I'm contributing a patch which facilitates send and receive of custom TLS extensions and supplemental data from third party modules.
The patch attached to the bugzilla issue is completely additive, and only updates mod_ssl code: https://issues.apache.org/bugzilla/show_bug.cgi?id=55467 OpenSSL includes an API supporting send and receive of custom TLS extensions, which can be found in the 1.0.2 stable and master git branches. I've contributed a patch to OpenSSL which adds similar support for supplemental data, which will hopefully be incorporated soon. Updates to mod_ssl include: - Optional functions supporting registration of interest in specific TLS extensions or supplemental data types. Registering interest results in hook handlers being called. - Optional hooks supporting send and receive of the TLS extension data and supplemental data. - An optional hook notifying handlers of handshake completion. Renegotiation is initiated if the hook handler returns OK. If the hook handler returns DECLINED, renegotiation is not initiated. - An optional function allowing third party modules to initiate renegotiation at any time. I did implement an 'optional hook run first' capability directly in mod_ssl code, as it isn't currently available in APR. If it's preferable to have that change incorporated into APR and leveraged from this change, I'm happy to provide an APR patch and update this patch. Exposing support for send and receive of custom TLS extensions and supplemental data, as well as the ability to initiate renegotiation on handshake completion, allows me to implement RFC 5878 (TLS authorization extensions) completely in third-party module code. Any feedback is appreciated. Thanks much, Scott
