Move the extensions context codes into the public API

[oweals/openssl.git] / include / openssl / ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 5ebd9979eba4a56cd0e99bbaac87ab5fc10db2d0..8e2d934fdea21d306da5994c3bcc3581d72da03b 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -250,6 +250,29 @@ typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret,
                                          STACK_OF(SSL_CIPHER) *peer_ciphers,
                                          const SSL_CIPHER **cipher, void *arg);
 
+/* Extension context codes */
+/* This extension is only allowed in TLS */
+#define SSL_EXT_TLS_ONLY                        0x0001
+/* This extension is only allowed in DTLS */
+#define SSL_EXT_DTLS_ONLY                       0x0002
+/* Some extensions may be allowed in DTLS but we don't implement them for it */
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
+#define SSL_EXT_SSL3_ALLOWED                    0x0008
+/* Extension is only defined for TLS1.2 and above */
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+/* Extension is only defined for TLS1.3 and above */
+#define SSL_EXT_TLS1_3_ONLY                     0x0020
+#define SSL_EXT_CLIENT_HELLO                    0x0040
+/* Really means TLS1.2 or below */
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0080
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0100
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0200
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0400
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x0800
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x1000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x2000
+
 /* Typedefs for handling custom extensions */
 
 typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type,