]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_ssl/lib/sslContext.h
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-58286.20.16.tar.gz
[apple/security.git] / OSX / libsecurity_ssl / lib / sslContext.h
diff --git a/OSX/libsecurity_ssl/lib/sslContext.h b/OSX/libsecurity_ssl/lib/sslContext.h
index 10579dc6bd0f3bf808ef9901ae9e3cd6ab858fcb..82f5ffc7939290ada8f1ace29d440646ffed8b3d 100644 (file)
--- a/OSX/libsecurity_ssl/lib/sslContext.h
+++ b/OSX/libsecurity_ssl/lib/sslContext.h
@@ -34,6 +34,7 @@
 #include <tls_handshake.h>
 #include <tls_record.h>
 #include <tls_stream_parser.h>
 #include <tls_handshake.h>
 #include <tls_record.h>
 #include <tls_stream_parser.h>
+#include <tls_cache.h>
 
 #ifdef USE_CDSA_CRYPTO
 #include <Security/cssmtype.h>
 
 #ifdef USE_CDSA_CRYPTO
 #include <Security/cssmtype.h>
@@ -75,8 +76,8 @@ typedef enum
     SSL_HdskStateReady,                 /* Handshake is done */
     SSL_HdskStateGracefulClose,
     SSL_HdskStateErrorClose,
     SSL_HdskStateReady,                 /* Handshake is done */
     SSL_HdskStateGracefulClose,
     SSL_HdskStateErrorClose,
-    SSL_HdskStateNoNotifyClose,                        /* server disconnected with no
-                                         *   notify msg */
+    SSL_HdskStateNoNotifyClose,                        /* Server disconnected with no notify msg */
+    SSL_HdskStateOutOfBandError,        /* The caller encountered an error with out-of-band message processing */
 } SSLHandshakeState;
 
 #define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
 } SSLHandshakeState;
 
 #define SSLChangeHdskState(ctx, newState) { ctx->state=newState; }
@@ -86,16 +87,16 @@ struct SSLContext
        CFRuntimeBase           _base;
     IOContext           ioCtx;
 
        CFRuntimeBase           _base;
     IOContext           ioCtx;
 
-
     const struct SSLRecordFuncs *recFuncs;
     SSLRecordContextRef recCtx;
 
     tls_handshake_t hdsk;
     const struct SSLRecordFuncs *recFuncs;
     SSLRecordContextRef recCtx;
 
     tls_handshake_t hdsk;
-
+    tls_cache_t cache;
     int readCipher_ready;
     int writeCipher_ready;
 
     SSLHandshakeState   state;
     int readCipher_ready;
     int writeCipher_ready;
 
     SSLHandshakeState   state;
+    OSStatus outOfBandError;
 
        /* 
         * Prior to successful protocol negotiation, negProtocolVersion
 
        /* 
         * Prior to successful protocol negotiation, negProtocolVersion
@@ -123,20 +124,9 @@ struct SSLContext
 
     uint16_t            selectedCipher;                /* currently selected */
 
 
     uint16_t            selectedCipher;                /* currently selected */
 
-
-    tls_private_key_t   signingPrivKeyRef;  /* our private key */
-
-
     /* Server DH Parameters */
     SSLBuffer                  dhParamsEncoded;        /* PKCS3 encoded blob - prime + generator */
 
     /* Server DH Parameters */
     SSLBuffer                  dhParamsEncoded;        /* PKCS3 encoded blob - prime + generator */
 
-    /*
-        * Local and Peer cert chains.
-        * For both, the root is the last in the chain.
-        */
-    SSLCertificate      *localCert;
-    CFArrayRef          peerCert;
-
        /*
         * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
         * We keep them here, refcounted, solely for the associated getter.
        /*
         * The arrays we are given via SSLSetCertificate() and SSLSetEncryptionCertificate().
         * We keep them here, refcounted, solely for the associated getter.
@@ -150,10 +140,12 @@ struct SSLContext
     CFMutableArrayRef   trustedCerts;
     Boolean             trustedCertsOnly;
 
     CFMutableArrayRef   trustedCerts;
     Boolean             trustedCertsOnly;
 
+#if !TARGET_OS_IPHONE
     /*
      * trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
      */
     CFArrayRef                 trustedLeafCerts;
     /*
      * trusted leaf certs as specified in SSLSetTrustedLeafCertificates()
      */
     CFArrayRef                 trustedLeafCerts;
+#endif
 
        Boolean                                 allowExpiredCerts;
        Boolean                                 allowExpiredRoots;
 
        Boolean                                 allowExpiredCerts;
        Boolean                                 allowExpiredRoots;
@@ -163,14 +155,11 @@ struct SSLContext
     SSLBuffer                  peerID;
     SSLBuffer                  resumableSession;       /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */
 
     SSLBuffer                  peerID;
     SSLBuffer                  resumableSession;       /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */
 
-
-
     uint16_t            *ecdhCurves;
     unsigned            ecdhNumCurves;
 
        /* server-side only */
     SSLAuthenticate            clientAuth;                             /* kNeverAuthenticate, etc. */
     uint16_t            *ecdhCurves;
     unsigned            ecdhNumCurves;
 
        /* server-side only */
     SSLAuthenticate            clientAuth;                             /* kNeverAuthenticate, etc. */
-    //Boolean                          tryClientAuth;
 
        /* client and server */
        SSLClientCertificateState       clientCertState;
 
        /* client and server */
        SSLClientCertificateState       clientCertState;
@@ -220,6 +209,12 @@ struct SSLContext
     Boolean             signalCertRequest;
     Boolean             signalClientAuth;
     Boolean             breakOnClientHello;
     Boolean             signalCertRequest;
     Boolean             signalClientAuth;
     Boolean             breakOnClientHello;
+    Boolean             allowServerIdentityChange;
+    Boolean             allowRenegotiation;
+    Boolean             enableSessionTickets;
+
+    /* cached configuration buffer */
+    SSLBuffer           contextConfigurationBuffer;
 
     /* List of peer-specified supported_signature_algorithms */
        unsigned                                         numPeerSigAlgs;
 
     /* List of peer-specified supported_signature_algorithms */
        unsigned                                         numPeerSigAlgs;
@@ -229,9 +224,6 @@ struct SSLContext
        unsigned                                        numAuthTypes;
        const tls_client_auth_type *clientAuthTypes;
 
        unsigned                                        numAuthTypes;
        const tls_client_auth_type *clientAuthTypes;
 
-       /* client auth type actually negotiated */
-       tls_client_auth_type    negAuthType;
-
     /* Timeout for DTLS retransmit */
     CFAbsoluteTime      timeout_deadline;
     CFAbsoluteTime      timeout_duration;
     /* Timeout for DTLS retransmit */
     CFAbsoluteTime      timeout_deadline;
     CFAbsoluteTime      timeout_duration;
@@ -276,8 +268,10 @@ static inline bool sslVersionIsLikeTls12(SSLContext *ctx)
     return ctx->isDTLS ? ctx->negProtocolVersion > DTLS_Version_1_0 : ctx->negProtocolVersion >= TLS_Version_1_2;
 }
 
     return ctx->isDTLS ? ctx->negProtocolVersion > DTLS_Version_1_0 : ctx->negProtocolVersion >= TLS_Version_1_2;
 }
 
+OSStatus SSLGetSessionConfigurationIdentifier(SSLContext *ctx, SSLBuffer *buffer);
+
 /* This is implemented in tls_callbacks.c */
 /* This is implemented in tls_callbacks.c */
-    int sslGetSessionID(SSLContext *myCtx, SSLBuffer *sessionID);
+int sslGetSessionID(SSLContext *myCtx, SSLBuffer *sessionID);
 
 #ifdef __cplusplus
 }
 
 #ifdef __cplusplus
 }
mirror of Security