projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Servers can't end up talking SSLv2 with legacy renegotiation disabled
[openssl.git] / ssl / ssl3.h
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 56f17f66d372df39a87a711e30184cf4beae7c4f..5f0eee6dbba6c25778cc130f77c5e92f4f53806c 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -368,13 +368,14 @@ typedef struct ssl3_buffer_st
  * enough to contain all of the cert types defined either for
  * SSLv3 and TLSv1.
  */
-#define SSL3_CT_NUMBER                 7
+#define SSL3_CT_NUMBER                 9
 
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS      0x0001
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED       0x0002
 #define SSL3_FLAGS_POP_BUFFER                  0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
+#define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
 
 typedef struct ssl3_state_st
        {
@@ -502,6 +503,12 @@ typedef struct ssl3_state_st
                int cert_request;
                } tmp;
 
+        /* Connection binding to prevent renegotiation attacks */
+        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_client_finished_len;
+        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_server_finished_len;
+        int send_connection_binding; /* TODOEKR */
        } SSL3_STATE;
 
 
Unnamed repository; edit this file 'description' to name the repository.