X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=inc%2Fbearssl_ssl.h;h=3faf1bef4ca394f660525bc7ba4d4fbbe71df1ad;hp=a9923198aee46aa4aca4dadf9dcbc70bd608790d;hb=d16eee962a72a600c370f18f2ae25b36b4f532df;hpb=3b044d4296b1dffa5586658e152e1c7bd8144410;ds=sidebyside diff --git a/inc/bearssl_ssl.h b/inc/bearssl_ssl.h index a992319..3faf1be 100644 --- a/inc/bearssl_ssl.h +++ b/inc/bearssl_ssl.h @@ -574,6 +574,11 @@ typedef struct { unsigned char reneg; unsigned char saved_finished[24]; + /* + * Behavioural flags. + */ + uint32_t flags; + /* * Context variables for the handshake processor. * The 'pad' must be large enough to accommodate an @@ -653,6 +658,45 @@ typedef struct { } br_ssl_engine_context; +/* + * Get currently defined engine behavioural flags. + */ +static inline uint32_t +br_ssl_engine_get_flags(br_ssl_engine_context *cc) +{ + return cc->flags; +} + +/* + * Set all engine flags. Flags which are not in the 'flags' argument + * are cleared. + */ +static inline void +br_ssl_engine_set_all_flags(br_ssl_engine_context *cc, uint32_t flags) +{ + cc->flags = flags; +} + +/* + * Add some engine flags. The provided flags are set in the engine context, + * but other flags are untouched. + */ +static inline void +br_ssl_engine_add_flags(br_ssl_engine_context *cc, uint32_t flags) +{ + cc->flags |= flags; +} + +/* + * Remove some engine flags. The provided flags are cleared from the + * engine context, but other flags are untouched. + */ +static inline void +br_ssl_engine_remove_flags(br_ssl_engine_context *cc, uint32_t flags) +{ + cc->flags &= ~flags; +} + /* * Set the minimum and maximum supported protocol versions. */ @@ -1370,11 +1414,6 @@ struct br_ssl_server_context_ { */ br_ssl_engine_context eng; - /* - * Flags. - */ - uint32_t flags; - /* * Maximum version from the client. */ @@ -1437,51 +1476,19 @@ struct br_ssl_server_context_ { */ }; -/* - * Get currently defined server behavioural flags. - */ -static inline uint32_t -br_ssl_server_get_flags(br_ssl_server_context *cc) -{ - return cc->flags; -} - -/* - * Set all server flags. Flags which are not in the 'flags' argument - * are cleared. - */ -static inline void -br_ssl_server_set_all_flags(br_ssl_server_context *cc, uint32_t flags) -{ - cc->flags = flags; -} - -/* - * Add some server flags. The provided flags are set in the server context, - * but other flags are untouched. - */ -static inline void -br_ssl_server_add_flags(br_ssl_server_context *cc, uint32_t flags) -{ - cc->flags |= flags; -} - -/* - * Remove some server flags. The provided flags are cleared from the - * server context, but other flags are untouched. - */ -static inline void -br_ssl_server_remove_flags(br_ssl_server_context *cc, uint32_t flags) -{ - cc->flags &= ~flags; -} - /* * If this flag is set, then the server will enforce its own cipher suite * preference order; otherwise, it follows the client preferences. */ #define BR_OPT_ENFORCE_SERVER_PREFERENCES ((uint32_t)1 << 0) +/* + * If this flag is set, then renegotiations are rejected unconditionally: + * they won't be honoured if asked for programmatically, and requests from + * the peer are rejected. + */ +#define BR_OPT_NO_RENEGOTIATION ((uint32_t)1 << 1) + /* * Each br_ssl_server_init_xxx() function sets the list of supported * cipher suites and used implementations, as specified by the profile