{
TLSEXT_TYPE_early_data,
EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
- NULL, tls_parse_ctos_early_data, NULL, tls_construct_stoc_early_data,
- tls_construct_ctos_early_data, NULL
+ NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data,
+ tls_construct_stoc_early_data, tls_construct_ctos_early_data, NULL
},
#ifndef OPENSSL_NO_EC
{
return 0;
}
+ /*
+ * We set this to rejected here. Later, if the server acknowledges the
+ * extension, we set it to accepted.
+ */
+ s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+
return 1;
}
return 1;
}
+int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al)
+{
+ if (PACKET_remaining(pkt) != 0) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) {
+ /*
+ * If we get here then we didn't send early data, so the server should
+ * not be accepting it.
+ */
+ *al = SSL_AD_ILLEGAL_PARAMETER;
+ return 0;
+ }
+
+ s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
+
+ return 1;
+}
+
#ifndef OPENSSL_NO_EC
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al)
X509 *x, size_t chainidx, int *al);
int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al);
+int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
+ X509 *x, size_t chainidx, int *al);
#ifndef OPENSSL_NO_EC
int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
X509 *x, size_t chainidx, int *al);
projects / openssl / commitdiff