+ /* Connection binding to prevent renegotiation attacks */
+ unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+ unsigned char previous_client_finished_len;
+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+ unsigned char previous_server_finished_len;
+ int send_connection_binding; /* TODOEKR */
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+ /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+ int next_proto_neg_seen;
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+ /* tlsext_authz_client_types contains an array of supported authz
+ * types, as advertised by the client. The array is sorted and
+ * does not contain any duplicates. */
+ unsigned char *tlsext_authz_client_types;
+ size_t tlsext_authz_client_types_len;
+ /* tlsext_authz_promised_to_client is true iff we're a server and we
+ * echoed the client's supplemental data extension and therefore must
+ * send a supplemental data handshake message. */
+ char tlsext_authz_promised_to_client;
+ /* tlsext_authz_server_promised is true iff we're a client and the
+ * server echoed our server_authz extension and therefore must send us
+ * a supplemental data handshake message. */
+ char tlsext_authz_server_promised;
+#endif