TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 7e250d48128f8f9e9c094bec451170e55141d137^! / .
commit7e250d48128f8f9e9c094bec451170e55141d137[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Fri Apr 04 16:08:41 2014 +0200
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Fri Apr 04 17:10:40 2014 +0200
tree58b5313e8a33969c4c910134415f07438ee88e67
parent6c33a16dae186a28512ceaa042f2ff4c5302c536 [diff]
Add ALPN interface

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 83aa9a3..78102f0 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h

@@ -861,6 +861,19 @@
 #define POLARSSL_SSL_PROTO_TLS1_2
 
 /**
+ * \def POLARSSL_SSL_ALPN
+ *
+ * Enable support for Application Layer Protocol Negotiation.
+ * draft-ietf-tls-applayerprotoneg-05
+ *
+ * This is disabled by default in the 1.3.x line since it breaks ABI
+ * compatibility.
+ *
+ * Uncomment this macro to enable support for ALPN.
+ */
+#define POLARSSL_SSL_ALPN
+
+/**
  * \def POLARSSL_SSL_SESSION_TICKETS
  *
  * Enable support for RFC 5077 session tickets in SSL.

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index c1aff67..e4a8dc7 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -762,6 +762,14 @@
     size_t         hostname_len;
 #endif
 
+#if defined(POLARSSL_SSL_ALPN)
+    /*
+     * ALPN extension
+     */
+    const char **alpn_list;     /*!<  ordered list of supported protocols   */
+    const char *alpn_chosen;    /*!<  negotiated protocol                   */
+#endif
+
     /*
      * Secure renegotiation
      */
@@ -1232,6 +1240,28 @@
                   void *p_sni );
 #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
 
+#if defined(POLARSSL_SSL_ALPN)
+/**
+ * \brief          Set the supported Application Layer Protocols.
+ *
+ * \param ssl      SSL context
+ * \param protos   NULL-terminated list of supported protocols,
+ *                 in decreasing preference order.
+ */
+void ssl_set_alpn_protocols( ssl_context *ssl, const char **protos );
+
+/**
+ * \brief          Get the name of the negotiated Application Layer Protocol.
+ *                 This function should be called after the handshake is
+ *                 completed.
+ *
+ * \param ssl      SSL context
+ *
+ * \return         Protcol name, or NULL if no protocol was negotiated.
+ */
+const char *ssl_get_alpn_protocol( const ssl_context *ssl );
+#endif /* POLARSSL_SSL_ALPN */
+
 /**
  * \brief          Set the maximum supported version sent from the client side
  *                 and/or accepted at the server side

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 681b7c3..eb29371 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -3520,6 +3520,10 @@
         ssl->session = NULL;
     }
 
+#if defined(POLARSSL_SSL_ALPN)
+    ssl->alpn_chosen = NULL;
+#endif
+
     if( ( ret = ssl_handshake_init( ssl ) ) != 0 )
         return( ret );
 
@@ -3914,6 +3918,18 @@
 }
 #endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
 
+#if defined(POLARSSL_SSL_ALPN)
+void ssl_set_alpn_protocols( ssl_context *ssl, const char **protos )
+{
+    ssl->alpn_list = protos;
+}
+
+const char *ssl_get_alpn_protocol( const ssl_context *ssl )
+{
+    return ssl->alpn_chosen;
+}
+#endif /* POLARSSL_SSL_ALPN */
+
 void ssl_set_max_version( ssl_context *ssl, int major, int minor )
 {
     if( major >= SSL_MIN_MAJOR_VERSION && major <= SSL_MAX_MAJOR_VERSION &&