Google Git
Sign in
pigweed/third_party/github/h2o/picotls/712e355db6fd2b1a63a98b48f5abde491776ea61^!/./lib
commit
712e355db6fd2b1a63a98b48f5abde491776ea61
[log]
author
Kazuho Oku <kazuhooku@gmail.com>
Mon Feb 20 12:44:08 2017 +0900
committer
Kazuho Oku <kazuhooku@gmail.com>
Mon Feb 20 12:45:07 2017 +0900
tree
fa396bc048f336c6418659f84916e315c66ac4de
parent
bdc45891ea18d88580c0150ee0b20410faa35250 [diff]
add `staple_ocsp` hook

diff --git a/lib/picotls.c b/lib/picotls.c
index 274b2d9..74ad098 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c

@@ -56,6 +56,7 @@
 #define PTLS_HANDSHAKE_HEADER_SIZE 4
 
 #define PTLS_EXTENSION_TYPE_SERVER_NAME 0
+#define PTLS_EXTENSION_TYPE_STATUS_REQUEST 5
 #define PTLS_EXTENSION_TYPE_SUPPORTED_GROUPS 10
 #define PTLS_EXTENSION_TYPE_SIGNATURE_ALGORITHMS 13
 #define PTLS_EXTENSION_TYPE_ALPN 16
@@ -222,6 +223,7 @@
         unsigned ke_modes;
         int early_data_indication;
     } psk;
+    unsigned status_request : 1;
 };
 
 struct st_ptls_server_hello_t {
@@ -1704,6 +1706,9 @@
         case PTLS_EXTENSION_TYPE_EARLY_DATA:
             ch->psk.early_data_indication = 1;
             break;
+        case PTLS_EXTENSION_TYPE_STATUS_REQUEST:
+            ch->status_request = 1;
+            break;
         default:
             break;
         }
@@ -2035,7 +2040,21 @@
                         ptls_buffer_push_block(sendbuf, 3, {
                             ptls_buffer_pushv(sendbuf, tls->ctx->certificates.list[i].base, tls->ctx->certificates.list[i].len);
                         });
-                        ptls_buffer_push_block(sendbuf, 2, {}); /* extensions */
+                        ptls_buffer_push_block(sendbuf, 2, {
+                            /* emit OCSP stapling only when requested and when the callback successfully returns one */
+                            if (ch.status_request && i == 0 && tls->ctx->staple_ocsp != NULL) {
+                                size_t reset_off_to = sendbuf->off;
+                                buffer_push_extension(sendbuf, PTLS_EXTENSION_TYPE_STATUS_REQUEST, {
+                                    ptls_buffer_push(sendbuf, 1); /* status_type == ocsp */
+                                    ptls_buffer_push_block(sendbuf, 3, {
+                                        if ((ret = tls->ctx->staple_ocsp->cb(tls->ctx->staple_ocsp, tls, sendbuf, i)) == 0)
+                                            reset_off_to = 0;
+                                    });
+                                });
+                                if (reset_off_to != 0)
+                                    sendbuf->off = reset_off_to;
+                            }
+                        });
                     }
                 });
             });