TLS ECH compliance fixes

This commit is contained in:
sebastian-carpenter
2026-03-25 12:04:42 -06:00
parent 5151a695bc
commit 61ba5378fe
9 changed files with 1323 additions and 252 deletions
+6 -2
View File
@@ -960,7 +960,7 @@ typedef struct WOLFSSL_ALERT_HISTORY {
/* Valid Alert types from page 16/17
* Add alert string to the function AlertTypeToString in src/ssl.c
* Add alert string to the function AlertTypeToString in src/internal.c
*/
enum AlertDescription {
invalid_alert = -1,
@@ -998,7 +998,8 @@ enum AlertDescription {
bad_certificate_status_response = 113, /**< RFC 6066, section 8 */
unknown_psk_identity = 115, /**< RFC 4279, section 2 */
certificate_required = 116, /**< RFC 8446, section 8.2 */
no_application_protocol = 120
no_application_protocol = 120,
ech_required = 121 /**< RFC 9849, section 5 */
};
#ifdef WOLFSSL_MYSQL_COMPATIBLE
@@ -1251,6 +1252,9 @@ WOLFSSL_API int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs,
WOLFSSL_API int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* echConfigs,
word32* echConfigsLen);
WOLFSSL_API int wolfSSL_GetEchRetryConfigs(WOLFSSL* ssl, byte* echConfigs,
word32* echConfigsLen);
WOLFSSL_API void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable);
#endif /* WOLFSSL_TLS13 && HAVE_ECH */