diff options
| author | Michael Brown | 2017-07-04 13:51:29 +0200 |
|---|---|---|
| committer | Michael Brown | 2017-07-04 20:54:34 +0200 |
| commit | 1e4a3f5babdf46c8c47b6bbaf8c197b4c94d6964 (patch) | |
| tree | d334aa9be9fcde475ce91db4ccca97ccf0095e48 /src/include | |
| parent | [mucurses] Avoid potential division by zero (diff) | |
| download | ipxe-1e4a3f5babdf46c8c47b6bbaf8c197b4c94d6964.tar.gz ipxe-1e4a3f5babdf46c8c47b6bbaf8c197b4c94d6964.tar.xz ipxe-1e4a3f5babdf46c8c47b6bbaf8c197b4c94d6964.zip | |
[tls] Support RFC5746 secure renegotiation
Support renegotiation with servers supporting RFC5746. This allows
for the use of per-directory client certificates.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ipxe/tls.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index 7d982c32..7345fbee 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -108,6 +108,17 @@ struct tls_header { /* TLS signature algorithms extension */ #define TLS_SIGNATURE_ALGORITHMS 13 +/* TLS renegotiation information extension */ +#define TLS_RENEGOTIATION_INFO 0xff01 + +/** TLS verification data */ +struct tls_verify_data { + /** Client verification data */ + uint8_t client[12]; + /** Server verification data */ + uint8_t server[12]; +} __attribute__ (( packed )); + /** TLS RX state machine state */ enum tls_rx_state { TLS_RX_HEADER = 0, @@ -271,6 +282,10 @@ struct tls_session { uint8_t *handshake_ctx; /** Client certificate (if used) */ struct x509_certificate *cert; + /** Secure renegotiation flag */ + int secure_renegotiation; + /** Verification data */ + struct tls_verify_data verify; /** Server certificate chain */ struct x509_chain *chain; |