projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
x86_64-xlate.pl: updates from HEAD.
[openssl.git] / ssl / ssl3.h
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index c2db3bd6363d32afc07920d329fb54a8d34621c0..baaa89e717073dff29eb0b0c123358f54104435c 100644 (file)
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -128,6 +128,9 @@
 extern "C" {
 #endif
 
+/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */
+#define SSL3_CK_SCSV                           0x030000FF
+
 #define SSL3_CK_RSA_NULL_MD5                   0x03000001
 #define SSL3_CK_RSA_NULL_SHA                   0x03000002
 #define SSL3_CK_RSA_RC4_40_MD5                         0x03000003
@@ -375,6 +378,7 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED       0x0002
 #define SSL3_FLAGS_POP_BUFFER                  0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
+#define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
 
 typedef struct ssl3_state_st
        {
@@ -502,6 +506,12 @@ typedef struct ssl3_state_st
                int cert_request;
                } tmp;
 
+        /* Connection binding to prevent renegotiation attacks */
+        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_client_finished_len;
+        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_server_finished_len;
+        int send_connection_binding; /* TODOEKR */
        } SSL3_STATE;
 
 
Unnamed repository; edit this file 'description' to name the repository.