extern const char SSL_version_str[];
-
-
typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
+typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg);
+void SSL_set_allow_early_data_cb(SSL *s,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg);
+
# ifdef __cplusplus
}
# endif
s->key_update = SSL_KEY_UPDATE_NONE;
+ s->allow_early_data_cb = ctx->allow_early_data_cb;
+ s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
+
if (!s->method->ssl_new(s))
goto err;
ctx->ticket_cb_data = arg;
return 1;
}
+
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg)
+{
+ ctx->allow_early_data_cb = cb;
+ ctx->allow_early_data_cb_data = arg;
+}
+
+void SSL_set_allow_early_data_cb(SSL *s,
+ SSL_allow_early_data_cb_fn cb,
+ void *arg)
+{
+ s->allow_early_data_cb = cb;
+ s->allow_early_data_cb_data = arg;
+}
/* The number of TLS1.3 tickets to automatically send */
size_t num_tickets;
+
+ /* Callback to determine if early_data is acceptable or not */
+ SSL_allow_early_data_cb_fn allow_early_data_cb;
+ void *allow_early_data_cb_data;
};
struct ssl_st {
SSL_psk_find_session_cb_func psk_find_session_cb;
SSL_psk_use_session_cb_func psk_use_session_cb;
- int (*allow_early_data_cb)(SSL *s, SSL_SESSION *sess);
-
SSL_CTX *ctx;
/* Verified chain of peer */
STACK_OF(X509) *verified_chain;
size_t sent_tickets;
/* The next nonce value to use when we send a ticket on this connection */
uint64_t next_ticket_nonce;
+
+ /* Callback to determine if early_data is acceptable or not */
+ SSL_allow_early_data_cb_fn allow_early_data_cb;
+ void *allow_early_data_cb_data;
};
/*
|| s->session->ext.tick_identity != 0
|| s->early_data_state != SSL_EARLY_DATA_ACCEPTING
|| !s->ext.early_data_ok
- || s->hello_retry_request != SSL_HRR_NONE) {
+ || s->hello_retry_request != SSL_HRR_NONE
+ || (s->ctx->allow_early_data_cb != NULL
+ && !s->ctx->allow_early_data_cb(s,
+ s->ctx->allow_early_data_cb_data))) {
s->ext.early_data = SSL_EARLY_DATA_REJECTED;
} else {
s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
SSL_CTX_get_num_tickets 491 1_1_1 EXIST::FUNCTION:
SSL_get_num_tickets 492 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_num_tickets 493 1_1_1 EXIST::FUNCTION:
+SSL_CTX_set_allow_early_data_cb 494 1_1_1 EXIST::FUNCTION:
+SSL_set_allow_early_data_cb 495 1_1_1 EXIST::FUNCTION: