From b6edbd5897bfa18d6a8ae9a9662efa34abfba39e Mon Sep 17 00:00:00 2001
From: Daniel Lowrey <rdlowrey@php.net>
Date: Thu, 20 Feb 2014 16:26:55 -0700
Subject: Mitigate client-initiated SSL renegotiation DoS

---
 ext/openssl/php_openssl_structs.h | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'ext/openssl/php_openssl_structs.h')

diff --git a/ext/openssl/php_openssl_structs.h b/ext/openssl/php_openssl_structs.h
index 13f8f320f8..562c756cd3 100644
--- a/ext/openssl/php_openssl_structs.h
+++ b/ext/openssl/php_openssl_structs.h
@@ -22,6 +22,14 @@
 #include "php_network.h"
 #include <openssl/ssl.h>
 
+typedef struct _php_openssl_handshake_bucket_t {
+	long prev_handshake;
+	long limit;
+	long window;
+	float tokens;
+	unsigned should_close;
+} php_openssl_handshake_bucket_t;
+
 /* This implementation is very closely tied to the that of the native
  * sockets implemented in the core.
  * Don't try this technique in other extensions!
@@ -36,6 +44,7 @@ typedef struct _php_openssl_netstream_data_t {
 	int is_client;
 	int ssl_active;
 	php_stream_xport_crypt_method_t method;
+	php_openssl_handshake_bucket_t *reneg;
 	char *url_name;
 	unsigned state_set:1;
 	unsigned _spare:31;
-- 
cgit v1.2.1