extern "C" {
#endif
+/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+#define SSL3_CK_SCSV 0x030000FF
+
#define SSL3_CK_RSA_NULL_MD5 0x03000001
#define SSL3_CK_RSA_NULL_SHA 0x03000002
#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
#define SSL3_FLAGS_POP_BUFFER 0x0004
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
+#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
typedef struct ssl3_state_st
{
void *server_opaque_prf_input;
size_t server_opaque_prf_input_len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ /* Set if we saw the Next Protocol Negotiation extension from
+ our peer. */
+ int next_proto_neg_seen;
+#endif
+
struct {
/* actually only needs to be 16+20 */
unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
int cert_request;
} tmp;
+ /* Connection binding to prevent renegotiation attacks */
+ unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+ unsigned char previous_client_finished_len;
+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+ unsigned char previous_server_finished_len;
+ int send_connection_binding; /* TODOEKR */
} SSL3_STATE;
#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
+#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
+#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
+#endif
#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
/* read from server */
#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
+#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
+#endif
#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
/* write to client */
#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
#define SSL3_MT_FINISHED 20
#define SSL3_MT_CERTIFICATE_STATUS 22
+#ifndef OPENSSL_NO_NEXTPROTONEG
+#define SSL3_MT_NEXT_PROTO 67
+#endif
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3