|
|
@@ -130,6 +130,7 @@ |
|
|
|
* peerSignatureAlgorithm [23] INTEGER OPTIONAL, |
|
|
|
* ticketMaxEarlyData [24] INTEGER OPTIONAL, |
|
|
|
* authTimeout [25] INTEGER OPTIONAL, -- defaults to timeout |
|
|
|
* earlyALPN [26] OCTET STRING OPTIONAL, |
|
|
|
* } |
|
|
|
* |
|
|
|
* Note: historically this serialization has included other optional |
|
|
@@ -186,6 +187,8 @@ static const int kTicketMaxEarlyDataTag = |
|
|
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 24; |
|
|
|
static const int kAuthTimeoutTag = |
|
|
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 25; |
|
|
|
static const int kEarlyALPNTag = |
|
|
|
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 26; |
|
|
|
|
|
|
|
static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data, |
|
|
|
size_t *out_len, int for_ticket) { |
|
|
@@ -412,6 +415,16 @@ static int SSL_SESSION_to_bytes_full(const SSL_SESSION *in, uint8_t **out_data, |
|
|
|
goto err; |
|
|
|
} |
|
|
|
|
|
|
|
if (in->early_alpn) { |
|
|
|
if (!CBB_add_asn1(&session, &child, kEarlyALPNTag) || |
|
|
|
!CBB_add_asn1(&child, &child2, CBS_ASN1_OCTETSTRING) || |
|
|
|
!CBB_add_bytes(&child2, (const uint8_t *)in->early_alpn, |
|
|
|
in->early_alpn_len)) { |
|
|
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); |
|
|
|
goto err; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if (!CBB_finish(&cbb, out_data, out_len)) { |
|
|
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); |
|
|
|
goto err; |
|
|
@@ -800,6 +813,8 @@ SSL_SESSION *SSL_SESSION_parse(CBS *cbs, const SSL_X509_METHOD *x509_method, |
|
|
|
kTicketMaxEarlyDataTag, 0) || |
|
|
|
!SSL_SESSION_parse_long(&session, &ret->auth_timeout, kAuthTimeoutTag, |
|
|
|
ret->timeout) || |
|
|
|
!SSL_SESSION_parse_octet_string(&session, &ret->early_alpn, |
|
|
|
&ret->early_alpn_len, kEarlyALPNTag) || |
|
|
|
CBS_len(&session) != 0) { |
|
|
|
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION); |
|
|
|
goto err; |
|
|
|