TLS ticket key setting callback: this allows and application to set

[openssl.git] / ssl / ssl.h

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 75159231b727edb1eee7d55d26a3e7431eb4464f..6df921f3c18360c96c6ac4c492dd443d1bb5cb36 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -187,6 +187,7 @@
 #include <openssl/buffer.h>
 #endif
 #include <openssl/pem.h>
+#include <openssl/hmac.h>
 
 #include <openssl/kssl.h>
 #include <openssl/safestack.h>
@@ -767,7 +768,12 @@ struct ssl_ctx_st
        unsigned char tlsext_tick_key_name[16];
        unsigned char tlsext_tick_hmac_key[16];
        unsigned char tlsext_tick_aes_key[16];
-  
+       /* Callback to support customisation of ticket key setting */
+       int (*tlsext_ticket_key_cb)(SSL *ssl,
+                                       unsigned char *name, unsigned char *iv,
+                                       EVP_CIPHER_CTX *ectx,
+                                       HMAC_CTX *hctx, int enc);
+
        /* certificate status request info */
        /* Callback for status request */
        int (*tlsext_status_cb)(SSL *ssl, void *arg);
@@ -1252,6 +1258,8 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS     69
 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP       70
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP       71
+
+#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB      72
 #endif
 
 #define SSL_session_reused(ssl) \