Linux: add next-protocol-negotiation to libssl.

net/third_party/nss/ssl/sslimpl.h

 /*
  * This file is PRIVATE to SSL and should be the first thing included by
  * any SSL implementation file.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
@@ skipping 299 matching lines @@
 #endif
 } ssl3CipherSuiteCfg;
 
 #ifdef NSS_ENABLE_ECC
 #define ssl_V3_SUITES_IMPLEMENTED 50
 #else
 #define ssl_V3_SUITES_IMPLEMENTED 30
 #endif /* NSS_ENABLE_ECC */
 
 typedef struct sslOptionsStr {
+    /* For clients, this is a validated list of protocols in preference order
+     * and wire format. For servers, this is the list of support protocols,
+     * also in wire format. */
+    SECItem      nextProtoNego;
+
     unsigned int useSecurity            : 1;  /*  1 */
     unsigned int useSocks               : 1;  /*  2 */
     unsigned int requestCertificate     : 1;  /*  3 */
     unsigned int requireCertificate     : 2;  /*  4-5 */
     unsigned int handshakeAsClient      : 1;  /*  6 */
     unsigned int handshakeAsServer      : 1;  /*  7 */
     unsigned int enableSSL2             : 1;  /*  8 */
     unsigned int enableSSL3             : 1;  /*  9 */
     unsigned int enableTLS              : 1;  /* 10 */
     unsigned int noCache                : 1;  /* 11 */
@@ skipping 433 matching lines @@
     PRBool                isResuming;  /* are we resuming a session */
     PRBool                rehandshake; /* immediately start another handshake 
                                         * when this one finishes */
     PRBool                usedStepDownKey;  /* we did a server key exchange. */
     sslBuffer             msgState;    /* current state for handshake messages*/
                                        /* protected by recvBufLock */
     sslBuffer             messages;    /* Accumulated handshake messages */
 #ifdef NSS_ENABLE_ECC
     PRUint32              negotiatedECCurves; /* bit mask */
 #endif /* NSS_ENABLE_ECC */
+    PRBool                nextProtoNego;/* Our peer has sent this extension */
 } SSL3HandshakeState;
 
 
 
 /*
 ** This is the "ssl3" struct, as in "ss->ssl3".
 ** note:
 ** usually,   crSpec == cwSpec and prSpec == pwSpec.  
 ** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
 ** But there are never more than 2 actual specs.  
@@ skipping 21 matching lines @@
                          */
     PRArenaPool *        peerCertArena;  
                             /* These are used to keep track of the peer CA */
     void *               peerCertChain;     
                             /* chain while we are trying to validate it.   */
     CERTDistNames *      ca_list; 
                             /* used by server.  trusted CAs for this socket. */
     PRBool               initialized;
     SSL3HandshakeState   hs;
     ssl3CipherSpec       specs[2];      /* one is current, one is pending. */
+
+    /* In a client: if the server supports Next Protocol Negotiation, then
+     * this is the protocol that was requested.
+     * In a server: this is the protocol that the client requested via Next
+     * Protocol Negotiation.
+     *
+     * In either case, if the data pointer is non-NULL, then it is malloced
+     * data.  */
+    SECItem             nextProto;
+    int                 nextProtoState; /* See SSL_NEXT_PROTO_* defines */
 };
 
 typedef struct {
     SSL3ContentType      type;
     SSL3ProtocolVersion  version;
     sslBuffer *          buf;
 } SSL3Ciphertext;
 
 struct ssl3KeyPairStr {
     SECKEYPrivateKey *    privKey;
@@ skipping 640 matching lines @@
 
 /* Functions that handle ClientHello and ServerHello extensions. */
 extern SECStatus ssl3_HandleServerNameXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_HandleSupportedCurvesXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
                         PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
+extern SECStatus ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss,
+                        PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
                         PRUint16 ex_type, SECItem *data);
+extern SECStatus ssl3_ServerHandleNextProtoNegoXtn(sslSocket *ss,
+                        PRUint16 ex_type, SECItem *data);
 
 /* ClientHello and ServerHello extension senders.
  * Note that not all extension senders are exposed here; only those that
  * that need exposure.
  */
 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
                         PRUint32 maxBytes);
 #ifdef NSS_ENABLE_ECC
 extern PRInt32 ssl3_SendSupportedCurvesXtn(sslSocket *ss,
                         PRBool append, PRUint32 maxBytes);
 extern PRInt32 ssl3_SendSupportedPointFormatsXtn(sslSocket *ss,
                         PRBool append, PRUint32 maxBytes);
 #endif
+extern PRInt32 ssl3_ClientSendNextProtoNegoXtn(sslSocket *ss, PRBool append,
+                                               PRUint32 maxBytes);
+extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
+                                            unsigned short length);
 
 /* call the registered extension handlers. */
 extern SECStatus ssl3_HandleHelloExtensions(sslSocket *ss, 
                         SSL3Opaque **b, PRUint32 *length);
 
 /* Hello Extension related routines. */
 extern PRBool ssl3_ExtensionNegotiated(sslSocket *ss, PRUint16 ex_type);
 extern SECStatus ssl3_SetSIDSessionTicket(sslSessionID *sid,
                         NewSessionTicket *session_ticket);
 extern SECStatus ssl3_SendNewSessionTicket(sslSocket *ss);
@@ skipping 85 matching lines @@
 #elif defined(_WIN32_WCE)
 #define SSL_GETPID GetCurrentProcessId
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */