Add ssl_set_max_frag_len()
This commit is contained in:
parent
de9f9efc2e
commit
8b46459ae5
2 changed files with 60 additions and 0 deletions
|
@ -117,6 +117,13 @@
|
|||
#define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */
|
||||
#define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
|
||||
|
||||
/* RFC 6066 section 4 */
|
||||
#define SSL_MAX_FRAG_LEN_NONE 0 /*!< don't use this extension */
|
||||
#define SSL_MAX_FRAG_LEN_512 1 /*!< MaxFragmentLength 2^9 */
|
||||
#define SSL_MAX_FRAG_LEN_1024 2 /*!< MaxFragmentLength 2^10 */
|
||||
#define SSL_MAX_FRAG_LEN_2048 3 /*!< MaxFragmentLength 2^11 */
|
||||
#define SSL_MAX_FRAG_LEN_4096 4 /*!< MaxFragmentLength 2^12 */
|
||||
|
||||
#define SSL_IS_CLIENT 0
|
||||
#define SSL_IS_SERVER 1
|
||||
#define SSL_COMPRESS_NULL 0
|
||||
|
@ -498,6 +505,10 @@ struct _ssl_context
|
|||
size_t out_msglen; /*!< record header: message length */
|
||||
size_t out_left; /*!< amount of data not yet written */
|
||||
|
||||
/* Maximum fragment length extension (RFC 6066 section 4) */
|
||||
unsigned char mfl_code; /*!< numerical code for MaxFragmentLength */
|
||||
uint16_t max_frag_len; /*!< value of MaxFragmentLength */
|
||||
|
||||
/*
|
||||
* PKI layer
|
||||
*/
|
||||
|
@ -944,6 +955,23 @@ void ssl_set_max_version( ssl_context *ssl, int major, int minor );
|
|||
*/
|
||||
void ssl_set_min_version( ssl_context *ssl, int major, int minor );
|
||||
|
||||
/**
|
||||
* \brief Set the maximum fragment length to emit and/or negotiate
|
||||
* (Default: SSL_MAX_CONTENT_LEN, usually 2^14 bytes)
|
||||
* (Server: set maximum fragment length to emit,
|
||||
* usually negotiated by the client during handshake
|
||||
* (Client: set maximum fragment length to emit *and*
|
||||
* negotiate with the server during handshake)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param mfl Code for maximum fragment length (allowed values:
|
||||
* SSL_MAX_FRAG_LEN_512, SSL_MAX_FRAG_LEN_1024,
|
||||
* SSL_MAX_FRAG_LEN_2048, SSL_MAX_FRAG_LEN_4096)
|
||||
*
|
||||
* \return O if successful or POLARSSL_ERR_SSL_BAD_INPUT_DATA
|
||||
*/
|
||||
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code );
|
||||
|
||||
/**
|
||||
* \brief Enable / Disable renegotiation support for connection when
|
||||
* initiated by peer
|
||||
|
|
|
@ -2826,6 +2826,9 @@ int ssl_init( ssl_context *ssl )
|
|||
memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
|
||||
memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
|
||||
|
||||
ssl->mfl_code = SSL_MAX_FRAG_LEN_NONE;
|
||||
ssl->max_frag_len = SSL_MAX_CONTENT_LEN;
|
||||
|
||||
ssl->hostname = NULL;
|
||||
ssl->hostname_len = 0;
|
||||
|
||||
|
@ -3111,6 +3114,35 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor )
|
|||
ssl->min_minor_ver = minor;
|
||||
}
|
||||
|
||||
int ssl_set_max_frag_len( ssl_context *ssl, unsigned char mfl_code )
|
||||
{
|
||||
switch( mfl_code )
|
||||
{
|
||||
case SSL_MAX_FRAG_LEN_512:
|
||||
ssl->max_frag_len = 512;
|
||||
break;
|
||||
|
||||
case SSL_MAX_FRAG_LEN_1024:
|
||||
ssl->max_frag_len = 1024;
|
||||
break;
|
||||
|
||||
case SSL_MAX_FRAG_LEN_2048:
|
||||
ssl->max_frag_len = 2048;
|
||||
break;
|
||||
|
||||
case SSL_MAX_FRAG_LEN_4096:
|
||||
ssl->max_frag_len = 4096;
|
||||
break;
|
||||
|
||||
default:
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
ssl->mfl_code = mfl_code;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
void ssl_set_renegotiation( ssl_context *ssl, int renegotiation )
|
||||
{
|
||||
ssl->disable_renegotiation = renegotiation;
|
||||
|
|
Loading…
Reference in a new issue