/openssl/include/openssl/ssl.h index 61b110f..4d893a1 100644 --- a/openssl/include/openssl/ssl.h +++ b/openssl/include/openssl/ssl.h @@ -1104,12 +1104,14 @@ const char *SSL_get_psk_identity(const SSL *s); #define SSL_WRITING 2 #define SSL_READING 3 #define SSL_X509_LOOKUP 4 +#define SSL_CHANNEL_ID_LOOKUP 5 /* These will only be used when doing non-blocking IO */ #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) #define SSL_want_read(s) (SSL_want(s) == SSL_READING) #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) #define SSL_MAC_FLAG_READ_MAC_STREAM 1 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 @@ -1535,6 +1537,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_ERROR_ZERO_RETURN 6 #define SSL_ERROR_WANT_CONNECT 7 #define SSL_ERROR_WANT_ACCEPT 8 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 #define SSL_CTRL_NEED_TMP_RSA 1 #define SSL_CTRL_SET_TMP_RSA 2 @@ -1672,10 +1675,11 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_set_tmp_ecdh(ssl,ecdh) \ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client - * IDs from clients. Returns 1 on success. */ -#define SSL_enable_tls_channel_id(ctx) \ - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS client + * IDs from clients, or configure a client to send TLS client IDs to server. + * Returns 1 on success. */ +#define SSL_enable_tls_channel_id(s) \ + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on * success. */ |