1 files changed, 57 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 60bb5597e8..83ffb1103f 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.155 2017/01/23 04:55:27 beck Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.156 2017/01/23 05:13:02 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -451,6 +451,21 @@ typedef struct ssl_ctx_internal_st {
        int (*tlsext_status_cb)(SSL *ssl, void *arg);
        void *tlsext_status_arg;
+        struct lhash_st_SSL_SESSION *sessions;
+        /* Most session-ids that will be cached, default is
+         * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
+        unsigned long session_cache_size;
+        struct ssl_session_st *session_cache_head;
+        struct ssl_session_st *session_cache_tail;
+        /* This can have one of 2 values, ored together,
+         * SSL_SESS_CACHE_CLIENT,
+         * SSL_SESS_CACHE_SERVER,
+         * Default is SSL_SESSION_CACHE_SERVER, which means only
+         * SSL_accept which cache SSL_SESSIONS. */
+        int session_cache_mode;
        struct {
                int sess_connect;       /* SSL new conn - started */
                int sess_connect_renegotiate;/* SSL reneg - requested */
@@ -470,6 +485,47 @@ typedef struct ssl_ctx_internal_st {
                                         * processes - spooky :-) */
        } stats;
+        CRYPTO_EX_DATA ex_data;
+        /* same cipher_list but sorted for lookup */
+        STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+        struct cert_st /* CERT */ *cert;
+        const EVP_MD *md5;      /* For SSLv3/TLSv1 'ssl3-md5' */
+        const EVP_MD *sha1;     /* For SSLv3/TLSv1 'ssl3-sha1' */
+        /* Default values used when no per-SSL value is defined follow */
+        /* what we put in client cert requests */
+        STACK_OF(X509_NAME) *client_CA;
+        long max_cert_list;
+        int read_ahead;
+        int quiet_shutdown;
+        /* Maximum amount of data to send in one fragment.
+         * actual record size can be more than this due to
+         * padding and MAC overheads.
+         */
+        unsigned int max_send_fragment;
+#ifndef OPENSSL_NO_ENGINE
+        /* Engine to pass requests for client certs to
+         */
+        ENGINE *client_cert_engine;
+#endif
+        /* RFC 4507 session ticket keys */
+        unsigned char tlsext_tick_key_name[16];
+        unsigned char tlsext_tick_hmac_key[16];
+        unsigned char tlsext_tick_aes_key[16];
+        /* SRTP profiles we are willing to do from RFC 5764 */
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
        /* Next protocol negotiation information */
        /* (for experimental NPN extension). */

diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 60bb5597e8..83ffb1103f 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.155 2017/01/23 04:55:27 beck Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.156 2017/01/23 05:13:02 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -451,6 +451,21 @@ typedef struct ssl_ctx_internal_st {
451	int (tlsext_status_cb)(SSL ssl, void *arg);	451	int (tlsext_status_cb)(SSL ssl, void *arg);
452	void *tlsext_status_arg;	452	void *tlsext_status_arg;
453		453
		454	struct lhash_st_SSL_SESSION *sessions;
		455
		456	/* Most session-ids that will be cached, default is
		457	* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
		458	unsigned long session_cache_size;
		459	struct ssl_session_st *session_cache_head;
		460	struct ssl_session_st *session_cache_tail;
		461
		462	/* This can have one of 2 values, ored together,
		463	* SSL_SESS_CACHE_CLIENT,
		464	* SSL_SESS_CACHE_SERVER,
		465	* Default is SSL_SESSION_CACHE_SERVER, which means only
		466	* SSL_accept which cache SSL_SESSIONS. */
		467	int session_cache_mode;
		468
454	struct {	469	struct {
455	int sess_connect; /* SSL new conn - started */	470	int sess_connect; /* SSL new conn - started */
456	int sess_connect_renegotiate;/* SSL reneg - requested */	471	int sess_connect_renegotiate;/* SSL reneg - requested */
@@ -470,6 +485,47 @@ typedef struct ssl_ctx_internal_st {
470	* processes - spooky :-) */	485	* processes - spooky :-) */
471	} stats;	486	} stats;
472		487
		488	CRYPTO_EX_DATA ex_data;
		489
		490	/* same cipher_list but sorted for lookup */
		491	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
		492
		493	struct cert_st /* CERT / cert;
		494
		495	const EVP_MD md5; / For SSLv3/TLSv1 'ssl3-md5' */
		496	const EVP_MD sha1; / For SSLv3/TLSv1 'ssl3-sha1' */
		497
		498	/* Default values used when no per-SSL value is defined follow */
		499
		500	/* what we put in client cert requests */
		501	STACK_OF(X509_NAME) *client_CA;
		502
		503	long max_cert_list;
		504
		505	int read_ahead;
		506
		507	int quiet_shutdown;
		508
		509	/* Maximum amount of data to send in one fragment.
		510	* actual record size can be more than this due to
		511	* padding and MAC overheads.
		512	*/
		513	unsigned int max_send_fragment;
		514
		515	#ifndef OPENSSL_NO_ENGINE
		516	/* Engine to pass requests for client certs to
		517	*/
		518	ENGINE *client_cert_engine;
		519	#endif
		520
		521	/* RFC 4507 session ticket keys */
		522	unsigned char tlsext_tick_key_name[16];
		523	unsigned char tlsext_tick_hmac_key[16];
		524	unsigned char tlsext_tick_aes_key[16];
		525
		526	/* SRTP profiles we are willing to do from RFC 5764 */
		527	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
		528
473	/* Next protocol negotiation information */	529	/* Next protocol negotiation information */
474	/* (for experimental NPN extension). */	530	/* (for experimental NPN extension). */
475		531