Merged support for the ALPN extension

2014-04-08 14:37:12 +02:00 · 2014-04-08 14:37:12 +02:00 · 0763a401a7
commit 0763a401a7
parent 4224bc0a4f 27e36d342c
9 changed files with 517 additions and 1 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -860,6 +860,16 @@
 */
 #define POLARSSL_SSL_PROTO_TLS1_2

+/**
+ * \def POLARSSL_SSL_ALPN
+ *
+ * Enable support for Application Layer Protocol Negotiation.
+ * draft-ietf-tls-applayerprotoneg-05
+ *
+ * Comment this macro to disable support for ALPN.
+ */
+#define POLARSSL_SSL_ALPN
+
 /**
 * \def POLARSSL_SSL_SESSION_TICKETS
 *
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -320,6 +320,7 @@
 #define SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
 #define SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
 #define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
+#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */

 #define SSL_HS_HELLO_REQUEST            0
 #define SSL_HS_CLIENT_HELLO             1
@ -348,6 +349,8 @@

 #define TLS_EXT_SIG_ALG                     13

+#define TLS_EXT_ALPN                        16
+
 #define TLS_EXT_SESSION_TICKET              35

 #define TLS_EXT_RENEGOTIATION_INFO      0xFF01
@ -762,6 +765,14 @@ struct _ssl_context
    size_t         hostname_len;
 #endif

+#if defined(POLARSSL_SSL_ALPN)
+    /*
+     * ALPN extension
+     */
+    const char **alpn_list;     /*!<  ordered list of supported protocols   */
+    const char *alpn_chosen;    /*!<  negotiated protocol                   */
+#endif
+
    /*
     * Secure renegotiation
     */
@ -1232,6 +1243,30 @@ void ssl_set_sni( ssl_context *ssl,
                  void *p_sni );
 #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */

+#if defined(POLARSSL_SSL_ALPN)
+/**
+ * \brief          Set the supported Application Layer Protocols.
+ *
+ * \param ssl      SSL context
+ * \param protos   NULL-terminated list of supported protocols,
+ *                 in decreasing preference order.
+ *
+ * \return         0 on success, or POLARSSL_ERR_SSL_BAD_INPUT_DATA.
+ */
+int ssl_set_alpn_protocols( ssl_context *ssl, const char **protos );
+
+/**
+ * \brief          Get the name of the negotiated Application Layer Protocol.
+ *                 This function should be called after the handshake is
+ *                 completed.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Protcol name, or NULL if no protocol was negotiated.
+ */
+const char *ssl_get_alpn_protocol( const ssl_context *ssl );
+#endif /* POLARSSL_SSL_ALPN */
+
 /**
 * \brief          Set the maximum supported version sent from the client side
 *                 and/or accepted at the server side