summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_locl.h
diff options
context:
space:
mode:
authorjsing <>2017-08-12 21:03:08 +0000
committerjsing <>2017-08-12 21:03:08 +0000
commitc648197458d45db4f93561e9497fac0532e6d0bc (patch)
tree942d907ed1f094ec2a23893a790715396a4d7e4f /src/lib/libssl/ssl_locl.h
parentbe646f37c6508ed75a22ff21af60f2496b432c9d (diff)
downloadopenbsd-c648197458d45db4f93561e9497fac0532e6d0bc.tar.gz
openbsd-c648197458d45db4f93561e9497fac0532e6d0bc.tar.bz2
openbsd-c648197458d45db4f93561e9497fac0532e6d0bc.zip
Remove NPN support.
NPN was never standardised and the last draft expired in October 2012. ALPN was standardised in July 2014 and has been supported in LibreSSL since December 2014. NPN has also been removed from Chromium in May 2016. TLS clients and servers that try to use/enable NPN will fail gracefully and fallback to the default protocol, since it will essentially appear that the otherside does not support NPN. At some point in the future we will actually remove the NPN related symbols entirely. ok bcook@ beck@ doug@
Diffstat (limited to 'src/lib/libssl/ssl_locl.h')
-rw-r--r--src/lib/libssl/ssl_locl.h43
1 files changed, 4 insertions, 39 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 6f9be12fa7..914501213c 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.188 2017/08/12 02:55:22 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.189 2017/08/12 21:03:08 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -575,24 +575,8 @@ typedef struct ssl_ctx_internal_st {
575 /* SRTP profiles we are willing to do from RFC 5764 */ 575 /* SRTP profiles we are willing to do from RFC 5764 */
576 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; 576 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
577 577
578 /* Next protocol negotiation information */
579 /* (for experimental NPN extension). */
580
581 /* For a server, this contains a callback function by which the set of
582 * advertised protocols can be provided. */
583 int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
584 unsigned int *len, void *arg);
585 void *next_protos_advertised_cb_arg;
586 /* For a client, this contains a callback function that selects the
587 * next protocol from the list provided by the server. */
588 int (*next_proto_select_cb)(SSL *s, unsigned char **out,
589 unsigned char *outlen, const unsigned char *in,
590 unsigned int inlen, void *arg);
591 void *next_proto_select_cb_arg;
592
593 /* 578 /*
594 * ALPN information 579 * ALPN information.
595 * (we are in the process of transitioning from NPN to ALPN).
596 */ 580 */
597 581
598 /* 582 /*
@@ -627,16 +611,6 @@ typedef struct ssl_internal_st {
627 unsigned long options; /* protocol behaviour */ 611 unsigned long options; /* protocol behaviour */
628 unsigned long mode; /* API behaviour */ 612 unsigned long mode; /* API behaviour */
629 613
630 /* Next protocol negotiation. For the client, this is the protocol that
631 * we sent in NextProtocol and is set when handling ServerHello
632 * extensions.
633 *
634 * For a server, this is the client's selected_protocol from
635 * NextProtocol and is set when handling the NextProtocol message,
636 * before the Finished message. */
637 unsigned char *next_proto_negotiated;
638 unsigned char next_proto_negotiated_len;
639
640 /* Client list of supported protocols in wire format. */ 614 /* Client list of supported protocols in wire format. */
641 unsigned char *alpn_client_proto_list; 615 unsigned char *alpn_client_proto_list;
642 unsigned int alpn_client_proto_list_len; 616 unsigned int alpn_client_proto_list_len;
@@ -881,16 +855,9 @@ typedef struct ssl3_state_internal_st {
881 /* Set if we saw a Renegotiation Indication extension from our peer. */ 855 /* Set if we saw a Renegotiation Indication extension from our peer. */
882 int renegotiate_seen; 856 int renegotiate_seen;
883 857
884 /* Set if we saw the Next Protocol Negotiation extension from our peer.
885 */
886 int next_proto_neg_seen;
887
888 /*
889 * ALPN information
890 * (we are in the process of transitioning from NPN to ALPN).
891 */
892
893 /* 858 /*
859 * ALPN information.
860 *
894 * In a server these point to the selected ALPN protocol after the 861 * In a server these point to the selected ALPN protocol after the
895 * ClientHello has been processed. In a client these contain the 862 * ClientHello has been processed. In a client these contain the
896 * protocol that the server selected once the ServerHello has been 863 * protocol that the server selected once the ServerHello has been
@@ -1245,7 +1212,6 @@ int ssl3_get_server_key_exchange(SSL *s);
1245int ssl3_get_server_certificate(SSL *s); 1212int ssl3_get_server_certificate(SSL *s);
1246int ssl3_check_cert_and_algorithm(SSL *s); 1213int ssl3_check_cert_and_algorithm(SSL *s);
1247int ssl3_check_finished(SSL *s); 1214int ssl3_check_finished(SSL *s);
1248int ssl3_send_next_proto(SSL *s);
1249 1215
1250/* some server-only functions */ 1216/* some server-only functions */
1251int ssl3_get_client_hello(SSL *s); 1217int ssl3_get_client_hello(SSL *s);
@@ -1257,7 +1223,6 @@ int ssl3_send_server_done(SSL *s);
1257int ssl3_get_client_certificate(SSL *s); 1223int ssl3_get_client_certificate(SSL *s);
1258int ssl3_get_client_key_exchange(SSL *s); 1224int ssl3_get_client_key_exchange(SSL *s);
1259int ssl3_get_cert_verify(SSL *s); 1225int ssl3_get_cert_verify(SSL *s);
1260int ssl3_get_next_proto(SSL *s);
1261 1226
1262int ssl23_accept(SSL *s); 1227int ssl23_accept(SSL *s);
1263int ssl23_connect(SSL *s); 1228int ssl23_connect(SSL *s);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 18:59:12 +0000