- /* tlsext_authz_client_types contains an array of supported authz
- * types, as advertised by the client. The array is sorted and
- * does not contain any duplicates. */
- unsigned char *tlsext_authz_client_types;
- size_t tlsext_authz_client_types_len;
- /* tlsext_authz_promised_to_client is true iff we're a server and we
- * echoed the client's supplemental data extension and therefore must
- * send a supplemental data handshake message. */
- char tlsext_authz_promised_to_client;
- /* tlsext_authz_server_promised is true iff we're a client and the
- * server echoed our server_authz extension and therefore must send us
- * a supplemental data handshake message. */
- char tlsext_authz_server_promised;
-#endif
+
+ /* ALPN information
+ * (we are in the process of transitioning from NPN to ALPN.) */
+
+ /* In a server these point to the selected ALPN protocol after the
+ * ClientHello has been processed. In a client these contain the
+ * protocol that the server selected once the ServerHello has been
+ * processed. */
+ unsigned char *alpn_selected;
+ unsigned alpn_selected_len;
+
+#ifndef OPENSSL_NO_EC
+ /* This is set to true if we believe that this is a version of Safari
+ * running on OS X 10.6 or newer. We wish to know this because Safari
+ * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+ char is_probably_safari;
+#endif /* !OPENSSL_NO_EC */
+
+#endif /* !OPENSSL_NO_TLSEXT */