1 files changed, 51 insertions, 0 deletions

diff --git a/libs/libcurl/src/vtls/openssl.h b/libs/libcurl/src/vtls/openssl.h
index df36a831b1..f46fbf3722 100644
--- a/libs/libcurl/src/vtls/openssl.h
+++ b/libs/libcurl/src/vtls/openssl.h
@@ -36,6 +36,39 @@
 

 #include "urldata.h"

 

+/* Struct to hold a Curl OpenSSL instance */

+struct ossl_ctx {

+  /* these ones requires specific SSL-types */

+  SSL_CTX* ssl_ctx;

+  SSL*     ssl;

+  X509*    server_cert;

+  BIO_METHOD *bio_method;

+  CURLcode io_result;       /* result of last BIO cfilter operation */

+#ifndef HAVE_KEYLOG_CALLBACK

+  /* Set to true once a valid keylog entry has been created to avoid dupes. */

+  BIT(keylog_done);

+#endif

+  BIT(x509_store_setup);            /* x509 store has been set up */

+  BIT(reused_session);              /* session-ID was reused for this */

+};

+

+typedef CURLcode Curl_ossl_ctx_setup_cb(struct Curl_cfilter *cf,

+                                        struct Curl_easy *data,

+                                        void *user_data);

+

+typedef int Curl_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid);

+

+CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,

+                            struct Curl_cfilter *cf,

+                            struct Curl_easy *data,

+                            struct ssl_peer *peer,

+                            int transport, /* TCP or QUIC */

+                            const unsigned char *alpn, size_t alpn_len,

+                            Curl_ossl_ctx_setup_cb *cb_setup,

+                            void *cb_user_data,

+                            Curl_ossl_new_session_cb *cb_new_session,

+                            void *ssl_user_data);

+

 #if (OPENSSL_VERSION_NUMBER < 0x30000000L)

 #define SSL_get1_peer_certificate SSL_get_peer_certificate

 #endif

@@ -66,5 +99,23 @@ CURLcode Curl_ossl_ctx_configure(struct Curl_cfilter *cf,
                                  struct Curl_easy *data,

                                  SSL_CTX *ssl_ctx);

 

+/*

+ * Add a new session to the cache. Takes ownership of the session.

+ */

+CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf,

+                               struct Curl_easy *data,

+                               const struct ssl_peer *peer,

+                               SSL_SESSION *ssl_sessionid);

+

+/*

+ * Get the server cert, verify it and show it, etc., only call failf() if

+ * ssl config verifypeer or -host is set. Otherwise all this is for

+ * informational purposes only!

+ */

+CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf,

+                                  struct Curl_easy *data,

+                                  struct ossl_ctx *octx,

+                                  struct ssl_peer *peer);

+

 #endif /* USE_OPENSSL */

 #endif /* HEADER_CURL_SSLUSE_H */