RFC 5878 support.

[openssl.git] / ssl / ssl_sess.c

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 9e8f2e4eced2a7911e3fd046e9b52b4c4f12e097..093ea60ae6235ac6273c196a2d9c0005f78bfe32 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -739,6 +739,8 @@ void SSL_SESSION_free(SSL_SESSION *ss)
        ss->tlsext_ellipticcurvelist_length = 0;
        if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
 #endif /* OPENSSL_NO_EC */
+       if (ss->audit_proof != NULL) OPENSSL_free(ss->audit_proof);
+       ss->audit_proof_length = 0;
 #endif
 #ifndef OPENSSL_NO_PSK
        if (ss->psk_identity_hint != NULL)
@@ -860,6 +862,15 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
        return 1;
        }
 
+#ifndef OPENSSL_NO_TLSEXT
+unsigned char *SSL_SESSION_get_tlsext_authz_server_audit_proof(SSL_SESSION *s, size_t *proof_length)
+       {
+       if (s->audit_proof != NULL)
+               *proof_length = s->audit_proof_length;
+       return s->audit_proof;
+       }
+#endif
+
 long SSL_CTX_set_timeout(SSL_CTX *s, long t)
        {
        long l;