OLD | NEW |
(Empty) | |
| 1 --- openssl-1.0.0b.orig/apps/apps.c 2010-11-11 14:42:19.000000000 +0000 |
| 2 +++ openssl-1.0.0b/apps/apps.c 2010-11-29 19:56:04.902465346 +0000 |
| 3 @@ -3012,3 +3012,46 @@ int raw_write_stdout(const void *buf,int |
| 4 int raw_write_stdout(const void *buf,int siz) |
| 5 { return write(fileno(stdout),buf,siz); } |
| 6 #endif |
| 7 + |
| 8 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 9 +/* next_protos_parse parses a comma separated list of strings into a string |
| 10 + * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. |
| 11 + * outlen: (output) set to the length of the resulting buffer on success. |
| 12 + * in: a NUL termianted string like "abc,def,ghi" |
| 13 + * |
| 14 + * returns: a malloced buffer or NULL on failure. |
| 15 + */ |
| 16 +unsigned char *next_protos_parse(unsigned short *outlen, const char *in) |
| 17 + { |
| 18 + size_t len; |
| 19 + unsigned char *out; |
| 20 + size_t i, start = 0; |
| 21 + |
| 22 + len = strlen(in); |
| 23 + if (len >= 65535) |
| 24 + return NULL; |
| 25 + |
| 26 + out = OPENSSL_malloc(strlen(in) + 1); |
| 27 + if (!out) |
| 28 + return NULL; |
| 29 + |
| 30 + for (i = 0; i <= len; ++i) |
| 31 + { |
| 32 + if (i == len || in[i] == ',') |
| 33 + { |
| 34 + if (i - start > 255) |
| 35 + { |
| 36 + OPENSSL_free(out); |
| 37 + return NULL; |
| 38 + } |
| 39 + out[start] = i - start; |
| 40 + start = i + 1; |
| 41 + } |
| 42 + else |
| 43 + out[i+1] = in[i]; |
| 44 + } |
| 45 + |
| 46 + *outlen = len + 1; |
| 47 + return out; |
| 48 + } |
| 49 +#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ |
| 50 --- openssl-1.0.0b.orig/apps/apps.h 2009-10-31 13:34:19.000000000 +0000 |
| 51 +++ openssl-1.0.0b/apps/apps.h 2010-11-29 19:56:04.902465346 +0000 |
| 52 @@ -358,3 +358,7 @@ int raw_write_stdout(const void *,int); |
| 53 #define TM_STOP 1 |
| 54 double app_tminterval (int stop,int usertime); |
| 55 #endif |
| 56 + |
| 57 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 58 +unsigned char *next_protos_parse(unsigned short *outlen, const char *in); |
| 59 +#endif |
| 60 --- openssl-1.0.0b.orig/apps/s_client.c 2010-11-29 19:56:04.832465351 +0000 |
| 61 +++ openssl-1.0.0b/apps/s_client.c 2010-11-29 19:56:04.902465346 +0000 |
| 62 @@ -342,6 +342,9 @@ static void sc_usage(void) |
| 63 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions
received\n"); |
| 64 BIO_printf(bio_err," -status - request certificate status from
server\n"); |
| 65 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis sessi
on tickets\n"); |
| 66 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 67 + BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, consideri
ng named protocols supported (comma-separated list)\n"); |
| 68 +# endif |
| 69 BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for
strong ciphers\n"); |
| 70 #endif |
| 71 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); |
| 72 @@ -367,6 +370,40 @@ static int MS_CALLBACK ssl_servername_cb |
| 73 |
| 74 return SSL_TLSEXT_ERR_OK; |
| 75 } |
| 76 + |
| 77 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 78 +/* This the context that we pass to next_proto_cb */ |
| 79 +typedef struct tlsextnextprotoctx_st { |
| 80 + unsigned char *data; |
| 81 + unsigned short len; |
| 82 + int status; |
| 83 +} tlsextnextprotoctx; |
| 84 + |
| 85 +static tlsextnextprotoctx next_proto; |
| 86 + |
| 87 +static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, co
nst unsigned char *in, unsigned int inlen, void *arg) |
| 88 + { |
| 89 + tlsextnextprotoctx *ctx = arg; |
| 90 + |
| 91 + if (!c_quiet) |
| 92 + { |
| 93 + /* We can assume that |in| is syntactically valid. */ |
| 94 + unsigned i; |
| 95 + BIO_printf(bio_c_out, "Protocols advertised by server: "); |
| 96 + for (i = 0; i < inlen; ) |
| 97 + { |
| 98 + if (i) |
| 99 + BIO_write(bio_c_out, ", ", 2); |
| 100 + BIO_write(bio_c_out, &in[i + 1], in[i]); |
| 101 + i += in[i] + 1; |
| 102 + } |
| 103 + BIO_write(bio_c_out, "\n", 1); |
| 104 + } |
| 105 + |
| 106 + ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, c
tx->len); |
| 107 + return SSL_TLSEXT_ERR_OK; |
| 108 + } |
| 109 +# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ |
| 110 #endif |
| 111 |
| 112 enum |
| 113 @@ -431,6 +468,9 @@ int MAIN(int argc, char **argv) |
| 114 char *servername = NULL; |
| 115 tlsextctx tlsextcbp = |
| 116 {NULL,0}; |
| 117 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 118 + const char *next_proto_neg_in = NULL; |
| 119 +# endif |
| 120 #endif |
| 121 char *sess_in = NULL; |
| 122 char *sess_out = NULL; |
| 123 @@ -658,6 +698,13 @@ int MAIN(int argc, char **argv) |
| 124 #ifndef OPENSSL_NO_TLSEXT |
| 125 else if (strcmp(*argv,"-no_ticket") == 0) |
| 126 { off|=SSL_OP_NO_TICKET; } |
| 127 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 128 + else if (strcmp(*argv,"-nextprotoneg") == 0) |
| 129 + { |
| 130 + if (--argc < 1) goto bad; |
| 131 + next_proto_neg_in = *(++argv); |
| 132 + } |
| 133 +# endif |
| 134 #endif |
| 135 else if (strcmp(*argv,"-cutthrough") == 0) |
| 136 cutthrough=1; |
| 137 @@ -766,6 +813,21 @@ bad: |
| 138 OpenSSL_add_ssl_algorithms(); |
| 139 SSL_load_error_strings(); |
| 140 |
| 141 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 142 + next_proto.status = -1; |
| 143 + if (next_proto_neg_in) |
| 144 + { |
| 145 + next_proto.data = next_protos_parse(&next_proto.len, next_proto_
neg_in); |
| 146 + if (next_proto.data == NULL) |
| 147 + { |
| 148 + BIO_printf(bio_err, "Error parsing -nextprotoneg argumen
t\n"); |
| 149 + goto end; |
| 150 + } |
| 151 + } |
| 152 + else |
| 153 + next_proto.data = NULL; |
| 154 +#endif |
| 155 + |
| 156 #ifndef OPENSSL_NO_ENGINE |
| 157 e = setup_engine(bio_err, engine_id, 1); |
| 158 if (ssl_client_engine_id) |
| 159 @@ -896,6 +958,11 @@ bad: |
| 160 SSL_CTX_set_mode(ctx, ssl_mode); |
| 161 } |
| 162 |
| 163 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 164 + if (next_proto.data) |
| 165 + SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto
); |
| 166 +#endif |
| 167 + |
| 168 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); |
| 169 if (cipher != NULL) |
| 170 if(!SSL_CTX_set_cipher_list(ctx,cipher)) { |
| 171 @@ -1755,6 +1822,18 @@ static void print_stuff(BIO *bio, SSL *s |
| 172 BIO_printf(bio,"Expansion: %s\n", |
| 173 expansion ? SSL_COMP_get_name(expansion) : "NONE"); |
| 174 #endif |
| 175 + |
| 176 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 177 + if (next_proto.status != -1) { |
| 178 + const unsigned char *proto; |
| 179 + unsigned int proto_len; |
| 180 + SSL_get0_next_proto_negotiated(s, &proto, &proto_len); |
| 181 + BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); |
| 182 + BIO_write(bio, proto, proto_len); |
| 183 + BIO_write(bio, "\n", 1); |
| 184 + } |
| 185 +#endif |
| 186 + |
| 187 SSL_SESSION_print(bio,SSL_get_session(s)); |
| 188 BIO_printf(bio,"---\n"); |
| 189 if (peer != NULL) |
| 190 --- openssl-1.0.0b.orig/apps/s_server.c 2010-06-15 17:25:02.000000000 +0000 |
| 191 +++ openssl-1.0.0b/apps/s_server.c 2010-11-29 19:56:04.902465346 +0000 |
| 192 @@ -492,6 +492,9 @@ static void sv_usage(void) |
| 193 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions rece
ived\n"); |
| 194 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session t
ickets\n"); |
| 195 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); |
| 196 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 197 + BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols fo
r the NPN extension (comma-separated list)\n"); |
| 198 +# endif |
| 199 #endif |
| 200 } |
| 201 |
| 202 @@ -826,6 +829,24 @@ BIO_printf(err, "cert_status: received % |
| 203 ret = SSL_TLSEXT_ERR_ALERT_FATAL; |
| 204 goto done; |
| 205 } |
| 206 + |
| 207 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 208 +/* This is the context that we pass to next_proto_cb */ |
| 209 +typedef struct tlsextnextprotoctx_st { |
| 210 + unsigned char *data; |
| 211 + unsigned int len; |
| 212 +} tlsextnextprotoctx; |
| 213 + |
| 214 +static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len,
void *arg) |
| 215 + { |
| 216 + tlsextnextprotoctx *next_proto = arg; |
| 217 + |
| 218 + *data = next_proto->data; |
| 219 + *len = next_proto->len; |
| 220 + |
| 221 + return SSL_TLSEXT_ERR_OK; |
| 222 + } |
| 223 +# endif /* ndef OPENSSL_NO_NPN */ |
| 224 #endif |
| 225 |
| 226 int MAIN(int, char **); |
| 227 @@ -867,6 +888,10 @@ int MAIN(int argc, char *argv[]) |
| 228 #endif |
| 229 #ifndef OPENSSL_NO_TLSEXT |
| 230 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; |
| 231 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 232 + const char *next_proto_neg_in = NULL; |
| 233 + tlsextnextprotoctx next_proto; |
| 234 +# endif |
| 235 #endif |
| 236 #ifndef OPENSSL_NO_PSK |
| 237 /* by default do not send a PSK identity hint */ |
| 238 @@ -1191,7 +1216,13 @@ int MAIN(int argc, char *argv[]) |
| 239 if (--argc < 1) goto bad; |
| 240 s_key_file2= *(++argv); |
| 241 } |
| 242 - |
| 243 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 244 + else if (strcmp(*argv,"-nextprotoneg") == 0) |
| 245 + { |
| 246 + if (--argc < 1) goto bad; |
| 247 + next_proto_neg_in = *(++argv); |
| 248 + } |
| 249 +# endif |
| 250 #endif |
| 251 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) |
| 252 else if (strcmp(*argv,"-jpake") == 0) |
| 253 @@ -1476,6 +1507,11 @@ bad: |
| 254 if (vpm) |
| 255 SSL_CTX_set1_param(ctx2, vpm); |
| 256 } |
| 257 + |
| 258 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 259 + if (next_proto.data) |
| 260 + SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_
proto); |
| 261 +# endif |
| 262 #endif |
| 263 |
| 264 #ifndef OPENSSL_NO_DH |
| 265 @@ -1617,6 +1653,21 @@ bad: |
| 266 goto end; |
| 267 } |
| 268 } |
| 269 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 270 + if (next_proto_neg_in) |
| 271 + { |
| 272 + unsigned short len; |
| 273 + next_proto.data = next_protos_parse(&len, |
| 274 + next_proto_neg_in); |
| 275 + if (next_proto.data == NULL) |
| 276 + goto end; |
| 277 + next_proto.len = len; |
| 278 + } |
| 279 + else |
| 280 + { |
| 281 + next_proto.data = NULL; |
| 282 + } |
| 283 +# endif |
| 284 #endif |
| 285 RSA_free(rsa); |
| 286 BIO_printf(bio_s_out,"\n"); |
| 287 @@ -2159,6 +2210,10 @@ static int init_ssl_connection(SSL *con) |
| 288 X509 *peer; |
| 289 long verify_error; |
| 290 MS_STATIC char buf[BUFSIZ]; |
| 291 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 292 + const unsigned char *next_proto_neg; |
| 293 + unsigned next_proto_neg_len; |
| 294 +#endif |
| 295 |
| 296 if ((i=SSL_accept(con)) <= 0) |
| 297 { |
| 298 @@ -2198,6 +2253,15 @@ static int init_ssl_connection(SSL *con) |
| 299 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); |
| 300 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); |
| 301 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); |
| 302 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 303 + SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len
); |
| 304 + if (next_proto_neg) |
| 305 + { |
| 306 + BIO_printf(bio_s_out,"NEXTPROTO is "); |
| 307 + BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); |
| 308 + BIO_printf(bio_s_out, "\n"); |
| 309 + } |
| 310 +#endif |
| 311 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); |
| 312 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & |
| 313 TLS1_FLAGS_TLS_PADDING_BUG) |
| 314 --- openssl-1.0.0b.orig/include/openssl/ssl.h 2010-11-29 19:56:04.846517045 +0
000 |
| 315 +++ openssl-1.0.0b/include/openssl/ssl.h 2010-11-29 19:56:04.965928855 +0
000 |
| 316 @@ -857,6 +857,25 @@ struct ssl_ctx_st |
| 317 /* draft-rescorla-tls-opaque-prf-input-00.txt information */ |
| 318 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t l
en, void *arg); |
| 319 void *tlsext_opaque_prf_input_callback_arg; |
| 320 + |
| 321 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 322 + /* Next protocol negotiation information */ |
| 323 + /* (for experimental NPN extension). */ |
| 324 + |
| 325 + /* For a server, this contains a callback function by which the set of |
| 326 + * advertised protocols can be provided. */ |
| 327 + int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, |
| 328 + unsigned int *len, void *arg); |
| 329 + void *next_protos_advertised_cb_arg; |
| 330 + /* For a client, this contains a callback function that selects the |
| 331 + * next protocol from the list provided by the server. */ |
| 332 + int (*next_proto_select_cb)(SSL *s, unsigned char **out, |
| 333 + unsigned char *outlen, |
| 334 + const unsigned char *in, |
| 335 + unsigned int inlen, |
| 336 + void *arg); |
| 337 + void *next_proto_select_cb_arg; |
| 338 +# endif |
| 339 #endif |
| 340 |
| 341 #ifndef OPENSSL_NO_PSK |
| 342 @@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C |
| 343 #endif |
| 344 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL
*ssl, unsigned char *cookie, unsigned int *cookie_len)); |
| 345 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL
*ssl, unsigned char *cookie, unsigned int cookie_len)); |
| 346 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 347 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, |
| 348 + int (*cb) (SSL *ssl, |
| 349 + const unsigned char **out, |
| 350 + unsigned int *outlen, |
| 351 + void *arg), void *arg); |
| 352 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, |
| 353 + int (*cb) (SSL *ssl, unsigned char **out, |
| 354 + unsigned char *outlen, |
| 355 + const unsigned char *in, |
| 356 + unsigned int inlen, void *arg), |
| 357 + void *arg); |
| 358 + |
| 359 +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, |
| 360 + const unsigned char *in, unsigned int inlen, |
| 361 + const unsigned char *client, unsigned int client_len); |
| 362 +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, |
| 363 + unsigned *len); |
| 364 + |
| 365 +#define OPENSSL_NPN_UNSUPPORTED 0 |
| 366 +#define OPENSSL_NPN_NEGOTIATED 1 |
| 367 +#define OPENSSL_NPN_NO_OVERLAP 2 |
| 368 + |
| 369 +#endif |
| 370 |
| 371 #ifndef OPENSSL_NO_PSK |
| 372 /* the maximum length of the buffer given to callbacks containing the |
| 373 @@ -1187,6 +1230,19 @@ struct ssl_st |
| 374 void *tls_session_secret_cb_arg; |
| 375 |
| 376 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ |
| 377 + |
| 378 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 379 + /* Next protocol negotiation. For the client, this is the protocol that |
| 380 + * we sent in NextProtocol and is set when handling ServerHello |
| 381 + * extensions. |
| 382 + * |
| 383 + * For a server, this is the client's selected_protocol from |
| 384 + * NextProtocol and is set when handling the NextProtocol message, |
| 385 + * before the Finished message. */ |
| 386 + unsigned char *next_proto_negotiated; |
| 387 + unsigned char next_proto_negotiated_len; |
| 388 +#endif |
| 389 + |
| 390 #define session_ctx initial_ctx |
| 391 #else |
| 392 #define session_ctx ctx |
| 393 @@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void); |
| 394 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 |
| 395 #define SSL_F_SSL3_GET_MESSAGE 142 |
| 396 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 |
| 397 +#define SSL_F_SSL3_GET_NEXT_PROTO 304 |
| 398 #define SSL_F_SSL3_GET_RECORD 143 |
| 399 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 |
| 400 #define SSL_F_SSL3_GET_SERVER_DONE 145 |
| 401 @@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void); |
| 402 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 |
| 403 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 |
| 404 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 |
| 405 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346 |
| 406 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347 |
| 407 #define SSL_R_HTTPS_PROXY_REQUEST 155 |
| 408 #define SSL_R_HTTP_REQUEST 156 |
| 409 #define SSL_R_ILLEGAL_PADDING 283 |
| 410 --- openssl-1.0.0b.orig/include/openssl/ssl3.h 2010-11-29 19:56:04.832465351 +0
000 |
| 411 +++ openssl-1.0.0b/include/openssl/ssl3.h 2010-11-29 19:56:04.965928855 +0
000 |
| 412 @@ -465,6 +465,12 @@ typedef struct ssl3_state_st |
| 413 void *server_opaque_prf_input; |
| 414 size_t server_opaque_prf_input_len; |
| 415 |
| 416 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 417 + /* Set if we saw the Next Protocol Negotiation extension from |
| 418 + our peer. */ |
| 419 + int next_proto_neg_seen; |
| 420 +#endif |
| 421 + |
| 422 struct { |
| 423 /* actually only needs to be 16+20 */ |
| 424 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; |
| 425 @@ -557,6 +563,10 @@ typedef struct ssl3_state_st |
| 426 #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) |
| 427 #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) |
| 428 #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) |
| 429 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 430 +#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) |
| 431 +#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) |
| 432 +#endif |
| 433 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) |
| 434 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) |
| 435 /* read from server */ |
| 436 @@ -602,6 +612,10 @@ typedef struct ssl3_state_st |
| 437 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) |
| 438 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) |
| 439 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) |
| 440 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 441 +#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) |
| 442 +#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) |
| 443 +#endif |
| 444 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) |
| 445 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) |
| 446 /* write to client */ |
| 447 @@ -626,6 +640,9 @@ typedef struct ssl3_state_st |
| 448 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 |
| 449 #define SSL3_MT_FINISHED 20 |
| 450 #define SSL3_MT_CERTIFICATE_STATUS 22 |
| 451 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 452 +#define SSL3_MT_NEXT_PROTO 67 |
| 453 +#endif |
| 454 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 |
| 455 |
| 456 |
| 457 --- openssl-1.0.0b.orig/include/openssl/tls1.h 2009-11-11 14:51:29.000000000 +0
000 |
| 458 +++ openssl-1.0.0b/include/openssl/tls1.h 2010-11-29 19:56:04.965928855 +0
000 |
| 459 @@ -204,6 +204,11 @@ extern "C" { |
| 460 /* Temporary extension type */ |
| 461 #define TLSEXT_TYPE_renegotiate 0xff01 |
| 462 |
| 463 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 464 +/* This is not an IANA defined extension number */ |
| 465 +#define TLSEXT_TYPE_next_proto_neg 13172 |
| 466 +#endif |
| 467 + |
| 468 /* NameType value from RFC 3546 */ |
| 469 #define TLSEXT_NAMETYPE_host_name 0 |
| 470 /* status request value from RFC 3546 */ |
| 471 --- openssl-1.0.0b.orig/ssl/s3_both.c 2010-11-29 19:56:04.846517045 +0000 |
| 472 +++ openssl-1.0.0b/ssl/s3_both.c 2010-11-29 19:56:04.965928855 +0000 |
| 473 @@ -202,15 +202,40 @@ int ssl3_send_finished(SSL *s, int a, in |
| 474 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 475 } |
| 476 |
| 477 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 478 +/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen t
o far. */ |
| 479 +static void ssl3_take_mac(SSL *s) |
| 480 + { |
| 481 + const char *sender; |
| 482 + int slen; |
| 483 + |
| 484 + if (s->state & SSL_ST_CONNECT) |
| 485 + { |
| 486 + sender=s->method->ssl3_enc->server_finished_label; |
| 487 + slen=s->method->ssl3_enc->server_finished_label_len; |
| 488 + } |
| 489 + else |
| 490 + { |
| 491 + sender=s->method->ssl3_enc->client_finished_label; |
| 492 + slen=s->method->ssl3_enc->client_finished_label_len; |
| 493 + } |
| 494 + |
| 495 + s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, |
| 496 + sender,slen,s->s3->tmp.peer_finish_md); |
| 497 + } |
| 498 +#endif |
| 499 + |
| 500 int ssl3_get_finished(SSL *s, int a, int b) |
| 501 { |
| 502 int al,i,ok; |
| 503 long n; |
| 504 unsigned char *p; |
| 505 |
| 506 +#ifdef OPENSSL_NO_NEXTPROTONEG |
| 507 /* the mac has already been generated when we received the |
| 508 * change cipher spec message and is in s->s3->tmp.peer_finish_md |
| 509 */ |
| 510 +#endif |
| 511 |
| 512 n=s->method->ssl_get_message(s, |
| 513 a, |
| 514 @@ -521,6 +546,15 @@ long ssl3_get_message(SSL *s, int st1, i |
| 515 s->init_num += i; |
| 516 n -= i; |
| 517 } |
| 518 + |
| 519 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 520 + /* If receiving Finished, record MAC of prior handshake messages for |
| 521 + * Finished verification. */ |
| 522 + if (*s->init_buf->data == SSL3_MT_FINISHED) |
| 523 + ssl3_take_mac(s); |
| 524 +#endif |
| 525 + |
| 526 + /* Feed this message into MAC computation. */ |
| 527 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); |
| 528 if (s->msg_callback) |
| 529 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->d
ata, (size_t)s->init_num + 4, s, s->msg_callback_arg); |
| 530 --- openssl-1.0.0b.orig/ssl/s3_clnt.c 2010-11-29 19:56:04.846517045 +0000 |
| 531 +++ openssl-1.0.0b/ssl/s3_clnt.c 2010-11-29 19:56:04.965928855 +0000 |
| 532 @@ -435,7 +435,16 @@ int ssl3_connect(SSL *s) |
| 533 ret=ssl3_send_change_cipher_spec(s, |
| 534 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); |
| 535 if (ret <= 0) goto end; |
| 536 + |
| 537 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) |
| 538 s->state=SSL3_ST_CW_FINISHED_A; |
| 539 +#else |
| 540 + if (s->next_proto_negotiated) |
| 541 + s->state=SSL3_ST_CW_NEXT_PROTO_A; |
| 542 + else |
| 543 + s->state=SSL3_ST_CW_FINISHED_A; |
| 544 +#endif |
| 545 + |
| 546 s->init_num=0; |
| 547 |
| 548 s->session->cipher=s->s3->tmp.new_cipher; |
| 549 @@ -463,6 +472,15 @@ int ssl3_connect(SSL *s) |
| 550 |
| 551 break; |
| 552 |
| 553 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 554 + case SSL3_ST_CW_NEXT_PROTO_A: |
| 555 + case SSL3_ST_CW_NEXT_PROTO_B: |
| 556 + ret=ssl3_send_next_proto(s); |
| 557 + if (ret <= 0) goto end; |
| 558 + s->state=SSL3_ST_CW_FINISHED_A; |
| 559 + break; |
| 560 +#endif |
| 561 + |
| 562 case SSL3_ST_CW_FINISHED_A: |
| 563 case SSL3_ST_CW_FINISHED_B: |
| 564 ret=ssl3_send_finished(s, |
| 565 @@ -3060,6 +3078,32 @@ err: |
| 566 */ |
| 567 |
| 568 #ifndef OPENSSL_NO_TLSEXT |
| 569 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 570 +int ssl3_send_next_proto(SSL *s) |
| 571 + { |
| 572 + unsigned int len, padding_len; |
| 573 + unsigned char *d; |
| 574 + |
| 575 + if (s->state == SSL3_ST_CW_NEXT_PROTO_A) |
| 576 + { |
| 577 + len = s->next_proto_negotiated_len; |
| 578 + padding_len = 32 - ((len + 2) % 32); |
| 579 + d = (unsigned char *)s->init_buf->data; |
| 580 + d[4] = len; |
| 581 + memcpy(d + 5, s->next_proto_negotiated, len); |
| 582 + d[5 + len] = padding_len; |
| 583 + memset(d + 6 + len, 0, padding_len); |
| 584 + *(d++)=SSL3_MT_NEXT_PROTO; |
| 585 + l2n3(2 + len + padding_len, d); |
| 586 + s->state = SSL3_ST_CW_NEXT_PROTO_B; |
| 587 + s->init_num = 4 + 2 + len + padding_len; |
| 588 + s->init_off = 0; |
| 589 + } |
| 590 + |
| 591 + return ssl3_do_write(s, SSL3_RT_HANDSHAKE); |
| 592 + } |
| 593 +# endif |
| 594 + |
| 595 int ssl3_check_finished(SSL *s) |
| 596 { |
| 597 int ok; |
| 598 --- openssl-1.0.0b.orig/ssl/s3_lib.c 2010-11-29 19:56:04.832465351 +0000 |
| 599 +++ openssl-1.0.0b/ssl/s3_lib.c 2010-11-29 19:56:04.965928855 +0000 |
| 600 @@ -2230,6 +2230,15 @@ void ssl3_clear(SSL *s) |
| 601 s->s3->num_renegotiations=0; |
| 602 s->s3->in_read_app_data=0; |
| 603 s->version=SSL3_VERSION; |
| 604 + |
| 605 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 606 + if (s->next_proto_negotiated) |
| 607 + { |
| 608 + OPENSSL_free(s->next_proto_negotiated); |
| 609 + s->next_proto_negotiated = NULL; |
| 610 + s->next_proto_negotiated_len = 0; |
| 611 + } |
| 612 +#endif |
| 613 } |
| 614 |
| 615 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) |
| 616 --- openssl-1.0.0b.orig/ssl/s3_pkt.c 2010-11-29 19:56:04.832465351 +0000 |
| 617 +++ openssl-1.0.0b/ssl/s3_pkt.c 2010-11-29 19:56:04.965928855 +0000 |
| 618 @@ -1394,8 +1394,10 @@ err: |
| 619 int ssl3_do_change_cipher_spec(SSL *s) |
| 620 { |
| 621 int i; |
| 622 +#ifdef OPENSSL_NO_NEXTPROTONEG |
| 623 const char *sender; |
| 624 int slen; |
| 625 +#endif |
| 626 |
| 627 if (s->state & SSL_ST_ACCEPT) |
| 628 i=SSL3_CHANGE_CIPHER_SERVER_READ; |
| 629 @@ -1418,6 +1420,7 @@ int ssl3_do_change_cipher_spec(SSL *s) |
| 630 if (!s->method->ssl3_enc->change_cipher_state(s,i)) |
| 631 return(0); |
| 632 |
| 633 +#ifdef OPENSSL_NO_NEXTPROTONEG |
| 634 /* we have to record the message digest at |
| 635 * this point so we can get it before we read |
| 636 * the finished message */ |
| 637 @@ -1434,6 +1437,7 @@ int ssl3_do_change_cipher_spec(SSL *s) |
| 638 |
| 639 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, |
| 640 sender,slen,s->s3->tmp.peer_finish_md); |
| 641 +#endif |
| 642 |
| 643 return(1); |
| 644 } |
| 645 --- openssl-1.0.0b.orig/ssl/s3_srvr.c 2010-11-29 19:56:04.846517045 +0000 |
| 646 +++ openssl-1.0.0b/ssl/s3_srvr.c 2010-11-29 19:56:04.965928855 +0000 |
| 647 @@ -538,7 +538,14 @@ int ssl3_accept(SSL *s) |
| 648 * the client uses its key from the certificate |
| 649 * for key exchange. |
| 650 */ |
| 651 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) |
| 652 s->state=SSL3_ST_SR_FINISHED_A; |
| 653 +#else |
| 654 + if (s->s3->next_proto_neg_seen) |
| 655 + s->state=SSL3_ST_SR_NEXT_PROTO_A; |
| 656 + else |
| 657 + s->state=SSL3_ST_SR_FINISHED_A; |
| 658 +#endif |
| 659 s->init_num = 0; |
| 660 } |
| 661 else |
| 662 @@ -581,10 +588,27 @@ int ssl3_accept(SSL *s) |
| 663 ret=ssl3_get_cert_verify(s); |
| 664 if (ret <= 0) goto end; |
| 665 |
| 666 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) |
| 667 s->state=SSL3_ST_SR_FINISHED_A; |
| 668 +#else |
| 669 + if (s->s3->next_proto_neg_seen) |
| 670 + s->state=SSL3_ST_SR_NEXT_PROTO_A; |
| 671 + else |
| 672 + s->state=SSL3_ST_SR_FINISHED_A; |
| 673 +#endif |
| 674 s->init_num=0; |
| 675 break; |
| 676 |
| 677 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 678 + case SSL3_ST_SR_NEXT_PROTO_A: |
| 679 + case SSL3_ST_SR_NEXT_PROTO_B: |
| 680 + ret=ssl3_get_next_proto(s); |
| 681 + if (ret <= 0) goto end; |
| 682 + s->init_num = 0; |
| 683 + s->state=SSL3_ST_SR_FINISHED_A; |
| 684 + break; |
| 685 +#endif |
| 686 + |
| 687 case SSL3_ST_SR_FINISHED_A: |
| 688 case SSL3_ST_SR_FINISHED_B: |
| 689 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, |
| 690 @@ -655,7 +679,16 @@ int ssl3_accept(SSL *s) |
| 691 if (ret <= 0) goto end; |
| 692 s->state=SSL3_ST_SW_FLUSH; |
| 693 if (s->hit) |
| 694 + { |
| 695 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) |
| 696 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; |
| 697 +#else |
| 698 + if (s->s3->next_proto_neg_seen) |
| 699 + s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PR
OTO_A; |
| 700 + else |
| 701 + s->s3->tmp.next_state=SSL3_ST_SR_FINISHE
D_A; |
| 702 +#endif |
| 703 + } |
| 704 else |
| 705 s->s3->tmp.next_state=SSL_ST_OK; |
| 706 s->init_num=0; |
| 707 @@ -3196,4 +3229,72 @@ int ssl3_send_cert_status(SSL *s) |
| 708 /* SSL3_ST_SW_CERT_STATUS_B */ |
| 709 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 710 } |
| 711 + |
| 712 +# ifndef OPENSSL_NO_NPN |
| 713 +/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It |
| 714 + * sets the next_proto member in s if found */ |
| 715 +int ssl3_get_next_proto(SSL *s) |
| 716 + { |
| 717 + int ok; |
| 718 + unsigned proto_len, padding_len; |
| 719 + long n; |
| 720 + const unsigned char *p; |
| 721 + |
| 722 + /* Clients cannot send a NextProtocol message if we didn't see the |
| 723 + * extension in their ClientHello */ |
| 724 + if (!s->s3->next_proto_neg_seen) |
| 725 + { |
| 726 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EX
TENSION); |
| 727 + return -1; |
| 728 + } |
| 729 + |
| 730 + n=s->method->ssl_get_message(s, |
| 731 + SSL3_ST_SR_NEXT_PROTO_A, |
| 732 + SSL3_ST_SR_NEXT_PROTO_B, |
| 733 + SSL3_MT_NEXT_PROTO, |
| 734 + 514, /* See the payload format below */ |
| 735 + &ok); |
| 736 + |
| 737 + if (!ok) |
| 738 + return((int)n); |
| 739 + |
| 740 + /* s->state doesn't reflect whether ChangeCipherSpec has been received |
| 741 + * in this handshake, but s->s3->change_cipher_spec does (will be reset |
| 742 + * by ssl3_get_finished). */ |
| 743 + if (!s->s3->change_cipher_spec) |
| 744 + { |
| 745 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_C
CS); |
| 746 + return -1; |
| 747 + } |
| 748 + |
| 749 + if (n < 2) |
| 750 + return 0; /* The body must be > 1 bytes long */ |
| 751 + |
| 752 + p=(unsigned char *)s->init_msg; |
| 753 + |
| 754 + /* The payload looks like: |
| 755 + * uint8 proto_len; |
| 756 + * uint8 proto[proto_len]; |
| 757 + * uint8 padding_len; |
| 758 + * uint8 padding[padding_len]; |
| 759 + */ |
| 760 + proto_len = p[0]; |
| 761 + if (proto_len + 2 > s->init_num) |
| 762 + return 0; |
| 763 + padding_len = p[proto_len + 1]; |
| 764 + if (proto_len + padding_len + 2 != s->init_num) |
| 765 + return 0; |
| 766 + |
| 767 + s->next_proto_negotiated = OPENSSL_malloc(proto_len); |
| 768 + if (!s->next_proto_negotiated) |
| 769 + { |
| 770 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE); |
| 771 + return 0; |
| 772 + } |
| 773 + memcpy(s->next_proto_negotiated, p + 1, proto_len); |
| 774 + s->next_proto_negotiated_len = proto_len; |
| 775 + |
| 776 + return 1; |
| 777 + } |
| 778 +# endif |
| 779 #endif |
| 780 --- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-29 19:56:04.846517045 +0000 |
| 781 +++ openssl-1.0.0b/ssl/ssl.h 2010-11-29 19:56:04.965928855 +0000 |
| 782 @@ -857,6 +857,25 @@ struct ssl_ctx_st |
| 783 /* draft-rescorla-tls-opaque-prf-input-00.txt information */ |
| 784 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t l
en, void *arg); |
| 785 void *tlsext_opaque_prf_input_callback_arg; |
| 786 + |
| 787 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 788 + /* Next protocol negotiation information */ |
| 789 + /* (for experimental NPN extension). */ |
| 790 + |
| 791 + /* For a server, this contains a callback function by which the set of |
| 792 + * advertised protocols can be provided. */ |
| 793 + int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, |
| 794 + unsigned int *len, void *arg); |
| 795 + void *next_protos_advertised_cb_arg; |
| 796 + /* For a client, this contains a callback function that selects the |
| 797 + * next protocol from the list provided by the server. */ |
| 798 + int (*next_proto_select_cb)(SSL *s, unsigned char **out, |
| 799 + unsigned char *outlen, |
| 800 + const unsigned char *in, |
| 801 + unsigned int inlen, |
| 802 + void *arg); |
| 803 + void *next_proto_select_cb_arg; |
| 804 +# endif |
| 805 #endif |
| 806 |
| 807 #ifndef OPENSSL_NO_PSK |
| 808 @@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C |
| 809 #endif |
| 810 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL
*ssl, unsigned char *cookie, unsigned int *cookie_len)); |
| 811 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL
*ssl, unsigned char *cookie, unsigned int cookie_len)); |
| 812 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 813 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, |
| 814 + int (*cb) (SSL *ssl, |
| 815 + const unsigned char **out, |
| 816 + unsigned int *outlen, |
| 817 + void *arg), void *arg); |
| 818 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, |
| 819 + int (*cb) (SSL *ssl, unsigned char **out, |
| 820 + unsigned char *outlen, |
| 821 + const unsigned char *in, |
| 822 + unsigned int inlen, void *arg), |
| 823 + void *arg); |
| 824 + |
| 825 +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, |
| 826 + const unsigned char *in, unsigned int inlen, |
| 827 + const unsigned char *client, unsigned int client_len); |
| 828 +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, |
| 829 + unsigned *len); |
| 830 + |
| 831 +#define OPENSSL_NPN_UNSUPPORTED 0 |
| 832 +#define OPENSSL_NPN_NEGOTIATED 1 |
| 833 +#define OPENSSL_NPN_NO_OVERLAP 2 |
| 834 + |
| 835 +#endif |
| 836 |
| 837 #ifndef OPENSSL_NO_PSK |
| 838 /* the maximum length of the buffer given to callbacks containing the |
| 839 @@ -1187,6 +1230,19 @@ struct ssl_st |
| 840 void *tls_session_secret_cb_arg; |
| 841 |
| 842 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ |
| 843 + |
| 844 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 845 + /* Next protocol negotiation. For the client, this is the protocol that |
| 846 + * we sent in NextProtocol and is set when handling ServerHello |
| 847 + * extensions. |
| 848 + * |
| 849 + * For a server, this is the client's selected_protocol from |
| 850 + * NextProtocol and is set when handling the NextProtocol message, |
| 851 + * before the Finished message. */ |
| 852 + unsigned char *next_proto_negotiated; |
| 853 + unsigned char next_proto_negotiated_len; |
| 854 +#endif |
| 855 + |
| 856 #define session_ctx initial_ctx |
| 857 #else |
| 858 #define session_ctx ctx |
| 859 @@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void); |
| 860 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 |
| 861 #define SSL_F_SSL3_GET_MESSAGE 142 |
| 862 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 |
| 863 +#define SSL_F_SSL3_GET_NEXT_PROTO 304 |
| 864 #define SSL_F_SSL3_GET_RECORD 143 |
| 865 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 |
| 866 #define SSL_F_SSL3_GET_SERVER_DONE 145 |
| 867 @@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void); |
| 868 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 |
| 869 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 |
| 870 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 |
| 871 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346 |
| 872 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347 |
| 873 #define SSL_R_HTTPS_PROXY_REQUEST 155 |
| 874 #define SSL_R_HTTP_REQUEST 156 |
| 875 #define SSL_R_ILLEGAL_PADDING 283 |
| 876 --- openssl-1.0.0b.orig/ssl/ssl3.h 2010-11-29 19:56:04.832465351 +0000 |
| 877 +++ openssl-1.0.0b/ssl/ssl3.h 2010-11-29 19:56:04.965928855 +0000 |
| 878 @@ -465,6 +465,12 @@ typedef struct ssl3_state_st |
| 879 void *server_opaque_prf_input; |
| 880 size_t server_opaque_prf_input_len; |
| 881 |
| 882 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 883 + /* Set if we saw the Next Protocol Negotiation extension from |
| 884 + our peer. */ |
| 885 + int next_proto_neg_seen; |
| 886 +#endif |
| 887 + |
| 888 struct { |
| 889 /* actually only needs to be 16+20 */ |
| 890 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; |
| 891 @@ -557,6 +563,10 @@ typedef struct ssl3_state_st |
| 892 #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) |
| 893 #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) |
| 894 #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) |
| 895 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 896 +#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) |
| 897 +#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) |
| 898 +#endif |
| 899 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) |
| 900 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) |
| 901 /* read from server */ |
| 902 @@ -602,6 +612,10 @@ typedef struct ssl3_state_st |
| 903 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) |
| 904 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) |
| 905 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) |
| 906 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 907 +#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) |
| 908 +#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) |
| 909 +#endif |
| 910 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) |
| 911 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) |
| 912 /* write to client */ |
| 913 @@ -626,6 +640,9 @@ typedef struct ssl3_state_st |
| 914 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 |
| 915 #define SSL3_MT_FINISHED 20 |
| 916 #define SSL3_MT_CERTIFICATE_STATUS 22 |
| 917 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 918 +#define SSL3_MT_NEXT_PROTO 67 |
| 919 +#endif |
| 920 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 |
| 921 |
| 922 |
| 923 --- openssl-1.0.0b.orig/ssl/ssl_err.c 2010-11-29 19:56:04.846517045 +0000 |
| 924 +++ openssl-1.0.0b/ssl/ssl_err.c 2010-11-29 19:56:04.965928855 +0000 |
| 925 @@ -155,6 +155,7 @@ static ERR_STRING_DATA SSL_str_functs[]= |
| 926 {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, |
| 927 {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, |
| 928 {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, |
| 929 +{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, |
| 930 {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, |
| 931 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, |
| 932 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, |
| 933 @@ -355,6 +356,8 @@ static ERR_STRING_DATA SSL_str_reasons[] |
| 934 {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, |
| 935 {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, |
| 936 {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, |
| 937 +{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, |
| 938 +{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without see
ing extension"}, |
| 939 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, |
| 940 {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, |
| 941 {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, |
| 942 --- openssl-1.0.0b.orig/ssl/ssl_lib.c 2010-11-29 19:56:04.846517045 +0000 |
| 943 +++ openssl-1.0.0b/ssl/ssl_lib.c 2010-11-29 19:56:04.965928855 +0000 |
| 944 @@ -354,6 +354,9 @@ SSL *SSL_new(SSL_CTX *ctx) |
| 945 s->tlsext_ocsp_resplen = -1; |
| 946 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); |
| 947 s->initial_ctx=ctx; |
| 948 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 949 + s->next_proto_negotiated = NULL; |
| 950 +# endif |
| 951 #endif |
| 952 |
| 953 s->verify_result=X509_V_OK; |
| 954 @@ -587,6 +590,11 @@ void SSL_free(SSL *s) |
| 955 kssl_ctx_free(s->kssl_ctx); |
| 956 #endif /* OPENSSL_NO_KRB5 */ |
| 957 |
| 958 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 959 + if (s->next_proto_negotiated) |
| 960 + OPENSSL_free(s->next_proto_negotiated); |
| 961 +#endif |
| 962 + |
| 963 OPENSSL_free(s); |
| 964 } |
| 965 |
| 966 @@ -1503,6 +1511,124 @@ int SSL_get_servername_type(const SSL *s |
| 967 return TLSEXT_NAMETYPE_host_name; |
| 968 return -1; |
| 969 } |
| 970 + |
| 971 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 972 +/* SSL_select_next_proto implements the standard protocol selection. It is |
| 973 + * expected that this function is called from the callback set by |
| 974 + * SSL_CTX_set_next_proto_select_cb. |
| 975 + * |
| 976 + * The protocol data is assumed to be a vector of 8-bit, length prefixed byte |
| 977 + * strings. The length byte itself is not included in the length. A byte |
| 978 + * string of length 0 is invalid. No byte string may be truncated. |
| 979 + * |
| 980 + * The current, but experimental algorithm for selecting the protocol is: |
| 981 + * |
| 982 + * 1) If the server doesn't support NPN then this is indicated to the |
| 983 + * callback. In this case, the client application has to abort the connection |
| 984 + * or have a default application level protocol. |
| 985 + * |
| 986 + * 2) If the server supports NPN, but advertises an empty list then the |
| 987 + * client selects the first protcol in its list, but indicates via the |
| 988 + * API that this fallback case was enacted. |
| 989 + * |
| 990 + * 3) Otherwise, the client finds the first protocol in the server's list |
| 991 + * that it supports and selects this protocol. This is because it's |
| 992 + * assumed that the server has better information about which protocol |
| 993 + * a client should use. |
| 994 + * |
| 995 + * 4) If the client doesn't support any of the server's advertised |
| 996 + * protocols, then this is treated the same as case 2. |
| 997 + * |
| 998 + * It returns either |
| 999 + * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or |
| 1000 + * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. |
| 1001 + */ |
| 1002 +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const uns
igned char *server, unsigned int server_len, const unsigned char *client, unsign
ed int client_len) |
| 1003 + { |
| 1004 + unsigned int i, j; |
| 1005 + const unsigned char *result; |
| 1006 + int status = OPENSSL_NPN_UNSUPPORTED; |
| 1007 + |
| 1008 + /* For each protocol in server preference order, see if we support it. *
/ |
| 1009 + for (i = 0; i < server_len; ) |
| 1010 + { |
| 1011 + for (j = 0; j < client_len; ) |
| 1012 + { |
| 1013 + if (server[i] == client[j] && |
| 1014 + memcmp(&server[i+1], &client[j+1], server[i]) == 0) |
| 1015 + { |
| 1016 + /* We found a match */ |
| 1017 + result = &server[i]; |
| 1018 + status = OPENSSL_NPN_NEGOTIATED; |
| 1019 + goto found; |
| 1020 + } |
| 1021 + j += client[j]; |
| 1022 + j++; |
| 1023 + } |
| 1024 + i += server[i]; |
| 1025 + i++; |
| 1026 + } |
| 1027 + |
| 1028 + /* There's no overlap between our protocols and the server's list. */ |
| 1029 + result = client; |
| 1030 + status = OPENSSL_NPN_NO_OVERLAP; |
| 1031 + |
| 1032 + found: |
| 1033 + *out = (unsigned char *) result + 1; |
| 1034 + *outlen = result[0]; |
| 1035 + return status; |
| 1036 + } |
| 1037 + |
| 1038 +/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's |
| 1039 + * requested protocol for this connection and returns 0. If the client didn't |
| 1040 + * request any protocol, then *data is set to NULL. |
| 1041 + * |
| 1042 + * Note that the client can request any protocol it chooses. The value returned |
| 1043 + * from this function need not be a member of the list of supported protocols |
| 1044 + * provided by the callback. |
| 1045 + */ |
| 1046 +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, u
nsigned *len) |
| 1047 + { |
| 1048 + *data = s->next_proto_negotiated; |
| 1049 + if (!*data) { |
| 1050 + *len = 0; |
| 1051 + } else { |
| 1052 + *len = s->next_proto_negotiated_len; |
| 1053 + } |
| 1054 +} |
| 1055 + |
| 1056 +/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a |
| 1057 + * TLS server needs a list of supported protocols for Next Protocol |
| 1058 + * Negotiation. The returned list must be in wire format. The list is returned |
| 1059 + * by setting |out| to point to it and |outlen| to its length. This memory will |
| 1060 + * not be modified, but one should assume that the SSL* keeps a reference to |
| 1061 + * it. |
| 1062 + * |
| 1063 + * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Othe
rwise, no |
| 1064 + * such extension will be included in the ServerHello. */ |
| 1065 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, c
onst unsigned char **out, unsigned int *outlen, void *arg), void *arg) |
| 1066 + { |
| 1067 + ctx->next_protos_advertised_cb = cb; |
| 1068 + ctx->next_protos_advertised_cb_arg = arg; |
| 1069 + } |
| 1070 + |
| 1071 +/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a |
| 1072 + * client needs to select a protocol from the server's provided list. |out| |
| 1073 + * must be set to point to the selected protocol (which may be within |in|). |
| 1074 + * The length of the protocol name must be written into |outlen|. The server's |
| 1075 + * advertised protocols are provided in |in| and |inlen|. The callback can |
| 1076 + * assume that |in| is syntactically valid. |
| 1077 + * |
| 1078 + * The client must select a protocol. It is fatal to the connection if this |
| 1079 + * callback returns a value other than SSL_TLSEXT_ERR_OK. |
| 1080 + */ |
| 1081 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned
char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen,
void *arg), void *arg) |
| 1082 + { |
| 1083 + ctx->next_proto_select_cb = cb; |
| 1084 + ctx->next_proto_select_cb_arg = arg; |
| 1085 + } |
| 1086 + |
| 1087 +# endif |
| 1088 #endif |
| 1089 |
| 1090 static unsigned long ssl_session_hash(const SSL_SESSION *a) |
| 1091 @@ -1667,6 +1793,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m |
| 1092 ret->tlsext_status_cb = 0; |
| 1093 ret->tlsext_status_arg = NULL; |
| 1094 |
| 1095 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 1096 + ret->next_protos_advertised_cb = 0; |
| 1097 + ret->next_proto_select_cb = 0; |
| 1098 +# endif |
| 1099 #endif |
| 1100 #ifndef OPENSSL_NO_PSK |
| 1101 ret->psk_identity_hint=NULL; |
| 1102 --- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-29 19:56:04.846517045 +0000 |
| 1103 +++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-29 19:56:04.965928855 +0000 |
| 1104 @@ -968,6 +968,9 @@ int ssl3_get_server_certificate(SSL *s); |
| 1105 int ssl3_check_cert_and_algorithm(SSL *s); |
| 1106 #ifndef OPENSSL_NO_TLSEXT |
| 1107 int ssl3_check_finished(SSL *s); |
| 1108 +# ifndef OPENSSL_NO_NEXTPROTONEG |
| 1109 +int ssl3_send_next_proto(SSL *s); |
| 1110 +# endif |
| 1111 #endif |
| 1112 |
| 1113 int dtls1_client_hello(SSL *s); |
| 1114 @@ -986,6 +989,9 @@ int ssl3_check_client_hello(SSL *s); |
| 1115 int ssl3_get_client_certificate(SSL *s); |
| 1116 int ssl3_get_client_key_exchange(SSL *s); |
| 1117 int ssl3_get_cert_verify(SSL *s); |
| 1118 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 1119 +int ssl3_get_next_proto(SSL *s); |
| 1120 +#endif |
| 1121 |
| 1122 int dtls1_send_hello_request(SSL *s); |
| 1123 int dtls1_send_server_hello(SSL *s); |
| 1124 --- openssl-1.0.0b.orig/ssl/t1_lib.c 2010-11-16 13:26:24.000000000 +0000 |
| 1125 +++ openssl-1.0.0b/ssl/t1_lib.c 2010-11-29 19:56:04.965928855 +0000 |
| 1126 @@ -494,6 +494,18 @@ unsigned char *ssl_add_clienthello_tlsex |
| 1127 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); |
| 1128 } |
| 1129 |
| 1130 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 1131 + if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) |
| 1132 + { |
| 1133 + /* The client advertises an emtpy extension to indicate its |
| 1134 + * support for Next Protocol Negotiation */ |
| 1135 + if (limit - ret - 4 < 0) |
| 1136 + return NULL; |
| 1137 + s2n(TLSEXT_TYPE_next_proto_neg,ret); |
| 1138 + s2n(0,ret); |
| 1139 + } |
| 1140 +#endif |
| 1141 + |
| 1142 if ((extdatalen = ret-p-2)== 0) |
| 1143 return p; |
| 1144 |
| 1145 @@ -505,6 +517,9 @@ unsigned char *ssl_add_serverhello_tlsex |
| 1146 { |
| 1147 int extdatalen=0; |
| 1148 unsigned char *ret = p; |
| 1149 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 1150 + int next_proto_neg_seen; |
| 1151 +#endif |
| 1152 |
| 1153 /* don't add extensions for SSLv3, unless doing secure renegotiation */ |
| 1154 if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) |
| 1155 @@ -618,6 +633,28 @@ unsigned char *ssl_add_serverhello_tlsex |
| 1156 |
| 1157 } |
| 1158 |
| 1159 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 1160 + next_proto_neg_seen = s->s3->next_proto_neg_seen; |
| 1161 + s->s3->next_proto_neg_seen = 0; |
| 1162 + if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) |
| 1163 + { |
| 1164 + const unsigned char *npa; |
| 1165 + unsigned int npalen; |
| 1166 + int r; |
| 1167 + |
| 1168 + r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->
next_protos_advertised_cb_arg); |
| 1169 + if (r == SSL_TLSEXT_ERR_OK) |
| 1170 + { |
| 1171 + if ((long)(limit - ret - 4 - npalen) < 0) return NULL; |
| 1172 + s2n(TLSEXT_TYPE_next_proto_neg,ret); |
| 1173 + s2n(npalen,ret); |
| 1174 + memcpy(ret, npa, npalen); |
| 1175 + ret += npalen; |
| 1176 + s->s3->next_proto_neg_seen = 1; |
| 1177 + } |
| 1178 + } |
| 1179 +#endif |
| 1180 + |
| 1181 if ((extdatalen = ret-p-2)== 0) |
| 1182 return p; |
| 1183 |
| 1184 @@ -982,6 +1019,28 @@ int ssl_parse_clienthello_tlsext(SSL *s, |
| 1185 else |
| 1186 s->tlsext_status_type = -1; |
| 1187 } |
| 1188 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 1189 + else if (type == TLSEXT_TYPE_next_proto_neg && |
| 1190 + s->s3->tmp.finish_md_len == 0) |
| 1191 + { |
| 1192 + /* We shouldn't accept this extension on a |
| 1193 + * renegotiation. |
| 1194 + * |
| 1195 + * s->new_session will be set on renegotiation, but we |
| 1196 + * probably shouldn't rely that it couldn't be set on |
| 1197 + * the initial renegotation too in certain cases (when |
| 1198 + * there's some other reason to disallow resuming an |
| 1199 + * earlier session -- the current code won't be doing |
| 1200 + * anything like that, but this might change). |
| 1201 + |
| 1202 + * A valid sign that there's been a previous handshake |
| 1203 + * in this connection is if s->s3->tmp.finish_md_len > |
| 1204 + * 0. (We are talking about a check that will happen |
| 1205 + * in the Hello protocol round, well before a new |
| 1206 + * Finished message could have been computed.) */ |
| 1207 + s->s3->next_proto_neg_seen = 1; |
| 1208 + } |
| 1209 +#endif |
| 1210 |
| 1211 /* session ticket processed earlier */ |
| 1212 data+=size; |
| 1213 @@ -1005,6 +1064,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, |
| 1214 return 1; |
| 1215 } |
| 1216 |
| 1217 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 1218 +/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No |
| 1219 + * elements of zero length are allowed and the set of elements must exactly fil
l |
| 1220 + * the length of the block. */ |
| 1221 +static int ssl_next_proto_validate(unsigned char *d, unsigned len) |
| 1222 + { |
| 1223 + unsigned int off = 0; |
| 1224 + |
| 1225 + while (off < len) |
| 1226 + { |
| 1227 + if (d[off] == 0) |
| 1228 + return 0; |
| 1229 + off += d[off]; |
| 1230 + off++; |
| 1231 + } |
| 1232 + |
| 1233 + return off == len; |
| 1234 + } |
| 1235 +#endif |
| 1236 + |
| 1237 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, i
nt n, int *al) |
| 1238 { |
| 1239 unsigned short length; |
| 1240 @@ -1139,6 +1218,39 @@ int ssl_parse_serverhello_tlsext(SSL *s, |
| 1241 /* Set flag to expect CertificateStatus message */ |
| 1242 s->tlsext_status_expected = 1; |
| 1243 } |
| 1244 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 1245 + else if (type == TLSEXT_TYPE_next_proto_neg) |
| 1246 + { |
| 1247 + unsigned char *selected; |
| 1248 + unsigned char selected_len; |
| 1249 + |
| 1250 + /* We must have requested it. */ |
| 1251 + if ((s->ctx->next_proto_select_cb == NULL)) |
| 1252 + { |
| 1253 + *al = TLS1_AD_UNSUPPORTED_EXTENSION; |
| 1254 + return 0; |
| 1255 + } |
| 1256 + /* The data must be valid */ |
| 1257 + if (!ssl_next_proto_validate(data, size)) |
| 1258 + { |
| 1259 + *al = TLS1_AD_DECODE_ERROR; |
| 1260 + return 0; |
| 1261 + } |
| 1262 + if (s->ctx->next_proto_select_cb(s, &selected, &selected
_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) |
| 1263 + { |
| 1264 + *al = TLS1_AD_INTERNAL_ERROR; |
| 1265 + return 0; |
| 1266 + } |
| 1267 + s->next_proto_negotiated = OPENSSL_malloc(selected_len); |
| 1268 + if (!s->next_proto_negotiated) |
| 1269 + { |
| 1270 + *al = TLS1_AD_INTERNAL_ERROR; |
| 1271 + return 0; |
| 1272 + } |
| 1273 + memcpy(s->next_proto_negotiated, selected, selected_len)
; |
| 1274 + s->next_proto_negotiated_len = selected_len; |
| 1275 + } |
| 1276 +#endif |
| 1277 else if (type == TLSEXT_TYPE_renegotiate) |
| 1278 { |
| 1279 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size,
al)) |
| 1280 --- openssl-1.0.0b.orig/ssl/tls1.h 2009-11-11 14:51:29.000000000 +0000 |
| 1281 +++ openssl-1.0.0b/ssl/tls1.h 2010-11-29 19:56:04.965928855 +0000 |
| 1282 @@ -204,6 +204,11 @@ extern "C" { |
| 1283 /* Temporary extension type */ |
| 1284 #define TLSEXT_TYPE_renegotiate 0xff01 |
| 1285 |
| 1286 +#ifndef OPENSSL_NO_NEXTPROTONEG |
| 1287 +/* This is not an IANA defined extension number */ |
| 1288 +#define TLSEXT_TYPE_next_proto_neg 13172 |
| 1289 +#endif |
| 1290 + |
| 1291 /* NameType value from RFC 3546 */ |
| 1292 #define TLSEXT_NAMETYPE_host_name 0 |
| 1293 /* status request value from RFC 3546 */ |
OLD | NEW |