| OLD | NEW |
| 1 /* | 1 /* |
| 2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 * in which case the provisions of the GPL or the LGPL are applicable instead | 29 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 30 * of those above. If you wish to allow use of your version of this file only | 30 * of those above. If you wish to allow use of your version of this file only |
| 31 * under the terms of either the GPL or the LGPL, and not to allow others to | 31 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 32 * use your version of this file under the terms of the MPL, indicate your | 32 * use your version of this file under the terms of the MPL, indicate your |
| 33 * decision by deleting the provisions above and replace them with the notice | 33 * decision by deleting the provisions above and replace them with the notice |
| 34 * and other provisions required by the GPL or the LGPL. If you do not delete | 34 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 35 * the provisions above, a recipient may use your version of this file under | 35 * the provisions above, a recipient may use your version of this file under |
| 36 * the terms of any one of the MPL, the GPL or the LGPL. | 36 * the terms of any one of the MPL, the GPL or the LGPL. |
| 37 * | 37 * |
| 38 * ***** END LICENSE BLOCK ***** */ | 38 * ***** END LICENSE BLOCK ***** */ |
| 39 /* $Id: ssl.h,v 1.36 2010/02/10 18:07:21 wtc%google.com Exp $ */ | 39 /* $Id: ssl.h,v 1.38 2010/02/17 02:29:07 wtc%google.com Exp $ */ |
| 40 | 40 |
| 41 #ifndef __ssl_h_ | 41 #ifndef __ssl_h_ |
| 42 #define __ssl_h_ | 42 #define __ssl_h_ |
| 43 | 43 |
| 44 #include "prtypes.h" | 44 #include "prtypes.h" |
| 45 #include "prerror.h" | 45 #include "prerror.h" |
| 46 #include "prio.h" | 46 #include "prio.h" |
| 47 #include "seccomon.h" | 47 #include "seccomon.h" |
| 48 #include "cert.h" | 48 #include "cert.h" |
| 49 #include "keyt.h" | 49 #include "keyt.h" |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 116 /* if step-down keys are needed. */ | 116 /* if step-down keys are needed. */ |
| 117 /* default: off, generate */ | 117 /* default: off, generate */ |
| 118 /* step-down keys if needed. */ | 118 /* step-down keys if needed. */ |
| 119 #define SSL_BYPASS_PKCS11 16 /* use PKCS#11 for pub key only */ | 119 #define SSL_BYPASS_PKCS11 16 /* use PKCS#11 for pub key only */ |
| 120 #define SSL_NO_LOCKS 17 /* Don't use locks for protection */ | 120 #define SSL_NO_LOCKS 17 /* Don't use locks for protection */ |
| 121 #define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */ | 121 #define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */ |
| 122 /* extension (off by default) */ | 122 /* extension (off by default) */ |
| 123 #define SSL_ENABLE_DEFLATE 19 /* Enable TLS compression with */ | 123 #define SSL_ENABLE_DEFLATE 19 /* Enable TLS compression with */ |
| 124 /* DEFLATE (off by default) */ | 124 /* DEFLATE (off by default) */ |
| 125 #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */ | 125 #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */ |
| 126 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signalling */ | 126 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling */ |
| 127 /* Cipher Suite Value (SCSV) or */ | 127 /* Cipher Suite Value (SCSV) or */ |
| 128 /* Renegotiation Info (RI) */ | 128 /* Renegotiation Info (RI) */ |
| 129 /* extension in ALL handshakes. */ | 129 /* extension in ALL handshakes. */ |
| 130 /* default: off */ | 130 /* default: off */ |
| 131 #define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ | 131 #define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ |
| 132 /* default, applies only to */ | 132 /* default, applies only to */ |
| 133 /* clients). False start is a */ | 133 /* clients). False start is a */ |
| 134 /* mode where an SSL client will start sending application data before */ | 134 /* mode where an SSL client will start sending application data before */ |
| 135 /* verifying the server's Finished message. This means that we could end up */ | 135 /* verifying the server's Finished message. This means that we could end up */ |
| 136 /* sending data to an imposter. However, the data will be encrypted and */ | 136 /* sending data to an imposter. However, the data will be encrypted and */ |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 200 | 200 |
| 201 /* Values for "on" with SSL_ENABLE_RENEGOTIATION */ | 201 /* Values for "on" with SSL_ENABLE_RENEGOTIATION */ |
| 202 /* Never renegotiate at all. */ | 202 /* Never renegotiate at all. */ |
| 203 #define SSL_RENEGOTIATE_NEVER ((PRBool)0) | 203 #define SSL_RENEGOTIATE_NEVER ((PRBool)0) |
| 204 /* Renegotiate without restriction, whether or not the peer's client hello */ | 204 /* Renegotiate without restriction, whether or not the peer's client hello */ |
| 205 /* bears the renegotiation info extension. Vulnerable, as in the past. */ | 205 /* bears the renegotiation info extension. Vulnerable, as in the past. */ |
| 206 #define SSL_RENEGOTIATE_UNRESTRICTED ((PRBool)1) | 206 #define SSL_RENEGOTIATE_UNRESTRICTED ((PRBool)1) |
| 207 /* Only renegotiate if the peer's hello bears the TLS renegotiation_info */ | 207 /* Only renegotiate if the peer's hello bears the TLS renegotiation_info */ |
| 208 /* extension. This is safe renegotiation. */ | 208 /* extension. This is safe renegotiation. */ |
| 209 #define SSL_RENEGOTIATE_REQUIRES_XTN ((PRBool)2) | 209 #define SSL_RENEGOTIATE_REQUIRES_XTN ((PRBool)2) |
| 210 /* Disallow all renegotiation in server sockets only, but allow clients */ | 210 /* Disallow unsafe renegotiation in server sockets only, but allow clients */ |
| 211 /* to continue to renegotiate with vulnerable servers. */ | 211 /* to continue to renegotiate with vulnerable servers. */ |
| 212 #define SSL_RENEGOTIATE_CLIENT_ONLY ((PRBool)3) | 212 /* This value should only be used during the transition period when few */ |
| 213 /* servers have been upgraded. */ |
| 214 #define SSL_RENEGOTIATE_TRANSITIONAL ((PRBool)3) |
| 213 | 215 |
| 214 /* | 216 /* |
| 215 ** Reset the handshake state for fd. This will make the complete SSL | 217 ** Reset the handshake state for fd. This will make the complete SSL |
| 216 ** handshake protocol execute from the ground up on the next i/o | 218 ** handshake protocol execute from the ground up on the next i/o |
| 217 ** operation. | 219 ** operation. |
| 218 */ | 220 */ |
| 219 SSL_IMPORT SECStatus SSL_ResetHandshake(PRFileDesc *fd, PRBool asServer); | 221 SSL_IMPORT SECStatus SSL_ResetHandshake(PRFileDesc *fd, PRBool asServer); |
| 220 | 222 |
| 221 /* | 223 /* |
| 222 ** Force the handshake for fd to complete immediately. This blocks until | 224 ** Force the handshake for fd to complete immediately. This blocks until |
| (...skipping 413 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 636 ** Did the handshake with the peer negotiate the given extension? | 638 ** Did the handshake with the peer negotiate the given extension? |
| 637 ** Output parameter valid only if function returns SECSuccess | 639 ** Output parameter valid only if function returns SECSuccess |
| 638 */ | 640 */ |
| 639 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, | 641 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, |
| 640 SSLExtensionType extId, | 642 SSLExtensionType extId, |
| 641 PRBool *yes); | 643 PRBool *yes); |
| 642 | 644 |
| 643 SEC_END_PROTOS | 645 SEC_END_PROTOS |
| 644 | 646 |
| 645 #endif /* __ssl_h_ */ | 647 #endif /* __ssl_h_ */ |
| OLD | NEW |