Don't send zero length session ID if stateless session resupmtion is

[openssl.git] / ssl / ssl3.h

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 71ba3068b1387590929f1b34e92f25dd1e25bc72..646a8e6cced3e0044181c8094e7730f2339f11c5 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -419,9 +419,11 @@ typedef struct ssl3_state_st
        const unsigned char *wpend_buf;
 
        /* used during startup, digest all incoming/outgoing packets */
-       EVP_MD_CTX finish_dgst1;
-       EVP_MD_CTX finish_dgst2;
-
+       BIO *handshake_buffer;
+       /* When set of handshake digests is determined, buffer is hashed
+        * and freed and MD_CTX-es for all required digests are stored in
+        * this array */
+       EVP_MD_CTX **handshake_dgst;
        /* this is set whenerver we see a change_cipher_spec message
         * come in when we are not looking for one */
        int change_cipher_spec;
@@ -441,6 +443,14 @@ typedef struct ssl3_state_st
 
        int in_read_app_data;
 
+       /* Opaque PRF input as used for the current handshake.
+        * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
+        * (otherwise, they are merely present to improve binary compatibility) */
+       void *client_opaque_prf_input;
+       size_t client_opaque_prf_input_len;
+       void *server_opaque_prf_input;
+       size_t server_opaque_prf_input_len;
+
        struct  {
                /* actually only needs to be 16+20 */
                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
@@ -535,6 +545,8 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CR_FINISHED_B          (0x1D1|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SESSION_TICKET_A    (0x1E0|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SESSION_TICKET_B    (0x1E1|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_A       (0x1F0|SSL_ST_CONNECT)
+#define SSL3_ST_CR_CERT_STATUS_B       (0x1F1|SSL_ST_CONNECT)
 
 /* server */
 /* extra state */
@@ -576,8 +588,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SW_CHANGE_B            (0x1D1|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_A          (0x1E0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_B          (0x1E1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SESSION_TICKET_A    (0x1F0|SSL_ST_CONNECT)
-#define SSL3_ST_SW_SESSION_TICKET_B    (0x1F1|SSL_ST_CONNECT)
+#define SSL3_ST_SW_SESSION_TICKET_A    (0x1F0|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SESSION_TICKET_B    (0x1F1|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_A       (0x200|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_CERT_STATUS_B       (0x201|SSL_ST_ACCEPT)
 
 #define SSL3_MT_HELLO_REQUEST                  0
 #define SSL3_MT_CLIENT_HELLO                   1
@@ -590,6 +604,7 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CERTIFICATE_VERIFY             15
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
+#define SSL3_MT_CERTIFICATE_STATUS             22
 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3