From c6a1477b0092762299491d79b3a8cb094c6456da Mon Sep 17 00:00:00 2001
From: marha <marha@users.sourceforge.net>
Date: Fri, 27 Jan 2012 20:31:28 +0100
Subject: update to openssl 1.0.0g

---
 openssl/ssl/ssl3.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'openssl/ssl/ssl3.h')

diff --git a/openssl/ssl/ssl3.h b/openssl/ssl/ssl3.h
index baaa89e71..9c2c41287 100644
--- a/openssl/ssl/ssl3.h
+++ b/openssl/ssl/ssl3.h
@@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_POP_BUFFER			0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
+ 
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+ * from restarting the handshake in a loop. It's reset on a
+ * renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS
+ * attack where the client handshakes in a loop using SGC to
+ * restart. Servers which permit renegotiation can still be
+ * effected, but we can't prevent that.
+ */
+#define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
 
 typedef struct ssl3_state_st
 	{
-- 
cgit v1.2.3