OpenSSL: better handling of $tls_{in,out}_certificate_verified under resumption

[exim.git] / src / src / globals.h

diff --git a/src/src/globals.h b/src/src/globals.h
index a0c1977a2bdec9500fab9433b60b45e7943e9326..e98ff7fe1d69c99a90aaa7752fbaee263b75d8b5 100644 (file)
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -103,6 +103,12 @@ typedef struct {
     OCSP_FAILED,               /* verify failed */
     OCSP_VFIED                 /* verified */
     }     ocsp;                      /* Stapled OCSP status */
+#ifdef EXPERIMENTAL_TLS_RESUME
+  unsigned resumption;         /* Session resumption */
+  BOOL   host_resumable:1;
+  BOOL   ticket_received:1;
+#endif
+  BOOL   verify_override:1;    /* certificate_verified only due to tls_try_verify_hosts */
 } tls_support;
 extern tls_support tls_in;
 extern tls_support tls_out;
@@ -124,6 +130,9 @@ extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
 extern uschar *tls_privatekey;         /* Private key file */
 extern BOOL    tls_remember_esmtp;     /* For YAEB */
 extern uschar *tls_require_ciphers;    /* So some can be avoided */
+# ifdef EXPERIMENTAL_TLS_RESUME
+extern uschar *tls_resumption_hosts;   /* TLS session resumption */
+# endif
 extern uschar *tls_try_verify_hosts;   /* Optional client verification */
 extern uschar *tls_verify_certificates;/* Path for certificates to check */
 extern uschar *tls_verify_hosts;       /* Mandatory client verification */