Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(529)

Side by Side Diff: net/third_party/nss/ssl/ssl.h

Issue 7003069: Remove the TLS Snap Start code from NSS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/snapstart.c ('k') | net/third_party/nss/ssl/ssl.def » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * This file contains prototypes for the public SSL functions. 2 * This file contains prototypes for the public SSL functions.
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 /* default, applies only to */ 132 /* default, applies only to */
133 /* clients). False start is a */ 133 /* clients). False start is a */
134 /* mode where an SSL client will start sending application data before */ 134 /* mode where an SSL client will start sending application data before */
135 /* verifying the server's Finished message. This means that we could end up */ 135 /* verifying the server's Finished message. This means that we could end up */
136 /* sending data to an imposter. However, the data will be encrypted and */ 136 /* sending data to an imposter. However, the data will be encrypted and */
137 /* only the true server can derive the session key. Thus, so long as the */ 137 /* only the true server can derive the session key. Thus, so long as the */
138 /* cipher isn't broken this is safe. Because of this, False Start will only */ 138 /* cipher isn't broken this is safe. Because of this, False Start will only */
139 /* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ 139 /* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */
140 /* bits. The advantage of False Start is that it saves a round trip for */ 140 /* bits. The advantage of False Start is that it saves a round trip for */
141 /* client-speaks-first protocols when performing a full handshake. */ 141 /* client-speaks-first protocols when performing a full handshake. */
142 #define SSL_ENABLE_SNAP_START 23 /* Enable SSL snap start (off by */ 142 #define SSL_ENABLE_OCSP_STAPLING 23 /* Request OCSP stapling (client) */
143 /* default, applies only to */
144 /* clients). Snap start is a way */
145 /* of performing TLS handshakes with no round trips. The client's entire */
146 /* handshake is included in the first handshake message, along with */
147 /* optional application data. In order to do this, information from a */
148 /* previous connection to the same server is required. See */
149 /* SSL_GetPredictedServerHelloData, SSL_SetPredictedPeerCertificates and */
150 /* SSL_SetSnapStartApplicationData. */
151 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
152 143
153 #ifdef SSL_DEPRECATED_FUNCTION 144 #ifdef SSL_DEPRECATED_FUNCTION
154 /* Old deprecated function names */ 145 /* Old deprecated function names */
155 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); 146 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
156 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); 147 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
157 #endif 148 #endif
158 149
159 /* New function names */ 150 /* New function names */
160 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); 151 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
161 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); 152 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
(...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after
440 /* 431 /*
441 ** This is a callback for dealing with server certs that are not authenticated 432 ** This is a callback for dealing with server certs that are not authenticated
442 ** by the client. The client app can decide that it actually likes the 433 ** by the client. The client app can decide that it actually likes the
443 ** cert by some external means and restart the connection. 434 ** cert by some external means and restart the connection.
444 */ 435 */
445 typedef SECStatus (PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd); 436 typedef SECStatus (PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd);
446 SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, 437 SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
447 void *arg); 438 void *arg);
448 439
449 /* 440 /*
450 ** Set the predicted chain of certificates for the peer. This is used for the
451 ** TLS Snap Start extension. Note that the SSL_ENABLE_SNAP_START option must
452 ** be set for this to occur.
453 **
454 ** This function takes a reference to each of the given certificates.
455 */
456 SSL_IMPORT SECStatus SSL_SetPredictedPeerCertificates(
457 PRFileDesc *fd, CERTCertificate **certs,
458 unsigned int numCerts);
459
460 /*
461 ** Get the data needed to predict the server's hello message in the future. On
462 ** return, |*data| will either be NULL (in which case no data is available and
463 ** |*data_len| will be zero) or it will point to a buffer within the internal
464 ** data of |fd| and |*data_len| will contain the number of bytes available. If
465 ** non-NULL, |*data| will persist at least until the next handshake on |fd|.
466 */
467 SSL_IMPORT SECStatus SSL_GetPredictedServerHelloData(
468 PRFileDesc *fd, const unsigned char **data,
469 unsigned int *data_len);
470
471 /*
472 ** Set the predicted server hello data. This is used for the TLS Snap Start
473 ** extension. Note that the SSL_ENABLE_SNAP_START option must be set for this
474 ** to occur.
475 */
476 SSL_IMPORT SECStatus SSL_SetPredictedServerHelloData(
477 PRFileDesc *fd, const unsigned char *data, unsigned int data_len);
478
479 /* Set the application data which will be transmitted in a Snap Start
480 ** handshake. If the Snap Start handshake fails, this data will be
481 * retransmitted automatically. */
482 SSL_IMPORT SECStatus SSL_SetSnapStartApplicationData(
483 PRFileDesc *fd, const unsigned char *data, unsigned int data_len);
484
485 /* Get the result of a Snap Start handshake. It's valid to call then even if
486 ** SSL_ENABLE_SNAP_START hasn't been set, although the result will always be
487 ** SSL_SNAP_START_NONE.
488 */
489 SSL_IMPORT SECStatus SSL_GetSnapStartResult(PRFileDesc* socket,
490 SSLSnapStartResult* result);
491
492 /*
493 ** Configure SSL socket for running a secure server. Needs the 441 ** Configure SSL socket for running a secure server. Needs the
494 ** certificate for the server and the servers private key. The arguments 442 ** certificate for the server and the servers private key. The arguments
495 ** are copied. 443 ** are copied.
496 */ 444 */
497 SSL_IMPORT SECStatus SSL_ConfigSecureServer( 445 SSL_IMPORT SECStatus SSL_ConfigSecureServer(
498 PRFileDesc *fd, CERTCertificate *cert, 446 PRFileDesc *fd, CERTCertificate *cert,
499 SECKEYPrivateKey *key, SSLKEAType kea); 447 SECKEYPrivateKey *key, SSLKEAType kea);
500 448
501 /* 449 /*
502 ** Configure a secure server's session-id cache. Define the maximum number 450 ** Configure a secure server's session-id cache. Define the maximum number
(...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after
752 ** Did the handshake with the peer negotiate the given extension? 700 ** Did the handshake with the peer negotiate the given extension?
753 ** Output parameter valid only if function returns SECSuccess 701 ** Output parameter valid only if function returns SECSuccess
754 */ 702 */
755 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, 703 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
756 SSLExtensionType extId, 704 SSLExtensionType extId,
757 PRBool *yes); 705 PRBool *yes);
758 706
759 SEC_END_PROTOS 707 SEC_END_PROTOS
760 708
761 #endif /* __ssl_h_ */ 709 #endif /* __ssl_h_ */
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/snapstart.c ('k') | net/third_party/nss/ssl/ssl.def » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698