--- google_boringssl/ssl/internal.h 2021-02-03 18:29:04.000000000 -0800 +++ boringssl/ssl/internal.h 2021-02-03 20:24:49.000000000 -0800 @@ -138,6 +138,25 @@ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR * OTHERWISE. */ +/* ==================================================================== + * Copyright 2020 Apple Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the “Software”), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom + * the Software is furnished to do so, subject to the following conditions: + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ #ifndef OPENSSL_HEADER_SSL_INTERNAL_H #define OPENSSL_HEADER_SSL_INTERNAL_H @@ -1279,6 +1298,8 @@ // configured. bool ssl_has_certificate(const SSL_HANDSHAKE *hs); +bool ssl_has_raw_public_key_certificate(const SSL_HANDSHAKE *hs); + // ssl_parse_cert_chain parses a certificate list from |cbs| in the format used // by a TLS Certificate message. On success, it advances |cbs| and returns // true. Otherwise, it returns false and sets |*out_alert| to an alert to send @@ -1687,6 +1708,8 @@ // |cert_compression_negotiated| is true. uint16_t cert_compression_alg_id; + uint8_t server_certificate_type; + // ech_hpke_ctx is the HPKE context used in ECH. On the server, it is // initialized if |ech_status| is |ssl_ech_accepted|. On the client, it is // initialized if |selected_ech_config| is not nullptr. @@ -1817,6 +1840,8 @@ // cert_compression_negotiated is true iff |cert_compression_alg_id| is valid. bool cert_compression_negotiated : 1; + bool server_certificate_type_negotiated : 1; + // apply_jdk11_workaround is true if the peer is probably a JDK 11 client // which implemented TLS 1.3 incorrectly. bool apply_jdk11_workaround : 1; @@ -2731,6 +2756,9 @@ // along with their corresponding ALPS values. GrowableArray alps_configs; + Array server_certificate_type_list; + Array server_raw_public_key_certificate; + // Contains the QUIC transport params that this endpoint will send. Array quic_transport_params; @@ -3306,6 +3334,9 @@ // format. bssl::Array alpn_client_proto_list; + bssl::Array server_certificate_type_list; + bssl::Array server_raw_public_key_certificate; + // SRTP profiles we are willing to do from RFC 5764 bssl::UniquePtr srtp_profiles;