diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-23 05:13:03 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-23 05:13:03 +0000 |
| commit | 2692fd43b878348a5f6225cbb6361d5d6879c18d (patch) | |
| tree | 8e3aac7b46b586f3173eedf014060c122581fbc9 /lib/libssl/ssl_locl.h | |
| parent | ec2365b793161ecaedcf9eef3df8ac22a0f59401 (diff) | |
Move most of the fields in SSL_CTX to internal - the ones that remain are
known to be in use.
ok beck@
Diffstat (limited to 'lib/libssl/ssl_locl.h')
| -rw-r--r-- | lib/libssl/ssl_locl.h | 58 |
1 files changed, 57 insertions, 1 deletions
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 60bb5597e87..83ffb1103f1 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.155 2017/01/23 04:55:27 beck Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.156 2017/01/23 05:13:02 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -451,6 +451,21 @@ typedef struct ssl_ctx_internal_st { int (*tlsext_status_cb)(SSL *ssl, void *arg); void *tlsext_status_arg; + struct lhash_st_SSL_SESSION *sessions; + + /* Most session-ids that will be cached, default is + * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ + unsigned long session_cache_size; + struct ssl_session_st *session_cache_head; + struct ssl_session_st *session_cache_tail; + + /* This can have one of 2 values, ored together, + * SSL_SESS_CACHE_CLIENT, + * SSL_SESS_CACHE_SERVER, + * Default is SSL_SESSION_CACHE_SERVER, which means only + * SSL_accept which cache SSL_SESSIONS. */ + int session_cache_mode; + struct { int sess_connect; /* SSL new conn - started */ int sess_connect_renegotiate;/* SSL reneg - requested */ @@ -470,6 +485,47 @@ typedef struct ssl_ctx_internal_st { * processes - spooky :-) */ } stats; + CRYPTO_EX_DATA ex_data; + + /* same cipher_list but sorted for lookup */ + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + + struct cert_st /* CERT */ *cert; + + const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ + const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3-sha1' */ + + /* Default values used when no per-SSL value is defined follow */ + + /* what we put in client cert requests */ + STACK_OF(X509_NAME) *client_CA; + + long max_cert_list; + + int read_ahead; + + int quiet_shutdown; + + /* Maximum amount of data to send in one fragment. + * actual record size can be more than this due to + * padding and MAC overheads. + */ + unsigned int max_send_fragment; + +#ifndef OPENSSL_NO_ENGINE + /* Engine to pass requests for client certs to + */ + ENGINE *client_cert_engine; +#endif + + /* RFC 4507 session ticket keys */ + unsigned char tlsext_tick_key_name[16]; + unsigned char tlsext_tick_hmac_key[16]; + unsigned char tlsext_tick_aes_key[16]; + + /* SRTP profiles we are willing to do from RFC 5764 */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; + /* Next protocol negotiation information */ /* (for experimental NPN extension). */ |