Adding NewSessionTicket.
We will now send tickets as a server and accept them as a
client. Correctly offering and resuming them in the handshake will be
implemented in a follow-up.
Now that we're actually processing draft 14 tickets, bump the draft
version.
Change-Id: I304320a29c4ffe564fa9c00642a4ace96ff8d871
Reviewed-on: https://boringssl-review.googlesource.com/8982
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0ec3b58..90db2ca 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -572,7 +572,7 @@
#define DTLS1_VERSION 0xfeff
#define DTLS1_2_VERSION 0xfefd
-#define TLS1_3_DRAFT_VERSION 13
+#define TLS1_3_DRAFT_VERSION 14
/* SSL_CTX_set_min_version sets the minimum protocol version for |ctx| to
* |version|. */
@@ -3702,7 +3702,10 @@
uint8_t original_handshake_hash[EVP_MAX_MD_SIZE];
unsigned original_handshake_hash_len;
- uint32_t tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
+ uint32_t ticket_lifetime_hint; /* Session lifetime hint in seconds */
+
+ uint32_t ticket_flags;
+ uint32_t ticket_age_add;
/* extended_master_secret is true if the master secret in this session was
* generated using EMS and thus isn't vulnerable to the Triple Handshake
@@ -3714,6 +3717,9 @@
/* not_resumable is used to indicate that session resumption is disallowed. */
unsigned not_resumable:1;
+
+ /* ticket_age_add_valid is non-zero if |ticket_age_add| is valid. */
+ unsigned ticket_age_add_valid:1;
};
/* ssl_cipher_preference_list_st contains a list of SSL_CIPHERs with
