Mitigate client-initiated SSL renegotiation DoS

author: Daniel Lowrey <rdlowrey@php.net> 2014-02-20 16:26:55 -0700
committer: Daniel Lowrey <rdlowrey@php.net> 2014-02-21 06:31:56 -0700
commit: b6edbd5897bfa18d6a8ae9a9662efa34abfba39e (patch)
tree: 3de7eeafdc6edb5524f1ed8c6867f57bc21163b8 /ext/openssl/php_openssl_structs.h
parent: dcf27a1f6f205a22ecff1e537de6b13b0f1187ad (diff)
download: php-git-b6edbd5897bfa18d6a8ae9a9662efa34abfba39e.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/openssl/php_openssl_structs.h b/ext/openssl/php_openssl_structs.h
index 13f8f320f8..562c756cd3 100644
--- a/ext/openssl/php_openssl_structs.h
+++ b/ext/openssl/php_openssl_structs.h
@@ -22,6 +22,14 @@
 #include "php_network.h"
 #include <openssl/ssl.h>
 
+typedef struct _php_openssl_handshake_bucket_t {
+	long prev_handshake;
+	long limit;
+	long window;
+	float tokens;
+	unsigned should_close;
+} php_openssl_handshake_bucket_t;
+
 /* This implementation is very closely tied to the that of the native
  * sockets implemented in the core.
  * Don't try this technique in other extensions!
@@ -36,6 +44,7 @@ typedef struct _php_openssl_netstream_data_t {
 	int is_client;
 	int ssl_active;
 	php_stream_xport_crypt_method_t method;
+	php_openssl_handshake_bucket_t *reneg;
 	char *url_name;
 	unsigned state_set:1;
 	unsigned _spare:31;
author	Daniel Lowrey <rdlowrey@php.net>	2014-02-20 16:26:55 -0700
committer	Daniel Lowrey <rdlowrey@php.net>	2014-02-21 06:31:56 -0700
commit	b6edbd5897bfa18d6a8ae9a9662efa34abfba39e (patch)
tree	3de7eeafdc6edb5524f1ed8c6867f57bc21163b8 /ext/openssl/php_openssl_structs.h
parent	dcf27a1f6f205a22ecff1e537de6b13b0f1187ad (diff)
download	php-git-b6edbd5897bfa18d6a8ae9a9662efa34abfba39e.tar.gz