&& (s)->method->version != TLS_ANY_VERSION)
# define SSL_TREAT_AS_TLS13(s) \
- (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
- || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
+ (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
+ || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
+ || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
+ || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
+ || (s)->hello_retry_request == SSL_HRR_PENDING)
-# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0)
+# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \
+ || (s)->s3->tmp.peer_finish_md_len == 0)
/* See if we need explicit IV */
# define SSL_USE_EXPLICIT_IV(s) \
size_t cert_verify_hash_len;
/* Flag to indicate whether we should send a HelloRetryRequest or not */
- int hello_retry_request;
+ enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE}
+ hello_retry_request;
/*
* the session_id_context is used to ensure sessions are only reused in
size_t psksession_id_len;
/* Default generate session ID callback. */
GEN_SESSION_CB generate_session_id;
+ /*
+ * The temporary TLSv1.3 session id. This isn't really a session id at all
+ * but is a random value sent in the legacy session id field.
+ */
+ unsigned char tmp_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+ size_t tmp_session_id_len;
/* Used in SSL3 */
/*
* 0 don't care about verify failure.
__owur int ssl_set_version_bound(int method_version, int version, int *bound);
__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello,
DOWNGRADE *dgrd);
-__owur int ssl_choose_client_version(SSL *s, int version, int checkdgrd);
+__owur int ssl_choose_client_version(SSL *s, int version,
+ RAW_EXTENSION *extensions);
int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version);
__owur long tls1_default_timeout(void);
projects / openssl.git / blobdiff