| OLD | NEW |
| 1 /* | 1 /* |
| 2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 132 /* default, applies only to */ | 132 /* default, applies only to */ |
| 133 /* clients). False start is a */ | 133 /* clients). False start is a */ |
| 134 /* mode where an SSL client will start sending application data before */ | 134 /* mode where an SSL client will start sending application data before */ |
| 135 /* verifying the server's Finished message. This means that we could end up */ | 135 /* verifying the server's Finished message. This means that we could end up */ |
| 136 /* sending data to an imposter. However, the data will be encrypted and */ | 136 /* sending data to an imposter. However, the data will be encrypted and */ |
| 137 /* only the true server can derive the session key. Thus, so long as the */ | 137 /* only the true server can derive the session key. Thus, so long as the */ |
| 138 /* cipher isn't broken this is safe. Because of this, False Start will only */ | 138 /* cipher isn't broken this is safe. Because of this, False Start will only */ |
| 139 /* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ | 139 /* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ |
| 140 /* bits. The advantage of False Start is that it saves a round trip for */ | 140 /* bits. The advantage of False Start is that it saves a round trip for */ |
| 141 /* client-speaks-first protocols when performing a full handshake. */ | 141 /* client-speaks-first protocols when performing a full handshake. */ |
| 142 #define SSL_ENABLE_SNAP_START 23 /* Enable SSL snap start (off by */ | 142 #define SSL_ENABLE_OCSP_STAPLING 23 /* Request OCSP stapling (client) */ |
| 143 /* default, applies only to */ | |
| 144 /* clients). Snap start is a way */ | |
| 145 /* of performing TLS handshakes with no round trips. The client's entire */ | |
| 146 /* handshake is included in the first handshake message, along with */ | |
| 147 /* optional application data. In order to do this, information from a */ | |
| 148 /* previous connection to the same server is required. See */ | |
| 149 /* SSL_GetPredictedServerHelloData, SSL_SetPredictedPeerCertificates and */ | |
| 150 /* SSL_SetSnapStartApplicationData. */ | |
| 151 #define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */ | |
| 152 | 143 |
| 153 #ifdef SSL_DEPRECATED_FUNCTION | 144 #ifdef SSL_DEPRECATED_FUNCTION |
| 154 /* Old deprecated function names */ | 145 /* Old deprecated function names */ |
| 155 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); | 146 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); |
| 156 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); | 147 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); |
| 157 #endif | 148 #endif |
| 158 | 149 |
| 159 /* New function names */ | 150 /* New function names */ |
| 160 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); | 151 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); |
| 161 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); | 152 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); |
| (...skipping 278 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 440 /* | 431 /* |
| 441 ** This is a callback for dealing with server certs that are not authenticated | 432 ** This is a callback for dealing with server certs that are not authenticated |
| 442 ** by the client. The client app can decide that it actually likes the | 433 ** by the client. The client app can decide that it actually likes the |
| 443 ** cert by some external means and restart the connection. | 434 ** cert by some external means and restart the connection. |
| 444 */ | 435 */ |
| 445 typedef SECStatus (PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd); | 436 typedef SECStatus (PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd); |
| 446 SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, | 437 SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, |
| 447 void *arg); | 438 void *arg); |
| 448 | 439 |
| 449 /* | 440 /* |
| 450 ** Set the predicted chain of certificates for the peer. This is used for the | |
| 451 ** TLS Snap Start extension. Note that the SSL_ENABLE_SNAP_START option must | |
| 452 ** be set for this to occur. | |
| 453 ** | |
| 454 ** This function takes a reference to each of the given certificates. | |
| 455 */ | |
| 456 SSL_IMPORT SECStatus SSL_SetPredictedPeerCertificates( | |
| 457 PRFileDesc *fd, CERTCertificate **certs, | |
| 458 unsigned int numCerts); | |
| 459 | |
| 460 /* | |
| 461 ** Get the data needed to predict the server's hello message in the future. On | |
| 462 ** return, |*data| will either be NULL (in which case no data is available and | |
| 463 ** |*data_len| will be zero) or it will point to a buffer within the internal | |
| 464 ** data of |fd| and |*data_len| will contain the number of bytes available. If | |
| 465 ** non-NULL, |*data| will persist at least until the next handshake on |fd|. | |
| 466 */ | |
| 467 SSL_IMPORT SECStatus SSL_GetPredictedServerHelloData( | |
| 468 PRFileDesc *fd, const unsigned char **data, | |
| 469 unsigned int *data_len); | |
| 470 | |
| 471 /* | |
| 472 ** Set the predicted server hello data. This is used for the TLS Snap Start | |
| 473 ** extension. Note that the SSL_ENABLE_SNAP_START option must be set for this | |
| 474 ** to occur. | |
| 475 */ | |
| 476 SSL_IMPORT SECStatus SSL_SetPredictedServerHelloData( | |
| 477 PRFileDesc *fd, const unsigned char *data, unsigned int data_len); | |
| 478 | |
| 479 /* Set the application data which will be transmitted in a Snap Start | |
| 480 ** handshake. If the Snap Start handshake fails, this data will be | |
| 481 * retransmitted automatically. */ | |
| 482 SSL_IMPORT SECStatus SSL_SetSnapStartApplicationData( | |
| 483 PRFileDesc *fd, const unsigned char *data, unsigned int data_len); | |
| 484 | |
| 485 /* Get the result of a Snap Start handshake. It's valid to call then even if | |
| 486 ** SSL_ENABLE_SNAP_START hasn't been set, although the result will always be | |
| 487 ** SSL_SNAP_START_NONE. | |
| 488 */ | |
| 489 SSL_IMPORT SECStatus SSL_GetSnapStartResult(PRFileDesc* socket, | |
| 490 SSLSnapStartResult* result); | |
| 491 | |
| 492 /* | |
| 493 ** Configure SSL socket for running a secure server. Needs the | 441 ** Configure SSL socket for running a secure server. Needs the |
| 494 ** certificate for the server and the servers private key. The arguments | 442 ** certificate for the server and the servers private key. The arguments |
| 495 ** are copied. | 443 ** are copied. |
| 496 */ | 444 */ |
| 497 SSL_IMPORT SECStatus SSL_ConfigSecureServer( | 445 SSL_IMPORT SECStatus SSL_ConfigSecureServer( |
| 498 PRFileDesc *fd, CERTCertificate *cert, | 446 PRFileDesc *fd, CERTCertificate *cert, |
| 499 SECKEYPrivateKey *key, SSLKEAType kea); | 447 SECKEYPrivateKey *key, SSLKEAType kea); |
| 500 | 448 |
| 501 /* | 449 /* |
| 502 ** Configure a secure server's session-id cache. Define the maximum number | 450 ** Configure a secure server's session-id cache. Define the maximum number |
| (...skipping 249 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 752 ** Did the handshake with the peer negotiate the given extension? | 700 ** Did the handshake with the peer negotiate the given extension? |
| 753 ** Output parameter valid only if function returns SECSuccess | 701 ** Output parameter valid only if function returns SECSuccess |
| 754 */ | 702 */ |
| 755 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, | 703 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, |
| 756 SSLExtensionType extId, | 704 SSLExtensionType extId, |
| 757 PRBool *yes); | 705 PRBool *yes); |
| 758 | 706 |
| 759 SEC_END_PROTOS | 707 SEC_END_PROTOS |
| 760 | 708 |
| 761 #endif /* __ssl_h_ */ | 709 #endif /* __ssl_h_ */ |
| OLD | NEW |