protocol-quic 0.0.0

data/ext/ngtcp2/examples/tls_server_context_picotls.h

@@ -0,0 +1,58 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2022 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_SERVER_CONTEXT_PICOTLS_H
+#define TLS_SERVER_CONTEXT_PICOTLS_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#include <picotls.h>
+#include <picotls/openssl.h>
+
+#include "shared.h"
+
+using namespace ngtcp2;
+
+class TLSServerContext {
+public:
+  TLSServerContext();
+  ~TLSServerContext();
+
+  int init(const char *private_key_file, const char *cert_file,
+           AppProtocol app_proto);
+
+  ptls_context_t *get_native_handle();
+
+  void enable_keylog();
+
+private:
+  int load_private_key(const char *private_key_file);
+
+  ptls_context_t ctx_;
+  ptls_openssl_sign_certificate_t sign_cert_;
+};
+
+#endif // TLS_SERVER_CONTEXT_PICOTLS_H

data/ext/ngtcp2/examples/tls_server_context_wolfssl.cc

@@ -0,0 +1,284 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "tls_server_context_wolfssl.h"
+
+#include <iostream>
+#include <fstream>
+#include <limits>
+
+#include <ngtcp2/ngtcp2_crypto_wolfssl.h>
+
+#include "server_base.h"
+#include "template.h"
+
+extern Config config;
+
+TLSServerContext::TLSServerContext() : ssl_ctx_{nullptr} {}
+
+TLSServerContext::~TLSServerContext() {
+  if (ssl_ctx_) {
+    wolfSSL_CTX_free(ssl_ctx_);
+  }
+}
+
+WOLFSSL_CTX *TLSServerContext::get_native_handle() const { return ssl_ctx_; }
+
+namespace {
+int alpn_select_proto_h3_cb(WOLFSSL *ssl, const unsigned char **out,
+                            unsigned char *outlen, const unsigned char *in,
+                            unsigned int inlen, void *arg) {
+  auto conn_ref =
+      static_cast<ngtcp2_crypto_conn_ref *>(wolfSSL_get_app_data(ssl));
+  auto h = static_cast<HandlerBase *>(conn_ref->user_data);
+  const uint8_t *alpn;
+  size_t alpnlen;
+  // This should be the negotiated version, but we have not set the
+  // negotiated version when this callback is called.
+  auto version = ngtcp2_conn_get_client_chosen_version(h->conn());
+
+  switch (version) {
+  case QUIC_VER_DRAFT29:
+    alpn = H3_ALPN_DRAFT29;
+    alpnlen = str_size(H3_ALPN_DRAFT29);
+    break;
+  case QUIC_VER_DRAFT30:
+    alpn = H3_ALPN_DRAFT30;
+    alpnlen = str_size(H3_ALPN_DRAFT30);
+    break;
+  case QUIC_VER_DRAFT31:
+    alpn = H3_ALPN_DRAFT31;
+    alpnlen = str_size(H3_ALPN_DRAFT31);
+    break;
+  case QUIC_VER_DRAFT32:
+    alpn = H3_ALPN_DRAFT32;
+    alpnlen = str_size(H3_ALPN_DRAFT32);
+    break;
+  case NGTCP2_PROTO_VER_V1:
+  case NGTCP2_PROTO_VER_V2:
+    alpn = H3_ALPN_V1;
+    alpnlen = str_size(H3_ALPN_V1);
+    break;
+  default:
+    if (!config.quiet) {
+      std::cerr << "Unexpected quic protocol version: " << std::hex << "0x"
+                << version << std::dec << std::endl;
+    }
+    return SSL_TLSEXT_ERR_ALERT_FATAL;
+  }
+
+  for (auto p = in, end = in + inlen; p + alpnlen <= end; p += *p + 1) {
+    if (std::equal(alpn, alpn + alpnlen, p)) {
+      *out = p + 1;
+      *outlen = *p;
+      return SSL_TLSEXT_ERR_OK;
+    }
+  }
+
+  if (!config.quiet) {
+    std::cerr << "Client did not present ALPN " << &alpn[1] << std::endl;
+  }
+
+  return SSL_TLSEXT_ERR_ALERT_FATAL;
+}
+} // namespace
+
+namespace {
+int alpn_select_proto_hq_cb(WOLFSSL *ssl, const unsigned char **out,
+                            unsigned char *outlen, const unsigned char *in,
+                            unsigned int inlen, void *arg) {
+  auto conn_ref =
+      static_cast<ngtcp2_crypto_conn_ref *>(wolfSSL_get_app_data(ssl));
+  auto h = static_cast<HandlerBase *>(conn_ref->user_data);
+  const uint8_t *alpn;
+  size_t alpnlen;
+  // This should be the negotiated version, but we have not set the
+  // negotiated version when this callback is called.
+  auto version = ngtcp2_conn_get_client_chosen_version(h->conn());
+
+  switch (version) {
+  case QUIC_VER_DRAFT29:
+    alpn = HQ_ALPN_DRAFT29;
+    alpnlen = str_size(HQ_ALPN_DRAFT29);
+    break;
+  case QUIC_VER_DRAFT30:
+    alpn = HQ_ALPN_DRAFT30;
+    alpnlen = str_size(HQ_ALPN_DRAFT30);
+    break;
+  case QUIC_VER_DRAFT31:
+    alpn = HQ_ALPN_DRAFT31;
+    alpnlen = str_size(HQ_ALPN_DRAFT31);
+    break;
+  case QUIC_VER_DRAFT32:
+    alpn = HQ_ALPN_DRAFT32;
+    alpnlen = str_size(HQ_ALPN_DRAFT32);
+    break;
+  case NGTCP2_PROTO_VER_V1:
+  case NGTCP2_PROTO_VER_V2:
+    alpn = HQ_ALPN_V1;
+    alpnlen = str_size(HQ_ALPN_V1);
+    break;
+  default:
+    if (!config.quiet) {
+      std::cerr << "Unexpected quic protocol version: " << std::hex << "0x"
+                << version << std::dec << std::endl;
+    }
+    return SSL_TLSEXT_ERR_ALERT_FATAL;
+  }
+
+  for (auto p = in, end = in + inlen; p + alpnlen <= end; p += *p + 1) {
+    if (std::equal(alpn, alpn + alpnlen, p)) {
+      *out = p + 1;
+      *outlen = *p;
+      return SSL_TLSEXT_ERR_OK;
+    }
+  }
+
+  if (!config.quiet) {
+    std::cerr << "Client did not present ALPN " << &alpn[1] << std::endl;
+  }
+
+  return SSL_TLSEXT_ERR_ALERT_FATAL;
+}
+} // namespace
+
+namespace {
+int verify_cb(int preverify_ok, X509_STORE_CTX *ctx) {
+  // We don't verify the client certificate.  Just request it for the
+  // testing purpose.
+  return 1;
+}
+} // namespace
+
+int TLSServerContext::init(const char *private_key_file, const char *cert_file,
+                           AppProtocol app_proto) {
+  constexpr static unsigned char sid_ctx[] = "ngtcp2 server";
+
+#if defined(DEBUG_WOLFSSL)
+  if (!config.quiet) {
+    /*wolfSSL_Debugging_ON();*/
+  }
+#endif
+
+  ssl_ctx_ = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
+  if (!ssl_ctx_) {
+    std::cerr << "wolfSSL_CTX_new: "
+              << wolfSSL_ERR_error_string(wolfSSL_ERR_get_error(), nullptr)
+              << std::endl;
+    return -1;
+  }
+
+  if (ngtcp2_crypto_wolfssl_configure_server_context(ssl_ctx_) != 0) {
+    std::cerr << "ngtcp2_crypto_wolfssl_configure_server_context failed"
+              << std::endl;
+    return -1;
+  }
+
+#ifdef WOLFSSL_EARLY_DATA
+  wolfSSL_CTX_set_max_early_data(ssl_ctx_, UINT32_MAX);
+#endif
+
+  constexpr auto ssl_opts =
+      (WOLFSSL_OP_ALL & ~WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
+      WOLFSSL_OP_SINGLE_ECDH_USE | WOLFSSL_OP_CIPHER_SERVER_PREFERENCE;
+
+  wolfSSL_CTX_set_options(ssl_ctx_, ssl_opts);
+
+  if (wolfSSL_CTX_set_cipher_list(ssl_ctx_, config.ciphers) != 1) {
+    std::cerr << "wolfSSL_CTX_set_cipher_list: "
+              << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
+    return -1;
+  }
+
+  if (wolfSSL_CTX_set1_curves_list(ssl_ctx_,
+                                   const_cast<char *>(config.groups)) != 1) {
+    std::cerr << "wolfSSL_CTX_set1_curves_list(" << config.groups << ") failed"
+              << std::endl;
+    return -1;
+  }
+
+  wolfSSL_CTX_set_mode(ssl_ctx_, SSL_MODE_RELEASE_BUFFERS);
+
+  switch (app_proto) {
+  case AppProtocol::H3:
+    wolfSSL_CTX_set_alpn_select_cb(ssl_ctx_, alpn_select_proto_h3_cb, nullptr);
+    break;
+  case AppProtocol::HQ:
+    wolfSSL_CTX_set_alpn_select_cb(ssl_ctx_, alpn_select_proto_hq_cb, nullptr);
+    break;
+  }
+
+  wolfSSL_CTX_set_default_verify_paths(ssl_ctx_);
+
+  if (wolfSSL_CTX_use_PrivateKey_file(ssl_ctx_, private_key_file,
+                                      SSL_FILETYPE_PEM) != 1) {
+    std::cerr << "wolfSSL_CTX_use_PrivateKey_file: "
+              << wolfSSL_ERR_error_string(wolfSSL_ERR_get_error(), nullptr)
+              << std::endl;
+    return -1;
+  }
+
+  if (wolfSSL_CTX_use_certificate_chain_file(ssl_ctx_, cert_file) != 1) {
+    std::cerr << "wolfSSL_CTX_use_certificate_chain_file: "
+              << wolfSSL_ERR_error_string(wolfSSL_ERR_get_error(), nullptr)
+              << std::endl;
+    return -1;
+  }
+
+  if (wolfSSL_CTX_check_private_key(ssl_ctx_) != 1) {
+    std::cerr << "wolfSSL_CTX_check_private_key: "
+              << wolfSSL_ERR_error_string(wolfSSL_ERR_get_error(), nullptr)
+              << std::endl;
+    return -1;
+  }
+
+  wolfSSL_CTX_set_session_id_context(ssl_ctx_, sid_ctx, sizeof(sid_ctx) - 1);
+
+  if (config.verify_client) {
+    wolfSSL_CTX_set_verify(ssl_ctx_,
+                           WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_CLIENT_ONCE |
+                               WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                           verify_cb);
+  }
+
+  return 0;
+}
+
+extern std::ofstream keylog_file;
+
+#ifdef HAVE_SECRET_CALLBACK
+namespace {
+void keylog_callback(const WOLFSSL *ssl, const char *line) {
+  keylog_file.write(line, strlen(line));
+  keylog_file.put('\n');
+  keylog_file.flush();
+}
+} // namespace
+#endif
+
+void TLSServerContext::enable_keylog() {
+#ifdef HAVE_SECRET_CALLBACK
+  wolfSSL_CTX_set_keylog_callback(ssl_ctx_, keylog_callback);
+#endif
+}

data/ext/ngtcp2/examples/tls_server_context_wolfssl.h

@@ -0,0 +1,55 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_SERVER_CONTEXT_WOLFSSL_H
+#define TLS_SERVER_CONTEXT_WOLFSSL_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+
+#include "shared.h"
+
+using namespace ngtcp2;
+
+class TLSServerContext {
+public:
+  TLSServerContext();
+  ~TLSServerContext();
+
+  int init(const char *private_key_file, const char *cert_file,
+           AppProtocol app_proto);
+
+  WOLFSSL_CTX *get_native_handle() const;
+
+  void enable_keylog();
+
+private:
+  WOLFSSL_CTX *ssl_ctx_;
+};
+
+#endif // TLS_SERVER_CONTEXT_WOLFSSL_H

data/ext/ngtcp2/examples/tls_server_session.h

@@ -0,0 +1,52 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2020 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_SERVER_SESSION_H
+#define TLS_SERVER_SESSION_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#if defined(ENABLE_EXAMPLE_OPENSSL) && defined(WITH_EXAMPLE_OPENSSL)
+#  include "tls_server_session_openssl.h"
+#endif // ENABLE_EXAMPLE_OPENSSL && WITH_EXAMPLE_OPENSSL
+
+#if defined(ENABLE_EXAMPLE_GNUTLS) && defined(WITH_EXAMPLE_GNUTLS)
+#  include "tls_server_session_gnutls.h"
+#endif // ENABLE_EXAMPLE_GNUTLS && WITH_EXAMPLE_GNUTLS
+
+#if defined(ENABLE_EXAMPLE_BORINGSSL) && defined(WITH_EXAMPLE_BORINGSSL)
+#  include "tls_server_session_boringssl.h"
+#endif // ENABLE_EXAMPLE_BORINGSSL && WITH_EXAMPLE_BORINGSSL
+
+#if defined(ENABLE_EXAMPLE_PICOTLS) && defined(WITH_EXAMPLE_PICOTLS)
+#  include "tls_server_session_picotls.h"
+#endif // ENABLE_EXAMPLE_PICOTLS && WITH_EXAMPLE_PICOTLS
+
+#if defined(ENABLE_EXAMPLE_WOLFSSL) && defined(WITH_EXAMPLE_WOLFSSL)
+#  include "tls_server_session_wolfssl.h"
+#endif // ENABLE_EXAMPLE_WOLFSSL && WITH_EXAMPLE_WOLFSSL
+
+#endif // TLS_SERVER_SESSION_H

data/ext/ngtcp2/examples/tls_server_session_boringssl.cc

@@ -0,0 +1,84 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2021 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "tls_server_session_boringssl.h"
+
+#include <cassert>
+#include <iostream>
+
+#include <ngtcp2/ngtcp2.h>
+
+#include "tls_server_context_boringssl.h"
+#include "server_base.h"
+
+extern Config config;
+
+TLSServerSession::TLSServerSession() {}
+
+TLSServerSession::~TLSServerSession() {}
+
+int TLSServerSession::init(const TLSServerContext &tls_ctx,
+                           HandlerBase *handler) {
+  auto ssl_ctx = tls_ctx.get_native_handle();
+
+  ssl_ = SSL_new(ssl_ctx);
+  if (!ssl_) {
+    std::cerr << "SSL_new: " << ERR_error_string(ERR_get_error(), nullptr)
+              << std::endl;
+    return -1;
+  }
+
+  SSL_set_app_data(ssl_, handler->conn_ref());
+  SSL_set_accept_state(ssl_);
+  SSL_set_early_data_enabled(ssl_, 1);
+  SSL_set_quic_use_legacy_codepoint(ssl_, 0);
+
+  std::array<uint8_t, 128> quic_early_data_ctx;
+  ngtcp2_transport_params params;
+  memset(&params, 0, sizeof(params));
+  params.initial_max_streams_bidi = config.max_streams_bidi;
+  params.initial_max_streams_uni = config.max_streams_uni;
+  params.initial_max_stream_data_bidi_local = config.max_stream_data_bidi_local;
+  params.initial_max_stream_data_bidi_remote =
+      config.max_stream_data_bidi_remote;
+  params.initial_max_stream_data_uni = config.max_stream_data_uni;
+  params.initial_max_data = config.max_data;
+
+  auto quic_early_data_ctxlen = ngtcp2_encode_transport_params(
+      quic_early_data_ctx.data(), quic_early_data_ctx.size(),
+      NGTCP2_TRANSPORT_PARAMS_TYPE_ENCRYPTED_EXTENSIONS, &params);
+  if (quic_early_data_ctxlen < 0) {
+    std::cerr << "ngtcp2_encode_transport_params: "
+              << ngtcp2_strerror(quic_early_data_ctxlen) << std::endl;
+    return -1;
+  }
+
+  if (SSL_set_quic_early_data_context(ssl_, quic_early_data_ctx.data(),
+                                      quic_early_data_ctxlen) != 1) {
+    std::cerr << "SSL_set_quic_early_data_context failed" << std::endl;
+    return -1;
+  }
+
+  return 0;
+}

data/ext/ngtcp2/examples/tls_server_session_boringssl.h

@@ -0,0 +1,47 @@
+/*
+ * ngtcp2
+ *
+ * Copyright (c) 2021 ngtcp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef TLS_SERVER_SESSION_BORINGSSL_H
+#define TLS_SERVER_SESSION_BORINGSSL_H
+
+#ifdef HAVE_CONFIG_H
+#  include <config.h>
+#endif // HAVE_CONFIG_H
+
+#include "tls_session_base_openssl.h"
+
+class TLSServerContext;
+class HandlerBase;
+
+class TLSServerSession : public TLSSessionBase {
+public:
+  TLSServerSession();
+  ~TLSServerSession();
+
+  int init(const TLSServerContext &tls_ctx, HandlerBase *handler);
+  // ticket is sent automatically.
+  int send_session_ticket() { return 0; }
+};
+
+#endif // TLS_SERVER_SESSION_BORINGSSL_H