# include <openssl/ssl.h>
# include <openssl/async.h>
# include <openssl/symhacks.h>
-
+# ifndef OPENSSL_NO_CT
+# include <openssl/ct.h>
+# endif
#include "record/record.h"
#include "statem/statem.h"
#include "packet_locl.h"
# define SSL_eGOST2814789CNT12 0x00040000U
# define SSL_CHACHA20POLY1305 0x00080000U
-# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM|SSL_AES128CCM|SSL_AES256CCM|SSL_AES128CCM8|SSL_AES256CCM8)
+# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM)
+# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
+# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
int quiet_shutdown;
+# ifndef OPENSSL_NO_CT
+ CTLOG_STORE *ctlog_store; /* CT Log Store */
+ /*
+ * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+ * If they are not, the connection should be aborted.
+ */
+ ct_validation_cb ct_validation_callback;
+ void *ct_validation_callback_arg;
+# endif
+
/*
* Maximum amount of data to send in one fragment. actual record size can
* be more than this due to padding and MAC overheads.
/* certificate status request info */
/* Status type or -1 if no status type */
int tlsext_status_type;
+# ifndef OPENSSL_NO_CT
+ /*
+ * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+ * If they are not, the connection should be aborted.
+ */
+ ct_validation_cb ct_validation_callback;
+ /* User-supplied argument tha tis passed to the ct_validation_callback */
+ void *ct_validation_callback_arg;
+ /*
+ * Consolidated stack of SCTs from all sources.
+ * Lazily populated by CT_get_peer_scts(SSL*)
+ */
+ STACK_OF(SCT) *scts;
+ /* Raw extension data, if seen */
+ unsigned char *tlsext_scts;
+ /* Length of raw extension data, if seen */
+ uint16_t tlsext_scts_len;
+ /* Have we attempted to find/parse SCTs yet? */
+ int scts_parsed;
+# endif
/* Expect OCSP CertificateStatus message */
int tlsext_status_expected;
/* OCSP status request only */
/* Async Job info */
ASYNC_JOB *job;
+ ASYNC_WAIT_CTX *waitctx;
};
int idx);
void tls1_set_cert_validity(SSL *s);
+#ifndef OPENSSL_NO_CT
+__owur int SSL_validate_ct(SSL *s);
+#endif
+
# ifndef OPENSSL_NO_DH
__owur DH *ssl_get_auto_dh(SSL *s);
# endif