#define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
(SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
+typedef struct {
+ unsigned short ext_type;
+ /* Per-connection flags relating to this extension type: not used
+ * if part of an SSL_CTX structure.
+ */
+ unsigned short ext_flags;
+ custom_ext_add_cb add_cb;
+ custom_ext_free_cb free_cb;
+ void *add_arg;
+ custom_ext_parse_cb parse_cb;
+ void *parse_arg;
+} custom_ext_method;
+
+/* ext_flags values */
+
+/* Indicates an extension has been received.
+ * Used to check for unsolicited or duplicate extensions.
+ */
+#define SSL_EXT_FLAG_RECEIVED 0x1
+/* Indicates an extension has been sent: used to
+ * enable sending of corresponding ServerHello extension.
+ */
+#define SSL_EXT_FLAG_SENT 0x2
+
+typedef struct {
+ custom_ext_method *meths;
+ size_t meths_count;
+} custom_ext_methods;
+
typedef struct cert_st
{
/* Current active set */
unsigned char *ciphers_raw;
size_t ciphers_rawlen;
+ /* Custom extension methods for server and client */
+ custom_ext_methods cli_ext;
+ custom_ext_methods srv_ext;
+
int references; /* >1 only if SSL_copy_session_id is used */
} CERT;
int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
int *al);
long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls1_process_sigalgs(SSL *s);
size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,
const unsigned char *sig, EVP_PKEY *pkey);
int srp_verify_server_param(SSL *s, int *al);
+/* t1_ext.c */
+
+void custom_ext_init(custom_ext_methods *meths);
+
+int custom_ext_parse(SSL *s, int server,
+ unsigned int ext_type,
+ const unsigned char *ext_data,
+ size_t ext_size,
+ int *al);
+int custom_ext_add(SSL *s, int server,
+ unsigned char **pret,
+ unsigned char *limit,
+ int *al);
+
+int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src);
+void custom_exts_free(custom_ext_methods *exts);
+
#else
#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer