*/
SSL_CTX_keylog_cb_func keylog_callback;
- /* The maximum number of bytes that can be sent as early data */
+ /*
+ * The maximum number of bytes advertised in session tickets that can be
+ * sent as early data.
+ */
uint32_t max_early_data;
+ /*
+ * The maximum number of bytes of early data that a server will tolerate
+ * (which should be at least as much as max_early_data).
+ */
+ uint32_t recv_max_early_data;
+
/* TLS1.3 padding callback */
size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
void *record_padding_arg;
/* The number of TLS1.3 tickets to automatically send */
size_t num_tickets;
+
+ /* Callback to determine if early_data is acceptable or not */
+ SSL_allow_early_data_cb_fn allow_early_data_cb;
+ void *allow_early_data_cb_data;
};
struct ssl_st {
SSL_psk_find_session_cb_func psk_find_session_cb;
SSL_psk_use_session_cb_func psk_use_session_cb;
- int (*allow_early_data_cb)(SSL *s, SSL_SESSION *sess);
-
SSL_CTX *ctx;
/* Verified chain of peer */
STACK_OF(X509) *verified_chain;
ASYNC_WAIT_CTX *waitctx;
size_t asyncrw;
- /* The maximum number of plaintext bytes that can be sent as early data */
+ /*
+ * The maximum number of bytes advertised in session tickets that can be
+ * sent as early data.
+ */
uint32_t max_early_data;
+ /*
+ * The maximum number of bytes of early data that a server will tolerate
+ * (which should be at least as much as max_early_data).
+ */
+ uint32_t recv_max_early_data;
+
/*
* The number of bytes of early data received so far. If we accepted early
* data then this is a count of the plaintext bytes. If we rejected it then
size_t sent_tickets;
/* The next nonce value to use when we send a ticket on this connection */
uint64_t next_ticket_nonce;
+
+ /* Callback to determine if early_data is acceptable or not */
+ SSL_allow_early_data_cb_fn allow_early_data_cb;
+ void *allow_early_data_cb_data;
};
/*
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
void *other);
+__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
size_t *pidx);
__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
__owur int ssl_allow_compression(SSL *s);
-__owur int ssl_version_supported(const SSL *s, int version);
+__owur int ssl_version_supported(const SSL *s, int version,
+ const SSL_METHOD **meth);
__owur int ssl_set_client_hello_version(SSL *s);
__owur int ssl_check_version_downgrade(SSL *s);