Add support for arbitrary TLS extensions. Contributed by Trevor Perrin.

commit: a398f821fa98b9923a426cf45b268cf4d56c89bd [log] [tgz]
author: Trevor <trevp@trevp.net> Sun May 12 18:55:27 2013 -0700
committer: Ben Laurie <ben@links.org> Wed Jun 12 17:01:13 2013 +0100
tree: 7bedc4b2a027f86e9d2d8cd9b4814ebddaf0c39e
parent: 6d84daa5d665e0de30c3d970cab65e8ade4d5b14 [diff] [blame]
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index d06f912..56f9b4b 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h

@@ -510,6 +510,14 @@
 	 *   uint8_t data[length]; */
 	unsigned char *authz;
 	size_t authz_length;
+
+	/* serverinfo data for this certificate.  The data is in TLS Extension
+	 * wire format, specifically it's a series of records like:
+	 *   uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension)
+	 *   uint16_t length;
+	 *   uint8_t data[length]; */
+	unsigned char *serverinfo;
+	size_t serverinfo_length;
 #endif
 	/* Set if CERT_PKEY can be used with current SSL session: e.g.
 	 * appropriate curve, signature algorithms etc. If zero it can't be
@@ -1000,7 +1008,11 @@
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
+#ifndef OPENSSL_NO_TLSEXT
 unsigned char *ssl_get_authz_data(SSL *s, size_t *authz_length);
+int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
+				   size_t *serverinfo_length);
+#endif
 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
commit	a398f821fa98b9923a426cf45b268cf4d56c89bd	[log] [tgz]
author	Trevor <trevp@trevp.net>	Sun May 12 18:55:27 2013 -0700
committer	Ben Laurie <ben@links.org>	Wed Jun 12 17:01:13 2013 +0100
tree	7bedc4b2a027f86e9d2d8cd9b4814ebddaf0c39e
parent	6d84daa5d665e0de30c3d970cab65e8ade4d5b14 [diff] [blame]