TLS: Session resumption, under the EXPERIMENTAL_TLS_RESUME build option.

[exim.git] / src / src / globals.h

diff --git a/src/src/globals.h b/src/src/globals.h
index 465266e1a5f3396667d5bc6652c9d6e69c5dda49..1aacaf7e64aed97ca9f4f37b1db999bcfaf8c5e0 100644 (file)
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -88,6 +88,8 @@ typedef struct {
   int     tlsa_usage;         /* TLSA record(s) usage */
 #endif
   uschar *cipher;             /* Cipher used */
+  const uschar *cipher_stdname; /* Cipher used, RFC version */
+  
   BOOL    on_connect;         /* For older MTAs that don't STARTTLS */
   uschar *on_connect_ports;   /* Ports always tls-on-connect */
   void   *ourcert;            /* Certificate we presented, binary */
@@ -101,6 +103,11 @@ typedef struct {
     OCSP_FAILED,               /* verify failed */
     OCSP_VFIED                 /* verified */
     }     ocsp;                      /* Stapled OCSP status */
+#ifdef EXPERIMENTAL_TLS_RESUME
+  unsigned resumption;         /* Session resumption */
+  BOOL   host_resumable:1;
+  BOOL   ticket_received:1;
+#endif
 } tls_support;
 extern tls_support tls_in;
 extern tls_support tls_out;
@@ -120,13 +127,11 @@ extern uschar *tls_eccurve;            /* EC curve */
 extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
 # endif
 extern uschar *tls_privatekey;         /* Private key file */
-# ifdef EXPERIMENTAL_REQUIRETLS
-extern uschar  tls_requiretls;         /* REQUIRETLS active for this message */
-extern uschar *tls_advertise_requiretls; /* hosts for which REQUIRETLS adv */
-extern const pcre *regex_REQUIRETLS;   /* for recognising the command */
-# endif
 extern BOOL    tls_remember_esmtp;     /* For YAEB */
 extern uschar *tls_require_ciphers;    /* So some can be avoided */
+# ifdef EXPERIMENTAL_TLS_RESUME
+extern uschar *tls_resumption_hosts;   /* TLS session resumption */
+# endif
 extern uschar *tls_try_verify_hosts;   /* Optional client verification */
 extern uschar *tls_verify_certificates;/* Path for certificates to check */
 extern uschar *tls_verify_hosts;       /* Mandatory client verification */
@@ -251,6 +256,11 @@ extern struct global_flags {
  BOOL   sender_name_forced             :1; /* Set by -F */
  BOOL   sender_set_untrusted           :1; /* Sender set by untrusted caller */
  BOOL   smtp_authenticated             :1; /* Sending client has authenticated */
+#ifdef EXPERIMENTAL_PIPE_CONNECT
+ BOOL   smtp_in_early_pipe_advertised  :1; /* server advertised PIPE_CONNECT */
+ BOOL  smtp_in_early_pipe_no_auth      :1; /* too many authenticator names */
+ BOOL   smtp_in_early_pipe_used                :1; /* client did send early data */
+#endif
  BOOL   smtp_in_pipelining_advertised  :1; /* server advertised PIPELINING */
  BOOL   smtp_in_pipelining_used                :1; /* server noted client using PIPELINING */
  BOOL   spool_file_wireformat          :1; /* current -D file has CRLF rather than NL */
@@ -262,6 +272,7 @@ extern struct global_flags {
 
  BOOL   tcp_fastopen_ok                        :1; /* appears to be supported by kernel */
  BOOL   tcp_in_fastopen                        :1; /* conn usefully used fastopen */
+ BOOL   tcp_in_fastopen_data           :1; /* fastopen carried data */
  BOOL   tcp_in_fastopen_logged         :1; /* one-time logging */
  BOOL   tcp_out_fastopen_logged                :1; /* one-time logging */
  BOOL   timestamps_utc                 :1; /* Use UTC for all times */
@@ -484,7 +495,7 @@ extern BOOL    disable_fsync;          /* Not for normal use */
 extern BOOL    disable_ipv6;           /* Don't do any IPv6 things */
 
 #ifndef DISABLE_DKIM
-extern unsigned dkim_collect_input;    /* Runtime count of dkim signtures; tracks wether SMTP input is fed to DKIM validation */
+extern unsigned dkim_collect_input;    /* Runtime count of dkim signtures; tracks whether SMTP input is fed to DKIM validation */
 extern uschar *dkim_cur_signer;        /* Expansion variable, holds the current "signer" domain or identity during a acl_smtp_dkim run */
 extern int     dkim_key_length;        /* Expansion variable, length of signing key in bits */
 extern void   *dkim_signatures;               /* Actually a (pdkim_signature *) but most files do not need to know */
@@ -734,6 +745,9 @@ extern uschar *override_pid_file_path; /* Value of -oP argument */
 
 extern uschar *percent_hack_domains;   /* Local domains for which '% operates */
 extern uschar *pid_file_path;          /* For writing daemon pids */
+#ifdef EXPERIMENTAL_PIPE_CONNECT
+extern uschar *pipe_connect_advertise_hosts; /* for banner/EHLO pipelining */
+#endif
 extern uschar *pipelining_advertise_hosts; /* As it says */
 #ifndef DISABLE_PRDR
 extern BOOL    prdr_enable;            /* As it says */
@@ -813,6 +827,9 @@ extern const pcre  *regex_CHUNKING;    /* For recognizing CHUNKING (RFC 3030) */
 extern const pcre  *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */
 extern const pcre  *regex_PIPELINING;  /* For recognizing PIPELINING */
 extern const pcre  *regex_SIZE;        /* For recognizing SIZE settings */
+#ifdef EXPERIMENTAL_PIPE_CONNECT
+extern const pcre  *regex_EARLY_PIPE;  /* For recognizing PIPE_CONNCT */
+#endif
 extern const pcre  *regex_ismsgid;     /* Compiled r.e. for message it */
 extern const pcre  *regex_smtp_code;   /* For recognizing SMTP codes */
 extern uschar *regex_vars[];           /* $regexN variables */
@@ -989,7 +1006,7 @@ extern BOOL    system_filter_uid_set;  /* TRUE if uid set */
 
 extern blob    tcp_fastopen_nodata;    /* for zero-data TFO connect requests */
 extern BOOL    tcp_nodelay;            /* Controls TCP_NODELAY on daemon */
-extern tfo_state_t tcp_out_fastopen;   /* 0: no  1: conn used  2: useful */
+extern tfo_state_t tcp_out_fastopen;   /* TCP fast open */
 #ifdef USE_TCP_WRAPPERS
 extern uschar *tcp_wrappers_daemon_name; /* tcpwrappers daemon lookup name */
 #endif