Add new "valid_flags" field to CERT_PKEY structure which determines what

[openssl.git] / ssl / ssl3.h

diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 4e72c1749bc1b9710866b01bdba2809ccb2cfdf2..74274771ff8aab39f17faee8974b314932114136 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -536,10 +536,25 @@ typedef struct ssl3_state_st
         int send_connection_binding; /* TODOEKR */
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
-       /* Set if we saw the Next Protocol Negotiation extension from
-          our peer. */
+       /* Set if we saw the Next Protocol Negotiation extension from our peer. */
        int next_proto_neg_seen;
 #endif
+
+#ifndef OPENSSL_NO_TLSEXT
+       /* tlsext_authz_client_types contains an array of supported authz
+        * types, as advertised by the client. The array is sorted and
+        * does not contain any duplicates. */
+       unsigned char *tlsext_authz_client_types;
+       size_t tlsext_authz_client_types_len;
+       /* tlsext_authz_promised_to_client is true iff we're a server and we
+        * echoed the client's supplemental data extension and therefore must
+        * send a supplemental data handshake message. */
+       char tlsext_authz_promised_to_client;
+       /* tlsext_authz_server_promised is true iff we're a client and the
+        * server echoed our server_authz extension and therefore must send us
+        * a supplemental data handshake message. */
+       char tlsext_authz_server_promised;
+#endif
        } SSL3_STATE;
 
 #endif
@@ -568,6 +583,8 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CR_CERT_REQ_B          (0x151|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_DONE_A         (0x160|SSL_ST_CONNECT)
 #define SSL3_ST_CR_SRVR_DONE_B         (0x161|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SUPPLEMENTAL_DATA_A (0x210|SSL_ST_CONNECT)
+#define SSL3_ST_CR_SUPPLEMENTAL_DATA_B  (0x211|SSL_ST_CONNECT)
 /* write to server */
 #define SSL3_ST_CW_CERT_A              (0x170|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CERT_B              (0x171|SSL_ST_CONNECT)
@@ -647,6 +664,8 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SW_SESSION_TICKET_B    (0x1F1|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_CERT_STATUS_A       (0x200|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_CERT_STATUS_B       (0x201|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SUPPLEMENTAL_DATA_A (0x220|SSL_ST_ACCEPT)
+#define SSL3_ST_SW_SUPPLEMENTAL_DATA_B (0x221|SSL_ST_ACCEPT)
 
 #define SSL3_MT_HELLO_REQUEST                  0
 #define SSL3_MT_CLIENT_HELLO                   1
@@ -660,6 +679,7 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CLIENT_KEY_EXCHANGE            16
 #define SSL3_MT_FINISHED                       20
 #define SSL3_MT_CERTIFICATE_STATUS             22
+#define SSL3_MT_SUPPLEMENTAL_DATA              23
 #ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_MT_NEXT_PROTO                     67
 #endif
@@ -682,4 +702,3 @@ typedef struct ssl3_state_st
 }
 #endif
 #endif
-