PR: 2295

[openssl.git] / ssl / ssl3.h

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index baaa89e717073dff29eb0b0c123358f54104435c..aa9987f3e66ea8826f925e0bcd56d4c2f313c0b6 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -339,6 +339,8 @@ extern "C" {
 #define SSL3_AD_CERTIFICATE_UNKNOWN    46
 #define SSL3_AD_ILLEGAL_PARAMETER      47      /* fatal */
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
 typedef struct ssl3_record_st
        {
 /*r */ int type;               /* type of record */
@@ -360,6 +362,8 @@ typedef struct ssl3_buffer_st
        int left;               /* how many bytes left */
        } SSL3_BUFFER;
 
+#endif
+
 #define SSL3_CT_RSA_SIGN                       1
 #define SSL3_CT_DSS_SIGN                       2
 #define SSL3_CT_RSA_FIXED_DH                   3
@@ -379,6 +383,9 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_POP_BUFFER                  0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
+#define TLS1_FLAGS_KEEP_HANDSHAKE              0x0020
+
+#ifndef OPENSSL_NO_SSL_INTERN
 
 typedef struct ssl3_state_st
        {
@@ -455,6 +462,12 @@ typedef struct ssl3_state_st
        void *server_opaque_prf_input;
        size_t server_opaque_prf_input_len;
 
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       /* Set if we saw the Next Protocol Negotiation extension from
+          our peer. */
+       int next_proto_neg_seen;
+#endif
+
        struct  {
                /* actually only needs to be 16+20 */
                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
@@ -464,7 +477,7 @@ typedef struct ssl3_state_st
                int finish_md_len;
                unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
                int peer_finish_md_len;
-               
+
                unsigned long message_size;
                int message_type;
 
@@ -514,6 +527,7 @@ typedef struct ssl3_state_st
         int send_connection_binding; /* TODOEKR */
        } SSL3_STATE;
 
+#endif
 
 /* SSLv3 */
 /*client */
@@ -546,6 +560,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CW_CERT_VRFY_B         (0x191|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_A            (0x1A0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_B            (0x1A1|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
+#define SSL3_ST_CW_NEXT_PROTO_A                (0x200|SSL_ST_CONNECT)
+#define SSL3_ST_CW_NEXT_PROTO_B                (0x201|SSL_ST_CONNECT)
+#endif
 #define SSL3_ST_CW_FINISHED_A          (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B          (0x1B1|SSL_ST_CONNECT)
 /* read from server */
@@ -566,6 +584,8 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CLNT_HELLO_A                (0x110|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_B                (0x111|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CLNT_HELLO_C                (0x112|SSL_ST_ACCEPT)
+/* a new state to remember that we have already receive a ClientHello without srp username extension */
+#define SSL3_ST_SR_CLNT_HELLO_SRP_USERNAME (0x1E2|SSL_ST_ACCEPT)
 /* write to client */
 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
 #define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
@@ -591,6 +611,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CERT_VRFY_B         (0x1A1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_A            (0x1B0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_B            (0x1B1|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
+#define SSL3_ST_SR_NEXT_PROTO_A                (0x210|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_NEXT_PROTO_B                (0x211|SSL_ST_ACCEPT)
+#endif
 #define SSL3_ST_SR_FINISHED_A          (0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B          (0x1C1|SSL_ST_ACCEPT)
 /* write to client */
@@ -615,6 +639,9 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
 #define SSL3_MT_CERTIFICATE_STATUS             22
+#ifndef OPENSSL_NO_NEXTPROTONEG
+#define SSL3_MT_NEXT_PROTO                     67
+#endif
 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3