1 files changed, 22 insertions, 4 deletions

diff --git a/libs/libcurl/src/vtls/openssl.h b/libs/libcurl/src/vtls/openssl.h
index e662e23a8d..bd5aafba96 100644
--- a/libs/libcurl/src/vtls/openssl.h
+++ b/libs/libcurl/src/vtls/openssl.h
@@ -31,12 +31,27 @@
  * This header should only be needed to get included by vtls.c, openssl.c

  * and ngtcp2.c

  */

+#include <openssl/opensslv.h>

 #include <openssl/ossl_typ.h>

 #include <openssl/ssl.h>

 

 #include "urldata.h"

 

-/* Struct to hold a Curl OpenSSL instance */

+/*

+ * Whether SSL_CTX_set_keylog_callback is available.

+ * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287

+ * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)

+ * LibreSSL: not supported. 3.5.0+ has a stub function that does nothing.

+ */

+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \

+     !defined(LIBRESSL_VERSION_NUMBER)) || \

+    defined(OPENSSL_IS_BORINGSSL)

+#define HAVE_KEYLOG_CALLBACK

+#endif

+

+struct ssl_peer;

+

+/* Struct to hold a curl OpenSSL instance */

 struct ossl_ctx {

   /* these ones requires specific SSL-types */

   SSL_CTX* ssl_ctx;

@@ -53,6 +68,8 @@ struct ossl_ctx {
   BIT(reused_session);              /* session-ID was reused for this */

 };

 

+size_t Curl_ossl_version(char *buffer, size_t size);

+

 typedef CURLcode Curl_ossl_ctx_setup_cb(struct Curl_cfilter *cf,

                                         struct Curl_easy *data,

                                         void *user_data);

@@ -63,7 +80,6 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
                             struct Curl_cfilter *cf,

                             struct Curl_easy *data,

                             struct ssl_peer *peer,

-                            int transport, /* TCP or QUIC */

                             const unsigned char *alpn, size_t alpn_len,

                             Curl_ossl_ctx_setup_cb *cb_setup,

                             void *cb_user_data,

@@ -94,8 +110,10 @@ CURLcode Curl_ossl_ctx_configure(struct Curl_cfilter *cf,
  */

 CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf,

                                struct Curl_easy *data,

-                               const struct ssl_peer *peer,

-                               SSL_SESSION *ssl_sessionid);

+                               const char *ssl_peer_key,

+                               SSL_SESSION *ssl_sessionid,

+                               int ietf_tls_id,

+                               const char *alpn);

 

 /*

  * Get the server cert, verify it and show it, etc., only call failf() if