summaryrefslogtreecommitdiffstats
path: root/src/include/ipxe
diff options
context:
space:
mode:
authorMichael Brown2017-07-04 13:51:29 +0200
committerMichael Brown2017-07-04 20:54:34 +0200
commit1e4a3f5babdf46c8c47b6bbaf8c197b4c94d6964 (patch)
treed334aa9be9fcde475ce91db4ccca97ccf0095e48 /src/include/ipxe
parent[mucurses] Avoid potential division by zero (diff)
downloadipxe-1e4a3f5babdf46c8c47b6bbaf8c197b4c94d6964.tar.gz
ipxe-1e4a3f5babdf46c8c47b6bbaf8c197b4c94d6964.tar.xz
ipxe-1e4a3f5babdf46c8c47b6bbaf8c197b4c94d6964.zip
[tls] Support RFC5746 secure renegotiation
Support renegotiation with servers supporting RFC5746. This allows for the use of per-directory client certificates. Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe')
-rw-r--r--src/include/ipxe/tls.h15
1 files changed, 15 insertions, 0 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 7d982c32..7345fbee 100644
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -108,6 +108,17 @@ struct tls_header {
/* TLS signature algorithms extension */
#define TLS_SIGNATURE_ALGORITHMS 13
+/* TLS renegotiation information extension */
+#define TLS_RENEGOTIATION_INFO 0xff01
+
+/** TLS verification data */
+struct tls_verify_data {
+ /** Client verification data */
+ uint8_t client[12];
+ /** Server verification data */
+ uint8_t server[12];
+} __attribute__ (( packed ));
+
/** TLS RX state machine state */
enum tls_rx_state {
TLS_RX_HEADER = 0,
@@ -271,6 +282,10 @@ struct tls_session {
uint8_t *handshake_ctx;
/** Client certificate (if used) */
struct x509_certificate *cert;
+ /** Secure renegotiation flag */
+ int secure_renegotiation;
+ /** Verification data */
+ struct tls_verify_data verify;
/** Server certificate chain */
struct x509_chain *chain;