Added TLS extension identifiers from RFC 3546

2010-09-06 10:54:11 +02:00 · 2010-09-06 10:54:11 +02:00 · 6cf85b35a4
parent 3255e489be
commit 6cf85b35a4
2 changed files with 34 additions and 9 deletions
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@ -44,23 +44,36 @@ ENUM_BEGIN(tls_handshake_type_names, TLS_HELLO_REQUEST, TLS_SERVER_HELLO,
 	"HelloRequest",
 	"ClientHello",
 	"ServerHello");
-ENUM_NEXT(tls_handshake_type_names, TLS_CERTIFICATE, TLS_CLIENT_KEY_EXCHANGE, TLS_SERVER_HELLO,
+ENUM_NEXT(tls_handshake_type_names,
+		TLS_CERTIFICATE, TLS_CLIENT_KEY_EXCHANGE, TLS_SERVER_HELLO,
 	"Certificate",
 	"ServerKeyExchange",
 	"CertificateRequest",
 	"ServerHelloDone",
 	"CertificateVerify",
 	"ClientKeyExchange");
-ENUM_NEXT(tls_handshake_type_names, TLS_FINISHED, TLS_FINISHED, TLS_CLIENT_KEY_EXCHANGE,
+ENUM_NEXT(tls_handshake_type_names,
+		TLS_FINISHED, TLS_FINISHED, TLS_CLIENT_KEY_EXCHANGE,
 	"Finished");
 ENUM_END(tls_handshake_type_names, TLS_FINISHED);

-ENUM(tls_extension_names, TLS_EXT_ELLIPTIC_CURVES, TLS_EXT_SIGNATURE_ALGORITHMS,
+ENUM_BEGIN(tls_extension_names, TLS_EXT_SERVER_NAME, TLS_EXT_STATUS_REQUEST,
+	"server name",
+	"max fragment length",
+	"client certificate url",
+	"trusted ca keys",
+	"truncated hmac",
+	"status request");
+ENUM_NEXT(tls_extension_names,
+		TLS_EXT_ELLIPTIC_CURVES, TLS_EXT_EC_POINT_FORMATS,
+		TLS_EXT_STATUS_REQUEST,
 	"elliptic curves",
-	"ec point formats",
-	"(12)",
-	"signature algorithms",
-);
+	"ec point formats");
+ENUM_NEXT(tls_extension_names,
+		TLS_EXT_SIGNATURE_ALGORITHMS, TLS_EXT_SIGNATURE_ALGORITHMS,
+		TLS_EXT_EC_POINT_FORMATS,
+	"signature algorithms");
+ENUM_END(tls_extension_names, TLS_EXT_SIGNATURE_ALGORITHMS);

 /**
 * TLS record
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@ -104,11 +104,23 @@ enum tls_purpose_t {
 * TLS Hello extension types.
 */
 enum tls_extension_t {
-	/** supported elliptic curves */
+	/** Server name the client wants to talk to */
+	TLS_EXT_SERVER_NAME = 0,
+	/** request a maximum fragment size */
+	TLS_EXT_MAX_FRAGMENT_LENGTH = 1,
+	/** indicate client certificate URL support */
+	TLS_EXT_CLIENT_CERTIFICATE_URL = 2,
+	/** list of CA the client trusts */
+	TLS_EXT_TRUSTED_CA_KEYS = 3,
+	/** request MAC truncation to 80-bit */
+	TLS_EXT_TRUNCATED_HMAC = 4,
+	/** list of OCSP responders the client trusts */
+	TLS_EXT_STATUS_REQUEST = 5,
+	/** list of supported elliptic curves */
 	TLS_EXT_ELLIPTIC_CURVES = 10,
 	/** supported point formats */
 	TLS_EXT_EC_POINT_FORMATS = 11,
-	/** supported signature algorithms */
+	/** list supported signature algorithms */
 	TLS_EXT_SIGNATURE_ALGORITHMS = 13,
 };