struct ssl_connect_data *connssl = cf->ctx;
struct gtls_ssl_backend_data *backend =
(struct gtls_ssl_backend_data *)connssl->backend;
- CURLcode result = CURLE_OK;
- *do_early_data = FALSE;
connssl->earlydata_max =
gnutls_record_get_max_early_data_size(backend->gtls.session);
- if((!connssl->earlydata_max || connssl->earlydata_max == 0xFFFFFFFFUL)) {
- /* Seems to be no GnuTLS way to signal no EarlyData in session */
- CURL_TRC_CF(data, cf, "SSL session does not allow earlydata");
- }
- else if(!Curl_alpn_contains_proto(alpns, scs->alpn)) {
- CURL_TRC_CF(data, cf, "SSL session has different ALPN, no early data");
- }
- else {
- infof(data, "SSL session allows %zu bytes of early data, "
- "reusing ALPN '%s'", connssl->earlydata_max, scs->alpn);
- connssl->earlydata_state = ssl_earlydata_await;
- connssl->state = ssl_connection_deferred;
- result = Curl_alpn_set_negotiated(cf, data, connssl,
- (const unsigned char *)scs->alpn,
- scs->alpn ? strlen(scs->alpn) : 0);
- *do_early_data = !result;
- }
- return result;
+
+ /* Seems to be no GnuTLS way to signal no EarlyData in session */
+ return Curl_on_session_reuse(cf, data, alpns, scs, do_early_data,
+ connssl->earlydata_max &&
+ connssl->earlydata_max != 0xFFFFFFFFUL);
}
#endif
bool *do_early_data)
{
struct ssl_connect_data *connssl = cf->ctx;
- CURLcode result = CURLE_OK;
- *do_early_data = FALSE;
connssl->earlydata_max = scs->earlydata_max;
- if(!connssl->earlydata_max) {
- CURL_TRC_CF(data, cf, "SSL session does not allow earlydata");
- }
- else if(!Curl_alpn_contains_proto(alpns, scs->alpn)) {
- CURL_TRC_CF(data, cf, "SSL session has different ALPN, no early data");
- }
- else {
- infof(data, "SSL session allows %zu bytes of early data, "
- "reusing ALPN '%s'", connssl->earlydata_max, scs->alpn);
- connssl->earlydata_state = ssl_earlydata_await;
- connssl->state = ssl_connection_deferred;
- result = Curl_alpn_set_negotiated(cf, data, connssl,
- (const unsigned char *)scs->alpn,
- scs->alpn ? strlen(scs->alpn) : 0);
- *do_early_data = !result;
- }
- return result;
+
+ return Curl_on_session_reuse(cf, data, alpns, scs, do_early_data,
+ connssl->earlydata_max);
}
void Curl_ossl_report_handshake(struct Curl_easy *data, struct ossl_ctx *octx)
return result;
}
+CURLcode Curl_on_session_reuse(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct alpn_spec *alpns,
+ struct Curl_ssl_session *scs,
+ bool *do_early_data, bool early_data_allowed)
+{
+ struct ssl_connect_data *connssl = cf->ctx;
+ CURLcode result = CURLE_OK;
+
+ *do_early_data = FALSE;
+
+ if(!early_data_allowed) {
+ CURL_TRC_CF(data, cf, "SSL session does not allow earlydata");
+ }
+ else if(!Curl_alpn_contains_proto(alpns, scs->alpn)) {
+ CURL_TRC_CF(data, cf, "SSL session has different ALPN, no early data");
+ }
+ else {
+ infof(data, "SSL session allows %zu bytes of early data, "
+ "reusing ALPN '%s'", connssl->earlydata_max, scs->alpn);
+ connssl->earlydata_state = ssl_earlydata_await;
+ connssl->state = ssl_connection_deferred;
+ result = Curl_alpn_set_negotiated(cf, data, connssl,
+ (const unsigned char *)scs->alpn,
+ scs->alpn ? strlen(scs->alpn) : 0);
+ *do_early_data = !result;
+ }
+ return result;
+}
+
#endif /* USE_SSL */
struct Curl_ssl;
struct ssl_connect_data;
+struct Curl_ssl_session;
/* see https://www.iana.org/assignments/tls-extensiontype-values/ */
#define ALPN_HTTP_1_1_LENGTH 8
*/
bool Curl_ssl_cf_is_proxy(struct Curl_cfilter *cf);
+CURLcode Curl_on_session_reuse(struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct alpn_spec *alpns,
+ struct Curl_ssl_session *scs,
+ bool *do_early_data, bool early_data_allowed);
#endif /* USE_SSL */
#endif /* HEADER_CURL_VTLS_INT_H */
bool *do_early_data)
{
struct ssl_connect_data *connssl = cf->ctx;
+#ifdef WOLFSSL_EARLY_DATA
struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
- CURLcode result = CURLE_OK;
- *do_early_data = FALSE;
-#ifdef WOLFSSL_EARLY_DATA
connssl->earlydata_max = wolfSSL_SESSION_get_max_early_data(
wolfSSL_get_session(wssl->ssl));
#else
- (void)wssl;
connssl->earlydata_max = 0;
#endif
- if(!connssl->earlydata_max) {
- /* Seems to be no WolfSSL way to signal no EarlyData in session */
- CURL_TRC_CF(data, cf, "SSL session does not allow earlydata");
- }
- else if(!Curl_alpn_contains_proto(alpns, scs->alpn)) {
- CURL_TRC_CF(data, cf, "SSL session has different ALPN, no early data");
- }
- else {
- infof(data, "SSL session allows %zu bytes of early data, "
- "reusing ALPN '%s'", connssl->earlydata_max, scs->alpn);
- connssl->earlydata_state = ssl_earlydata_await;
- connssl->state = ssl_connection_deferred;
- result = Curl_alpn_set_negotiated(cf, data, connssl,
- (const unsigned char *)scs->alpn,
- scs->alpn ? strlen(scs->alpn) : 0);
- *do_early_data = !result;
- }
- return result;
+ /* Seems to be no wolfSSL way to signal no EarlyData in session */
+ return Curl_on_session_reuse(cf, data, alpns, scs, do_early_data,
+ connssl->earlydata_max);
}
static CURLcode
projects / thirdparty / curl.git / commitdiff
