X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=inc%2Fbearssl_ssl.h;h=a9923198aee46aa4aca4dadf9dcbc70bd608790d;hp=24d773c9554894923ef75a9cb30fa7910792a966;hb=60126cafc85572a53d38752b8830e91c7ab18f88;hpb=3210f38e0491b39aec1ef419cb4114e9483089fb;ds=sidebyside

diff --git a/inc/bearssl_ssl.h b/inc/bearssl_ssl.h
index 24d773c..a992319 100644
--- a/inc/bearssl_ssl.h
+++ b/inc/bearssl_ssl.h
@@ -1020,6 +1020,14 @@ typedef struct {
 	 */
 	br_ssl_engine_context eng;
 
+	/*
+	 * Minimum ClientHello length; padding with an extension (RFC
+	 * 7685) is added if necessary to match at least that length.
+	 * Such padding is nominally unnecessary, but it has been used
+	 * to work around some server implementation bugs.
+	 */
+	uint16_t min_clienthello_len;
+
 	/*
 	 * Implementations.
 	 */
@@ -1081,6 +1089,15 @@ br_ssl_client_set_ecdsa(br_ssl_client_context *cc, br_ecdsa_vrfy iecdsa)
 	cc->iecdsa = iecdsa;
 }
 
+/*
+ * Set the minimum ClientHello length (RFC 7685 padding).
+ */
+static inline void
+br_ssl_client_set_min_clienthello_len(br_ssl_client_context *cc, uint16_t len)
+{
+	cc->min_clienthello_len = len;
+}
+
 /*
  * Prepare or reset a client context for connecting with a server of
  * name 'server_name'. The 'server_name' parameter is used to fill the