*/
unsigned char client_random[32];
unsigned char server_random[32];
- /* obsolete
- unsigned char session_id[32];
- unsigned char session_id_len;
- uint16_t version;
- uint16_t cipher_suite;
- unsigned char master_secret[48];
- */
br_ssl_session_parameters session;
/*
unsigned char reneg;
unsigned char saved_finished[24];
+ /*
+ * Behavioural flags.
+ */
+ uint32_t flags;
+
/*
* Context variables for the handshake processor.
* The 'pad' must be large enough to accommodate an
} br_ssl_engine_context;
+/*
+ * Get currently defined engine behavioural flags.
+ */
+static inline uint32_t
+br_ssl_engine_get_flags(br_ssl_engine_context *cc)
+{
+ return cc->flags;
+}
+
+/*
+ * Set all engine flags. Flags which are not in the 'flags' argument
+ * are cleared.
+ */
+static inline void
+br_ssl_engine_set_all_flags(br_ssl_engine_context *cc, uint32_t flags)
+{
+ cc->flags = flags;
+}
+
+/*
+ * Add some engine flags. The provided flags are set in the engine context,
+ * but other flags are untouched.
+ */
+static inline void
+br_ssl_engine_add_flags(br_ssl_engine_context *cc, uint32_t flags)
+{
+ cc->flags |= flags;
+}
+
+/*
+ * Remove some engine flags. The provided flags are cleared from the
+ * engine context, but other flags are untouched.
+ */
+static inline void
+br_ssl_engine_remove_flags(br_ssl_engine_context *cc, uint32_t flags)
+{
+ cc->flags &= ~flags;
+}
+
/*
* Set the minimum and maximum supported protocol versions.
*/
return cc->server_name;
}
+/*
+ * Get a copy of the session parameters. The session parameters are
+ * filled during the handshake, so this function shall not be called
+ * before completion of the handshake.
+ */
+static inline void
+br_ssl_engine_get_session_parameters(const br_ssl_engine_context *cc,
+ br_ssl_session_parameters *pp)
+{
+ memcpy(pp, &cc->session, sizeof *pp);
+}
+
+/*
+ * Set the session parameters to the provided value. This function
+ * is meant to be used in the client, before doing a new handshake;
+ * a session resumption will be attempted with these parameters. In
+ * the server, this function has no effect.
+ */
+static inline void
+br_ssl_engine_set_session_parameters(br_ssl_engine_context *cc,
+ const br_ssl_session_parameters *pp)
+{
+ memcpy(&cc->session, pp, sizeof *pp);
+}
+
/*
* An SSL engine (client or server) has, at any time, a state which is
* the combination of zero, one or more of these flags:
*/
br_ssl_engine_context eng;
- /*
- * Flags.
- */
- uint32_t flags;
-
/*
* Maximum version from the client.
*/
*/
};
-/*
- * Get currently defined server behavioural flags.
- */
-static inline uint32_t
-br_ssl_server_get_flags(br_ssl_server_context *cc)
-{
- return cc->flags;
-}
-
-/*
- * Set all server flags. Flags which are not in the 'flags' argument
- * are cleared.
- */
-static inline void
-br_ssl_server_set_all_flags(br_ssl_server_context *cc, uint32_t flags)
-{
- cc->flags = flags;
-}
-
-/*
- * Add some server flags. The provided flags are set in the server context,
- * but other flags are untouched.
- */
-static inline void
-br_ssl_server_add_flags(br_ssl_server_context *cc, uint32_t flags)
-{
- cc->flags |= flags;
-}
-
-/*
- * Remove some server flags. The provided flags are cleared from the
- * server context, but other flags are untouched.
- */
-static inline void
-br_ssl_server_remove_flags(br_ssl_server_context *cc, uint32_t flags)
-{
- cc->flags &= ~flags;
-}
-
/*
* If this flag is set, then the server will enforce its own cipher suite
* preference order; otherwise, it follows the client preferences.
*/
#define BR_OPT_ENFORCE_SERVER_PREFERENCES ((uint32_t)1 << 0)
+/*
+ * If this flag is set, then renegotiations are rejected unconditionally:
+ * they won't be honoured if asked for programmatically, and requests from
+ * the peer are rejected.
+ */
+#define BR_OPT_NO_RENEGOTIATION ((uint32_t)1 << 1)
+
/*
* Each br_ssl_server_init_xxx() function sets the list of supported
* cipher suites and used implementations, as specified by the profile