1 files changed, 30 insertions, 15 deletions

diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h
index 217dbaf..2735e15 100644
--- a/src/include/openssl/ssl.h
+++ b/src/include/openssl/ssl.h
@@ -517,6 +517,10 @@ OPENSSL_EXPORT uint32_t SSL_get_mode(const SSL *ssl);
 OPENSSL_EXPORT int SSL_get_tls_unique(const SSL *ssl, uint8_t *out,
                                       size_t *out_len, size_t max_out);
 
+/* SSL_initial_handshake_complete returns one if the initial handshake has
+ * completed and zero otherwise. */
+OPENSSL_EXPORT int SSL_initial_handshake_complete(const SSL *ssl);
+
 
 /* Underdocumented functions.
  *
@@ -646,7 +650,12 @@ struct ssl_session_st {
    * disable session caching and tickets. */
   int not_resumable;
 
-  /* The cert is the certificate used to establish this connection */
+  /* The cert is the certificate used to establish this connection
+   *
+   * TODO(davidben): Remove this field. It is not serialized as part of the
+   * session, but some APIs access it. Certificate-related fields, where not
+   * redundant with |peer|, should be added to the session. Others should
+   * probably not be retained across resumptions. */
   struct sess_cert_st /* SESS_CERT */ *sess_cert;
 
   /* This is the cert for the other end. On clients, it will be the same as
@@ -1963,31 +1972,34 @@ OPENSSL_EXPORT int SSL_has_matching_session_id(const SSL *ssl,
 OPENSSL_EXPORT int SSL_SESSION_to_bytes(SSL_SESSION *in, uint8_t **out_data,
                                         size_t *out_len);
 
-/* SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the session ID
- * which is not necessary in a session ticket. */
+/* SSL_SESSION_to_bytes_for_ticket serializes |in|, but excludes the session
+ * identification information, namely the session ID and ticket. */
 OPENSSL_EXPORT int SSL_SESSION_to_bytes_for_ticket(SSL_SESSION *in,
                                                    uint8_t **out_data,
                                                    size_t *out_len);
 
+/* SSL_SESSION_from_bytes parses |in_len| bytes from |in| as an SSL_SESSION. It
+ * returns a newly-allocated |SSL_SESSION| on success or NULL on error. */
+OPENSSL_EXPORT SSL_SESSION *SSL_SESSION_from_bytes(const uint8_t *in,
+                                                   size_t in_len);
+
 /* Deprecated: i2d_SSL_SESSION serializes |in| to the bytes pointed to by
  * |*pp|. On success, it returns the number of bytes written and advances |*pp|
  * by that many bytes. On failure, it returns -1. If |pp| is NULL, no bytes are
  * written and only the length is returned.
  *
- * Use SSL_SESSION_to_bytes instead. */
+ * Use |SSL_SESSION_to_bytes| instead. */
 OPENSSL_EXPORT int i2d_SSL_SESSION(SSL_SESSION *in, uint8_t **pp);
 
-/* d2i_SSL_SESSION deserializes a serialized buffer contained in the |length|
- * bytes pointed to by |*pp|. It returns the new SSL_SESSION and advances |*pp|
- * by the number of bytes consumed on success and NULL on failure. If |a| is
- * NULL, the caller takes ownership of the new session and must call
- * |SSL_SESSION_free| when done.
+/* Deprecated: d2i_SSL_SESSION parses a serialized session from the |length|
+ * bytes pointed to by |*pp|. It returns the new |SSL_SESSION| and advances
+ * |*pp| by the number of bytes consumed on success and NULL on failure. The
+ * caller takes ownership of the new session and must call |SSL_SESSION_free|
+ * when done.
  *
- * If |a| and |*a| are not NULL, the SSL_SESSION at |*a| is overridden with the
- * deserialized session rather than allocating a new one. In addition, |a| is
- * not NULL, but |*a| is, |*a| is set to the new SSL_SESSION.
+ * If |a| is non-NULL, |*a| is released and set the new |SSL_SESSION|.
  *
- * Passing a value other than NULL to |a| is deprecated. */
+ * Use |SSL_SESSION_from_bytes| instead. */
 OPENSSL_EXPORT SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp,
                                             long length);
 
@@ -2621,8 +2633,8 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
 #define SSL_F_SSL_use_psk_identity_hint 147
 #define SSL_F_SSL_write 148
 #define SSL_F_d2i_SSL_SESSION 149
-#define SSL_F_d2i_SSL_SESSION_get_octet_string 150
-#define SSL_F_d2i_SSL_SESSION_get_string 151
+#define SSL_F_SSL_SESSION_parse_octet_string 150
+#define SSL_F_SSL_SESSION_parse_string 151
 #define SSL_F_do_ssl3_write 152
 #define SSL_F_dtls1_accept 153
 #define SSL_F_dtls1_buffer_record 154
@@ -2747,6 +2759,9 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
 #define SSL_F_SSL_AEAD_CTX_open 277
 #define SSL_F_SSL_AEAD_CTX_seal 278
 #define SSL_F_dtls1_seal_record 279
+#define SSL_F_SSL_SESSION_from_bytes 280
+#define SSL_F_SSL_SESSION_parse 281
+#define SSL_F_ssl3_check_certificate_for_cipher 282
 #define SSL_R_APP_DATA_IN_HANDSHAKE 100
 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101
 #define SSL_R_BAD_ALERT 102